« SMS Scam ( 4 ): The bad boys... Celcos? CPs? MCMC? | Main | General erection of the tycoon kind »

SMS Scam ( 5 ): The 'Copy & Paste' version of Maxis Preventive Gateway

READ THIS SERIES if you are a mobile user!

Teaser: 3xxxx short code and SMS scam
SMS Scam ( 1 ): Explain this, Maxis
SMS Scam ( 2 ): It's an organised white-collar crime
SMS Scam ( 3 ): Let the suffering fools speak
SMS Scam ( 4 ): The bad boys... Celcos? CPs? MCMC?
SMS Scam ( 5 ): The 'Copy & Paste' version of Maxis Preventive Gateway
SMS Scam ( 6 ): Transcript - Rosli Shukor's parting shot at MPG on May 14
SMS Scam ( 7 ): MPG API - Now you see (May 15), now you don't (May 16)!
SMS Scam ( 8 ): How big is the gravy train for multi-passengers?
SMS Scam ( 9 ): Industry Survey: Majority wants 'Cowboy CPs' removed
SMS Scam ( 10 ): What's up, Doc?
SMS Scam ( 11 ): Civil Action: Report to Commercial Crime Division?

In SMS Scam ( 4 ), we paraded the 15 CPs who were involved in 22 cases of frauds and SMS scam that took place between June 2006 and April, 2007. The core victims of the SMS scam are the prepaid mobile users, who are not provided with itemised billing to cross-check their prepaid credit.

Interestingly, several strategic manoeuvres by the Celcos and their external CPs were detected when MCMC took action, Screenshots was told. They strategy was to protect their respective income streams, especially CPs who are among the Top 5 SMS Revenue Generators for the Celcos.

Currently, the Celcos and the CPs split their revenue on a rough 50:50 ration for each Premium SMS that may range from RM0.30 to RM5.00.

One of such manoeuvres was to derail MCMC's instruction to the Celcos, and by extension their external CPs, to ( 1 ) implement itemised billing for prepaid customers by March 31, 2007; ( 2 ) implement a Preventive System to stop fraudulent practices, failing which, the Premium SMS Subscription Service shall stop with effect from April 1, 2007 until the issue is resolved.

However, all Celcos, except DiGi, has managed to derail the timeline for the implementation of itemised billing for prepaid users.

Apparently, the CPs were caught in a bind as laggards among the Celcos were not up to speed in passing on the MCMC imperative down the value chain.

For the record, MCMC informed Celco's, as early as in January 2007, to implement an automated Preventive System, failing which all Subscription Services will be suspended till the system is in place or by April 1, whichever comes first.

Content Providers Screenshots talked to confirmed that the Celco's did not inform the CPs of this instruction until March 14.

Subsequently, the CPs got together to appeal their predicament and managed to get MCMC to postpone the suspension of Subscription Services based on the following:

  1. The CPs were in the dark on the merits/mechanics of such a Preventive System while were told that they have to pay for its installation, operation and maintenance costs;

  2. That the suspension of Subscription Service will impact all forms of services -- including but not limited to financial alerts, news alerts -- which cannot function unless they are on the Subscription model.

    This will throw 95% of the CPs' business models down the drain.

  3. With just 2 weeks notice given by the Celcos, the impact will have the CPs penalised primarily for the lack of implementation lead time for the Preventive System, which was essentially planned without their involvement right from the start;

The long and short of it, the targetted timeline for the implementation of the Preventive System by March 31 was overshot, triggering the targetted date to stop all Subscription Service from April 1 to be abandoned, purportedly with the consent of the current chairman, Dr Halim Shafie.

The CP fraternity called that Halim's April Fool joke.

At about the same time, rumours floated around the industry that Maxis was putting together a proposed Preventive System, which became the Maxis Preventive Gateway (MPG) on May 14.

MPG_TIS_385v.jpg MPG_Svc-Subs-Detail_385v.jpg
SOURCES: Maxis online portal

However, what shook the CP industry, and the Ministry of Energy, Water and Communications (KTAK), was that the MPG was likely to be outsourced to one of the CPs that MCMC has listed as repeatedly non-compliant. (Stay tune for Screenshots exclusive on this, with traces of Copy-and-Paste, soon.)

Besides, CPs who are largely law-abiding service providers have cried foul that the cost of running the Preventive System was to be borne by them, if the Celcos got their way and made it an outsource, profit-making operation.

