SMS Scam ( 17 ): The Nikolai Dobberstein Files:
Truth, the whole truth and nothing but the truth?
Click here for complete archives of SMS Scam
The Nikolai Dobberstein Files... Part 3
UPDATED VERSION. Industry insiders told Screenshots that regulator MCMC has compiled an updated list of repeat offenders in the SMS Scam in addition to the one published in April/May 2007.
The sources, the Little Birds, also confirmed that the names of SMS Content Providers which flouted triple offences as per the MCMC Guideline, an offence which put the operators' ASP Class Licenses in jeopardy but final penalty is still pending on Mr MCMC's desk, continue to appear in new incidents of non-compliance.
Screenshots was made to understand that MCMC had gathered substantial fresh complaints from post-paid mobile users who found their April and May itemised bills laden with charges for unsolicited SMS content.
However, it is not known whether MCMC, which claimed to advocate openness and transparency besides committing to consumer protection, would release the updated rogue list anytime soon. Industry lobby to delay it is intense, Screenshots was told.
Screenshots was informed that a national consumer protection group will launch an extensive evidence-gathering campaign to prove to MCMC that the SMS Scam has been rampant since mid last year and to date.
Meanwhile, Screenshots had received feedback from the mobile content providers and network operators that information given to the Press by Maxis was indefensible.
June 5, when Maxis announced its Elite Content Providers Programme to the Press, questions were thrown as to why three know repeat offenders were listed among the 18 SMS content providers name. The issue was raised by The Star (June 7) and several Chinese newspapers, but it has yet to be answered to date.
According to a transcript of a tape recording of the press conference, Head of product and new business Dr Nikolai Dobberstein had mentioned several imperatives, in bold, in contrast to general feedback from the industry gathered by Screenshots, as follows
1 ) Maxis was still evaluating the (SMS spam) preventive gateway, and the vendor has not been determined.To date, based on feedback given by content providers who attended two sessions of technical briefing pertaining to the preventive gateway, the impression has been that the API is not fundamentally dissimilar to the one that MacroKiosk proposed, which was exposed in Screenshots on May 19 and May 22.
While the external content providers are awaiting earnestly for Maxis to announce its outsourced vendors, some have questioned the validity of the preventive system which was designed to resolve scandals inflicted by SMS spamming, and NOT SMS Spoofing via international roaming gateways.
There were CPs who told Screenshots the preventive gateway will become irrelevant, and warranting another one, when the Portability of Mobile Numbers (PMN) kicks in by end 2007 as announced by MCMC.
Under the PMN regime, to a cerrtain extent, a mobile prefix like 012 or 017 will not 100% mean it belongs to Maxis. As such, an MO coming from a 012 number does not go through the Maxis Preventive Gateway.
Fundamentally, the issue of SMS Spoofing via fake MO does not get resolved.
These are the technical issues that MCMC officials are said to be incompetent at. Many are doubtful if they saw the fundamental and operational differemce between SMS Spamming and SMS Spoofing.
2 ) Shortcodes assigned to content providers were suspended because they made technical glitches, and NOT deliberately out to cheat the mobile users.
Interestingly, the Maxis Mantra of "technical glitches" has been conspicuously used by MacroKisok, one of the triple repeat offenders identified by MCMC and reportedly the No. 2 Top Revenue Generator among the Maxis ECPs. The Star (June 12) has a story on this. Click here for a summary of MacroKiosk's argument presented at the press conference at PJ Hilton yesterday.
MacroKiosk said the suspensions of three of its short codes -- 33380, 36116 and 36226 -- had already been lifted by MCMC while the fourth, 32400, would be lifted soon.
Significantly, MacroKiosk had contradicted itself by ( 1 ) blaming the SMS Scam on "technical glitches" on one hand and ( 2 ) on the other, by blaming CPs who used its SMS gateway services for gross abuse and non-processing of customers' service termination requests. (Read Oriental Daily News (Page A6) and theSun (Page 4) of June 12 on these contradictory arguments.)
