Leave a legacy.

Require 2 factor authentication to sign up for payforit texts

By: andy69 | 12-08-2018 18:00

A lot of people are asking about being charged for payforit texts when they didn't subscribe to them in the first place. And how to stop further charges and get your money back. One way would be to require that the initial text is not charged for but is replaced with a text asking you to authorise the subscription. If you want to receive them, then you just follow the instructions in the text to authorise it. It could be follow a link or reply by text. After authorisation, you receive the original text and are charged. If you don't authorise it, you just ignore and no charges are applied.

-

Comments

by: cristo69
on: 28-12-2018 01:31

This HAS to be done, i wont be topping up again until it is

by: celinego
on: 27-12-2018 10:19

This is an excellent idea as my 16 yr old has just been conned out of £3 per week subscription by a company called Taptronic / Fitguru. Yes, we've blocked and I've called them and they're refunding but this idea would have prevented all of that.

Also, as my son is a minor, can't giffgaff also automatically block all premium services/numbers from minors's accounts? A child may not even notice such a premium number text, not tell their parents therefore continue to be exploited by such underhand scammers.

by: andy69
on: 17-10-2018 14:01

Here's a website that checks one of the ways numbers were leaked. For me, no phone number leak is detected whilst browsing over mobile network. See http://www.mulliner.org/pc.cgi.

See https://nakedsecurity.sophos.com/2012/01/25/smartphone-website-telephone-number/

Is there another way for a number to be leaked? If so, how?

by: jaymailsays
on: 17-10-2018 23:28

That website has not been given the decypher codes by giffgaff/telefonica. Payforit Merchants have paid for access to your mobile number during mobile browsing and they can decode the header info. Even using a vpn does not always protect you. Use WiFi whenever you can as that protects your information by isolating the mobile network from your browsing and hence payforit (part controlled by Telefonica) Occasionally o2 mess up and the number is on view to everyone.

Occasional Naked Security contributor Terence Eden has made a video demonstrating the problem:

The evidence.

by: andy69
on: 19-10-2018 07:42

Isn't that video linked to from the article I posted above. https://nakedsecurity.sophos.com/2012/01/25/smartphone-website-telephone-number/ IE before O2 fixed that issue. Is there a link to another website that we can use to test as the one in the video just hung for me?

by: joe_mattinson
on: 18-09-2018 10:42

Hello,

THat's a brilliant idea, supported.

Having read down the replies, it's apparent that this is a fix to a deeper problem: GiffGaff and other networks give out our mobile numbers over xG networks which allows 3rd parties to process payments straight to our mobile accounts.
Whilst this can be useful, there is no protection for us against any scammers who just take our numbers and charge us without reason - it is simply theft.

And, GiffGaff get a cut of the profits of the PayForIt service that services these payments, so they have no incentive financially to stop them happening.

GiffGaff MUST do something to prevent theft from their members - us!
Either allow a bar on Charge to Mobile, or your suggestion of 2-factor authentication would work; I prefer your solution as it gives the users control.

Thank you!
JoeM

by: suzisuz
on: 24-09-2018 07:51

2-factor authentication sounds good to me, like you said JoeM it gives the users control.

by: haleemanoor
on: 03-10-2020 08:24

Giffgaff have to do something about this and I have not seen anything else suggested. Thanks

by: bertiebat
on: 03-10-2020 16:56

This idea has a status of implemented so this is now in place.

by: dmanjra1
on: 24-10-2020 06:48

It is not 'in place' as I have just been stung by the payforit money theft. If it was in place, there would be an option for two factor verification in our settings

by: ikkyh56
on: 22-07-2020 18:28

Supported

by: bertiebat
on: 03-10-2020 16:58

No you didn't as the idea has a status of 'implemented' which means voting isn't available. You are simply spamming.

by: zealousbeloved123
on: 15-07-2020 08:04

Supported

by: bertiebat
on: 03-10-2020 16:59

Nope you didn't. The idea has a status of 'implemented' which means voting isn't available. You are simply spamming.

by: justeena1
on: 27-06-2020 20:25

Better idea

by: aqeeb01
on: 25-06-2020 11:55

very good

by: barishna
on: 16-03-2020 23:36

good idea.