'April Fool' joke: No consumer protection

One of the senior deputy secretary-generals at KTAK had described the outsource plan as "allowing the thief to man the guardhouse". (Stay tuned for another Screenshots exclusive on this, tomorrow.)

Meanwhile, the question of consumer protection remained unresolved.

Has the publication of the list of non-compliant CPs and temporary suspension of 3xxxx short codes deterred fraud? No. There are still repeat violations as at May 2007.

Have the Celcos and their CPs cleaned up the mobile user database that has been scammed? No. There are still repeat violations up to now.

Have the Celcos refunded to their mobile users who have been scammed between June 2006 and April, 2007, and earlier? No. Even MCMC don't have such a record for such refund.

Can the Celco look back into their billing system to make such refund. Yes, industry experts told Screenshots.

Guideline: Sub-sections 9.1 & 9.3 vs Sub-section 9.5

Now, let's get back to the disciplinary action that MCMC has taken against the non-compliant CPs, and the repeat violators.

For the record, MCMC had permanently listed these companies as being non-compliant to the to the Guideline on the Provision of Mobile Content and Services, a Celco/Operator nominated Do's and Dont's that was implemented with the sanction of MCMC since July 1, 2006.

Among the 15 non-compliant CPs are ten companies which had been faulted for one incident of non-compliance each. Whereas, there are five CPs which have been punished for repeatedly violating the provisions of the Guideline.

The CPs cited by MCMC for repeated violations are: T-Force Technology Sdn Bhd and Mobile 365 Sdn Bhd, which were both cited for two cases of non-compliance each; and Macro Kiosk Berhad owned by Goldis of Tan & Tan fame, which was cited for 3 cases of non-compliance.

On the other hand, two companies owned by the listed Nextnation Communication Bhd;, namely Nextnation Network Sdn Bhd and Dubaitech Marketing Sdn Bhd, were cited for three and two cases of non-compliance, respectively.

Significantly, all the rogue CPs cited by MCMC got away easily without a monetary fine. The only exception was Radius Ed Sdn Bhd, which was slapped with a compound of unknown amount.

That is largely due to the benign nature of the Guideline. It was drawn up by the Celcos, agreed among the brotherhood of Celcos, and implemented jointly by the brotherhood of Celcos. Consumer protection are set aside, and MCMC agreed to it.

If you take a look at the way the 'punishment' was meted out to the non-compliant CPs, only Section 9.1 was invoked.

Verily, Section 9 of the Guideline deals with the Suspension and Re-Activation Process involving the non-compliant CPs. Sub-section 9.1 states that:

Subject to sub-section 9.3 below, when a Content Provider is found to have breached a provision of the Guideline, the Content Provider shall be informed of the breach(es) and shall be given a twenty-four (24) hour period or if the end of the twenty-four (24) period fall son a non-working day, then the matter shall be dealt with the next working day. All processes following this notice of breach is provided in the flowchart in Appendix 1.

Whereas, Sub-section 9.3 states that:

Not withstanding sub-section 9.1 above, upon investigation, where a Content Provider has:
a ) breach the provision of the Guideline or renewal of Time-Based Subscription or Termination of Subscription Service, then the mobile network operators shall suspend that particular short code assigned to the Content Provider until advised otherwise by the Malaysian Communications and Multimedia Commission (the "MCMC"); or

b ) illegally sent out charged message(s), then the mobile operators shall suspend ALL the short codes assigned to the Content Provider until advised otherwise by the MCMC.

Evidently, from the list of repeat non-compliant cases involving the same CPs, the Celcos and MCMC have meted out the full dose of punitive action without a monetary fine as, by default or by inadvertent fluke, no provision was made in the Guideline.

On the other hand, sources in the CP industry Screenshots spoke to indicated that MCMC should have engaged the wisdom provided for in Sub-section 9.5 if non-compliance is repeatedly repeated. The Guideline' sub-section 9.5 says:

Information pertaining to a breach of the Guideline shall also be made available to the MCMC. The MCMC shall review and evaluate the information provided to it by the telcos to determine whether or not further action(s) need to be taken against a non-compliant Content Provider.

Mark the key words: Further action(s).

You may ask why MCMC did not take 'further action(s) against known CPs cited for triple non-compliance, namely Macro Kiosk Berhad and Nextnation Network Sdn Bhd?

What 'Further Action'?

Here comes the next question: What is/are 'further action(s)?

Screenshots was told that before previous MCMC chairman V. Danabalan retired in mid 2006, MCMC had consented that the punishable offence, or Main Offence, that could be meted out to a non-compliant CP shall include:

a ) Messages that are spam charges, directly
b ) Messages that do not process STOP or Termination not Processed
c ) Reminder NOT sent

MCMC during the Danabalan era also formalised the following actions shall be taken against the non-compliant CPs::
- 1st Offence: Suspend the offending Short Code
- 2nd Offence: Suspend all Short Codes
- 3rd Offence: Revoke the CP's ASP Licence

On hindsight, should the previous benchmark be adhered to without bureaucratic glitches at MCMC, both Nextnation and Macro Kiosk -- the national Top 2 Premium SMS Revenue Generators for the Celcos -- would have had their ASP License revoked.

However, specific description for penalty against the third repeat offence -- revocation of the ASP License -- was somehow not included in the Guideline. It was replaced with a vague sub-section 9.5 that prescribed for "Further Action(s).

This appeared to have been the significant flaw of the Guide that Mr MCMC, Dr Halim Shafie, has thoroughly exploited to keep the rogue CPs in safe haven. Screenshots shall discuss the international and regional benchmarks employed in the First World nations and neighbouring countries in dealing with rogue CPs, in series #9.

As it is, under Halim's leadership, MCMC did not even suspend ALL short codes for the second-time offenders as provided for in the Guideline.

Suffice to say that, however, the Danabalan 'doctrine' was brought up again recently when the case of non-compliant CPs subsequent to the list of 22 non-compliant cases made known publicly.Ironically, this took place in the midst of industry rumours that speculate the Celcos may outsource their Preventive System to a CP that has been found for triple non-compliance.

Screenshots was told that KTAK has stepped in in response to overwhelming complaints by the pubic and the CP fraternity against the fradulent SMS scam.

Recommendation: Revoke the ASP License

Subsequent to several joint meeting involving the stakeholders -- mobile customers and CPs who plead to advocate fairplay, a pro-tem committee that represent CPs who generate some 60% of the industry revenue -- a paper was prepared, with strong ministry-level endorsement, for the MCMC chairman to dispense with a conclusive action.

The paper recommends that for the third incident of non-compliance, the Celco, or the ASP overriding the content service, will have to terminate the Subscription Service agreement with the non-compliant CPs.

Besides, any CPs who have had their short code/s suspended for 3 month must get all users to re-register before they are allowed to do billing on the Subscription Service.

KTAK gave its endorsement to the 'further action' and dispensed that MCMC shoud be the party to mete out the action. The ministry had concluded that non-compliance was a Guideline issue, and it did not involved deliberation on Policy matters.

However, it was learnt that Halim, who insisted he is not beholden to decisions made by his predecessor, has refused to sign the paper which has been submitted for his action since April.

He demanded a Minister's note before he ever does it. Hence mobile users continue to get scammed till this day.

How will the MPG be implemented? Is Halim himself the Preventive Gateway? Will "the thief be put to man the guard house"? Is there a cheaper, faster and more effective way to deter and prevent SMS scam? Stay tuned, Mr MCMC!

Posted by Jeff Ooi on May 19, 2007 03:26 AM |

TrackBack

TrackBack URL for this entry:
http://www.jeffooi.com/mt32/mt-tb.cgi/1616

Comments

singapore happening:

http://tinyurl.com/2xw9a7

and sg gov provision:

2.11.1 A premium rate service provider shall not charge any person for any service that he did not specifically take action to purchase or subscribe for. In particular, no premium rate service provider shall engage in any practice or scheme that is objectively likely to increase the likelihood of consumers inadvertently or unknowingly purchasing or subscribing for a service which they did not intend to purchase or subscribe for.

from:

http://tinyurl.com/2z78fa

Posted by: Neil [TypeKey Profile Page] | May 19, 2007 08:36 AM

Thanks a lot, Jeff. You are exposing a very serious scam running into millions and maybe even billions by the time the problem is fixed. I have on several occasions reported this problem of billing discrepancies to DIGI and TM and have been told by the customer service clerks as biiling for earlier calls and sms's. A convenient explanation. I knew it was much more than that. Now that you have reported it, it is serious enough and warrants ACTION by all parties - the telcos and mcmc. I consider this a serious violation of basic human rights and a scandalous swindle of extreme magnitudes if allowed to flourish. I am now daily keeping a record on my DIGI bills, but there is no way to do so for TM customers.

