FTC: Mobile carriers should take steps to fight bill cramming

Carriers should prominently display third-party charges on mobile bills, the agency says

Mobile carriers should deploy a number of safeguards to protect their customers against a growing problem of unauthorized billing through mobile payments, the U.S. Federal Trade Commission said in a report released Friday.

The FTC report called on mobile carriers to provide "basic protections" for consumers against fraudulent billing, or cramming, through mobile payment systems. The mobile billing industry has a "unique challenge" in dealing with bill cramming, FTC staff wrote in the report. Some third-party billers place small monthly charges on mobile bills in an effort to hide the charges from customers.

"To combat cramming effectively, it is not sufficient to rely on consumers to identify unauthorized charges, particularly since many consumers do not know that third parties can place charges on their mobile bills, and that third parties can do so even if the consumer provides no credit card or other payment information," the report said. "Rather, an effective strategy requires participation by all entities involved in third-party bills -- including mobile carriers, billing aggregators, and payment processors."

Carriers should allow customers to block all third-party charges on their mobile bills, including blocking children from buying products through mobile accounts, the FTC recommended. Carriers should also "clearly and prominently" inform customers about third-party charges and explain how to block them, the report said.

Finally, carriers should establish a "clear and consistent" process allowing customers to dispute suspicious charges on their mobile bills, the FTC said.

The FTC report also suggested other possible steps mobile carriers could take. Mobile carriers could consider notifying customers about recurring charges on their mobile bills, and they could require third parties to maintain records of customers' authorizations for the charges, the FTC said.

"While improved disclosure may not be sufficient alone to fully address mobile cramming, mobile carriers could standardize and prominently highlight billing descriptions of third-party charges, in a format that makes clear why the consumer is being billed," the report said.

Representatives of Verizon Wireless and AT&T, the two largest mobile carriers in the U.S., didn't immediately respond to requests for comments on the FTC report.

While the FTC is increasingly focused on mobile privacy, the report comes up short, said Jeffrey Chester, a privacy advocate and executive director of the Center for Digital Democracy.

"The commission's new report only deserves a grade of incomplete," he said by email. "Business models that have developed for mobile payments already raise troubling issues for consumers -- from privacy to unfair practices. The commission is still not willing to examine critically the mobile payment business practices that require regulatory safeguards."

In addition to the recommendations for carriers, the report called on mobile payment processors to increase security measures to protect sensitive personal data. Companies in the mobile payment industry should also develop new ways to provide transparency about their data practices, the report said.

The U.S. Federal Communications Commission has also focused on telephone bill cramming in recent months. Last April, the FCC voted to require telephone carriers to provide their customers more billing information in an effort to crack down on mystery charges on phone bills.

The FTC's report is based on a workshop on mobile payment concerns the agency hosted last April. The FTC is planning another workshop on mobile bill cramming in May.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Trade Commissione-commerceregulationCenter for Digital DemocracymobilegovernmentinternetprivacyVerizon Wirelessmobile applicationsJeffrey Chesterat&tsecurityU.S. Federal Communications Commission

More about FCCFederal Communications CommissionFederal Trade CommissionFTCIDGVerizonVerizonVerizon Wireless

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts