Unintended consequences

Unintended consequences

by Mark Yelland

Apple repays parents $32.5 million in in-app purchases

At first glance, there seems to be nothing untoward about the settlement, and many are likely to see it as a reasonable decision – although it did not go to court and so no legal precedent has been set.

For telecoms fraud professionals, the statement from the FTC Chairperson poses some awkward questions.

“This settlement is a victory for consumers harmed by Apple’s unfair billing, and a signal to the business community: whether you’re doing business in the mobile arena or the mall down the street, fundamental consumer protections apply,” said FTC Chairwoman Edith Ramirez in a statement.

“You cannot charge consumers for purchases they did not authorize.”

This might seem all fair and reasonable, but here is the rub, how do Operators now stand when a customer’s PABX is hacked?

There is a long standing assumption inside the telecoms businesses which say customers are responsible for all usage associated with their device, whether it is a PABX, phone or tablet, unless reported stolen.  This is usually written into the contract somewhere, but in the Apple situation, it also appears to have been covered by the contract that parents signed up to when the app was bought.

So the logical extension of this would seem to be that there is no incentive for the PABX owner to protect his system, change the password from default, and take other steps to prevent fraudulent use.  He can quote the FTC that he cannot be billed on the grounds that he did not authorise those calls.

And that would be quite a game changer, the PABX owners have potentially moved from being potential allies in preventing crime because they had a vested interest, now can become safely indifferent to the problem.

Leaky PABXs are the source of many an international bypass: no wonder fraud losses are going through the roof.