Posted by: Rajahram [TypeKey Profile Page] | May 19, 2007 09:26 AM

I am glad to see this SMS scam finally got the public's attention.

I was a victim few years back, wrote a furious complaint, and my friend help forwards it to MCMC, screenshot, theStar and etc. Althought didn't managed to get any public attention but MCMC did their job following up on the matter, CC-ing me the correspondances between Celcom and MCMC... got the few ringgit charged credit back...

End up receiving a box of lousy chocolate from celcom...

I was not happy still, coz i knew they have been, or will continue to scam.

Posted by: Warren [TypeKey Profile Page] | May 19, 2007 12:01 PM

It happen in Singapore too and the authority and law makers are addressing these SMS scam issue by proposing higher fines.

http://www.todayonline.com/articles/171699print.asp

This story was printed from TODAYonline

Law joins anti-spam battle

Proposed Bill could impose liability to the tune of $1 million

Tuesday • February 13, 2007


Hakikat Rai
hakikat@mediacorp.com.sg

Senders of junk email and SMS messages beware. You could end up paying up to a $1 million or more in damages if found guilty under a proposed law.

With cyber security being a major concern, the Government is moving to control the sending of unsolicited electronic bulk mail, for so long the bane of Singapore's mobile phone owners and Internet subscribers.

An unsolicited electronic message is one that the receiver neither asked for nor agreed to receive.

Anyone who uses an "address harvesting software" to search the Internet for electronic addresses and collects, compiles or captures such addresses to send or authorises the sending of an electronic message, will fall afoul of the proposed Spam Control Act, 2007, which had its first reading in Parliament yesterday.

The Bill lays down the ground rules for individuals, businesses, Internet service providers and telecommunication companies. It requires telcos and Internet service providers to issue a code of practice, in consultation with the Infocomm Development Authority of Singapore (IDA).

Commercial electronic messages that, for example, advertise and offer to supply goods or services, provide investment opportunities or are aimed at dishonestly obtaining property or financial advantage, also come under the Act's purview.

Bulk mail, in the Bill, is defined as more than 100, 1,000 or 10,000 electronic messages containing the same or similar subject matter sent out during a 24-hour, 30-day or a one-year period, respectively, through a Singapore link — that is, if it originates here, or is received by someone here.

Experts say that the number of such mail sent out is likely to double in the years ahead as more people start using mobile phones and computers.

The Republic's mobile penetration rate hit 100.8 per cent, crossing 100 per cent for the first time early last year. IDA statistics indicated that there were 4.38 million mobile phone subscriptions.

The acceptance of broadband is likely to reach 80 per cent this year.

The proposed law could clamp down on cases such as last year's public uproar over mTouche. Following numerous complaints that surfaced in this paper, the IDA investigated and fined mobile content provider mTouche $150,000 for sending unsolicited SMSes to more than 300,000 mobile-phone users and charging $1 for each SMS sent. In addition, mTouche's licence was suspended for six months.

mTouche had revealed contact details of its customer database to its corporate client MyGlobal Fun, and allowed its client to send chargeable SMSes when it was licensed only to allow its clients to send free ones — all without obtaining consent.

The authority also issued a stern warning to the three mobile operators — SingTel, StarHub and M1 — to resolve billing disputes relating to third-party mobile-content providers or it "will not hesitate to impose further regulatory measures".

The most common type of spam worldwide today is medical-related information. The second is pornographic materials, followed by "pump and dump" messages that affect stock and share prices.

Asia is the world's most prolific spam-producing region, according to Britain-based anti-virus and anti-spam specialist Sophos. Some 43 per cent of the spam it detected from January to March last year originated from the continent.


Posted by: ktak [TypeKey Profile Page] | May 19, 2007 12:31 PM

I have something to share. I had a casual chat with a person who is working with a telco company. I was complaining that how can telco charge me money if I ended a call that is less than 5 seconds long. I mean when I call someone and I get into a voice mail, a service that I do not wish to use.

The answer I got was the telco was planning to give us some free buffer at one time but the government doesn't allow it. Who is the government trying to protect now? Public or super rich corporates?

I am not sure which ministry was this. Anyone who has proof or inside knowledge on this issue please confirm it.

Posted by: amalaysian [TypeKey Profile Page] | May 19, 2007 09:09 PM

INTERNET does not operate in a legal vacuum.
Read this before you post a comment in this blog!

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)