Make up you mind, MacroKiosk. "Technical glitches"? Abuse by your CPs? Or both? All three scenarios carry different implications to the consumers and to the industry.
SOURCE: theSun, June 12, 2007 (Page 4)Answer this, MacroKiosk! What sort of SMS infrastructure are you running that with just 448 incidents of "Termination command not processed" by your CPs -- the way you told the consumer public -- were enough to cause three times of "technical glitches" that shamed the Celcos and MCMC?
SOURCE: The Star, June 12, 2007It is imperative to put on record that, by mentioning the suspended shortcodes, MacroKiosk was effectively referring to cases on non-compliance that occurred in 2006 and the offenders' names that were published by MCMC in April/May 2007.
Are we to believe that, if at all, there wasn't a recurrence of non-compliance after October/November 2006?
Read what MacroKiosk tried to imply, as reported in the mainstream media:
SOURCE: theSun, June 12, 2007 (Page 4)Very significantly, MacroKiosk did not elaborate on the case of one Screenshots reader who was scammed a total of 210 spams, spanning 17 days from 18:17:58 hr April 24 through 17:55:19hr May 13, 2007 -- incurring RM275.00 of unsolicited content delivery -- via the faulted short code 32355.
Will this appear in MCMC's updated list of new frauds?
June 7, Screenshots had questioned on the consistency of law enforcement on the part of MCMC. Is the CPs are faulted for repeat "technical glitches", does it mean that the Celcos' network security is susceptible and vulnerable to frauds, which is in breach of their licensing conditions under CMA1998? Will the MCMC publish a record of such technical glitches, nothing short of commissioned, independent technical auditors of world repute, any time soon?Without such benchmarking, a service provider's claiming of innocence due to "technical glitches" is not scientifically and morally acceptable. Incompetent CPs who perpetrated repeat "technical glitches" should be chased out of the race as their victimes are ultimately the consumers. The Celcos must not be derelict in its duty of care towards their customers, especially prepaid users who are not given itemised billings for cross-checking for data download.
On the other hand, isn't the indefinite suspension of MacroKiosk's 32400 shortcode since October 2006 an overkill for mere "technical glitches... not out to cheat"?
3 ) Maxis admitted the existence of black sheep in the industry and all telcos will weed them out from the industry.
This hangs in the balance. The industry black sheep -- especially those who flouted more than the maximum tolerance for triple offences evidenced in the case of MacroKiosk and Nextnation -- can only surface after MCMC published the updated non-compliance in addition to the one published in April/May for offences investigated up to November 2006.
4 ) Maxis could not implement itemised billings for prepaid users -- the major bulk of victims under the SMS Scam as they have no means to cross-check the charges for their data usage -- as it was "definitely not as straight forward as doing it tomorrow". Maxis head of content development, T. Kugan, interjected by giving a vague timeline: "By Q4, 2007".
This is akin to the act of a snake oil peddler.
June 7, Screenshots pointed out to me that DiGi had started offering itemised billing for its prepaid customers since three years ago, in April 2004. [ Read the DiGi Press Release dated April 27, 2004. ]
According to an industry insider familiar with the implementation of itemised billings for postpaid users, what DiGi implemented was not rocket science and its has been the de facto practice in many countries to make itemised billing of prepaid users mandatory.
The architecture is relatively straight forward. General, one needs to allow the CORBA API on IN, or the SOAP API on UMB (Starcode function) in order to pull and display transaction records. DiGi's itemised billings for prepaid users roughly work on these logics.
The fact that DiGi is three years way ahead and Maxis intended to delay it till Q42007, it indicates that the delay was deliberate rather than complication due to technical viability.
It is to be noted that the DiGi model also enables backtracking transaction history that goes back to seven (7) years! of archive for system house-cleaning.
To date, my claims that Maxis and Celcom have yet to provide itemised billing for their prepaid subscribers shall remain UNCHALLENGED and UNCHANGED -- three solid years after DiGi has 'been there, done that'.
Maxis is right that "it's not as simple as doing it tomorrow". But what's stopping them from doing it by next month-end three months after DiGi in 2004?
Does Maxis have anything to hide?
5 ) Maxis will stand by the Content Providers it listed under the Elite Content Providers Programme, and if they continue to be in violation by doing it deliberately, Maxis will distance itself from them.
Without firm and consistent action from MCMC, this can't help the rogues from getting close to Maxis, by hook or by crook.
The MacroKiosk argument
At the press conference held at PJ Hilton yesterday, Macrokiosk Bhd COO Henry Goh told the media that in all three instances of non-compliance involving his ciompany, SMS content continued to be sent to mobile users who had asked it to stop. He blamed it on "technical glitches".
Goh admitted to the fact that three of their shortcodes were suspended, namely 33380, 36116 and 36226, and they had already been lifted by MCMC. He was very confident, even prior to any invitation from MCMC, that the fourth shortcode, 32400, would also be lifted soon.
On the issue of why the company had refunded the customers -- prepaid or postpaid -- were refunded after the short codes were suspended, he explained:
1 ) For short code 33380, the STOP order sent by customers was not processed because of huge volumes of SMSes being received at the same time.
2 ) For short codes 36116 and 36226, the STOP order was not processed due to an internet connection problem with the content provider, who was not identified.
3 ) For short code 32400, it was due to Digi customers sending the STOP order in Chinese format - which could not be processed by the system then, but has now been rectified.
Significantly, Goh did not elaborate on the case of one Screenshots reader who was scammed a total of 210 spams, spanning 17 days from 18:17:58 hr April 24 through 17:55:19hr May 13, 2007 -- incurring RM275.00 of unsolicited content delivery -- via the faulted short code 32355.
Will this appear in MCMC's updated list of new frauds?
Refund. What refund?
Meanwhile, we are still asking the question on the the Celcos keep their revenue halal in an Islam Hadhari country.
How much has Maxis refunded to their mobile users spammed and scammed -- postpaid and prepaid?
We need to know if all the Celcos analyse the traffic and find out how much has been scammed, and charged, by the repeat offenders. We need to know, empirically, how much of data traffic coming from fake MO and SMS Spoofing from overseas SMS roaming gateways via SS7 connections.
We know for a fact, that, whenever there is a complaint from user claiming that they had never subscribed or requested for a premium SMS, often times that user gets his/her refund -- provided if he/she complains. The Celcos will tell the user that he/she did sent the MO, but the company is making refunds out of good faith.
The real thing is, the Celcos did this prevent user complaint to end up on MC However, this does not cleanse the industry that SMS Spoofing and Big-Time Scam has abated. Screenshots was told that some CPs make the refund (for allegedly charging for unsolicited content) through the Celcos. Did the Celcos ultimately refund the ill-gotten to the victimsed users? Think Hadhari, my friend.
MORE!
Comments
Hi Jeff!
Been meaning to ask this for some time but forgot. Your posting this morning reminded me: Is this guy who got hit 210 times in 17 days a prepaid customer?
JEFF OOI says: He is a postpaid user that's way he has itemised bills for cross-checking. Maxis currently doesn't provide itemised billing for prepaid user.
If not, did he call maxis or the CP to scream blue murder? I think something is not quite right here. If I were to get hit like that, I will not wait for a few months and then tell you. I will call you right away and ask you to come with me to Maxis... :)
JEFF OOI says: he is taking up with the higher authorities, MCMC and Comemrcial Crime Unit of PDRM. He is exercising his rights which is very commendable.
Posted by: Joe F![[TypeKey Profile Page]](http://www.jeffooi.my/nav-commenters.gif)
|
June 12, 2007 10:12 AM
Hi Jeff.. TheStar today mentioned that the Macrokiosk will be refunding to its clients which caught with the scam.. but unfortunately at RM1,103.20. Which i believe the amount should be more than this reportedly.. Some maxis customer caught a few of the unsolicited ECP but will not be refunded .. how unfair to consumers..
Posted by: kinthong![[TypeKey Profile Page]](http://www.jeffooi.my/nav-commenters.gif)
|
June 12, 2007 11:18 AM
IMHO, contra to opinion to say Portability of Mobile Numbers (PMN) will not work on Maxis preventive gateway.
Alas, if those 017,012 are route through DIGI, those crooks SMS will be trapped. In fact, DIGI can make report to MCMC should other telco failed.
To AVOID getting caught by DIGI preventive gateway, rogue operator (if they still in operation) must find a way to get "valid"(that not belongs to DIGI) mobile user list from "somewhere".
Posted by: moo_t![[TypeKey Profile Page]](http://www.jeffooi.my/nav-commenters.gif)
|
June 12, 2007 06:55 PM
@kinthong I believe those cases belong to the MO spoofing cases? I understand those cases might take a longer investigation period before refunds are made because there is a "request" (albeit spoofed) made by the mobile user.
As for the Jonathan Wong case, can't help but wonder why he can't bring it up the telco and CP first before heading to the bigger authorities? Shouldn't he give a fair chance for the telco and the CP to do their investigation?
Its like straight away suing a magazine for misleading readers if they published a wrong pricing or something.
I have followed this story of yours carefully as I have been hit as well by this spoof. Didnt' Maxis say they will implement both anti-scamming and anti-spoofing system? I remember reading that in the papers.
And I think people are confused by the three non-compliance cases vs the reason why Macro Kiosk shuts its gateway to CPs a while back. From what I can see, these 3 cases are technical glitches while other cases linked to them are abuse?
Posted by: nicklwc![[TypeKey Profile Page]](http://www.jeffooi.my/nav-commenters.gif)
|
June 12, 2007 11:46 PM
I dig the excuses and they're funny especially coming from operator and CP by claiming technical glitches and limitation as reasons for the abuse. Don't their tech guys read the API? I'm sure any operators worldwide are having similar vendors in their back-office equipments and network system and foremost their billing system. If this was 3-5 years ago all excuses are forgiven, but now? Come on... Blaming the customer for not reporting earlier? Who would face against Maxis or the CP with unknown name nor business address? My advice is stick with Pre-Paid like all Indonesian do, throw it in the bin if you're being spam, whack or abuse...
There are plenty of those cards in the garbages here, we may even be exporting them soon...
Posted by: gfunkerwin![[TypeKey Profile Page]](http://www.jeffooi.my/nav-commenters.gif)
|
June 13, 2007 02:19 AM
Todays star" But in a spoofing environment, fake "requests" from consumers are generated and sent over the Internet to an international SMS gateway before it is transferred to a local gateway and telco.
This request is then regarded as legitimate and consumers are charged without their knowledge. "
Surely this is not just a run of the mill disobedience! The SMS request was spoofed so the person(s0/companies who spoofs it surely has commited an illegal act that could be addressed by the civil courts much like a "419" type case. Should it not be considered a fraud? If so should not the culprits be taken to the civil courts?
Is cheating millions of innocent powerless layman of RM1 each a pardonable offence compared to robbing a bank of Rm50,000?
Surely these culprits can be traced via the payments. When the telco bills the victim, where does the money end up? Surely that the end point where the culprit is located?
If the scams a hiccups per Telcos response in the papers, then why can they not refund the SMS fee?
There is so lack of Corporate Social Responsibility in this country that shame the rest of us law abiding and loyal Malaysians.
Posted by: mickl![[TypeKey Profile Page]](http://www.jeffooi.my/nav-commenters.gif)
|
June 14, 2007 12:57 PM