Leave a legacy.

Require 2 factor authentication to sign up for payforit texts

By: andy69 | 12-08-2018 18:00

A lot of people are asking about being charged for payforit texts when they didn't subscribe to them in the first place. And how to stop further charges and get your money back. One way would be to require that the initial text is not charged for but is replaced with a text asking you to authorise the subscription. If you want to receive them, then you just follow the instructions in the text to authorise it. It could be follow a link or reply by text. After authorisation, you receive the original text and are charged. If you don't authorise it, you just ignore and no charges are applied.

-

Comments

by: cristo69
on: 28-12-2018 01:31

This HAS to be done, i wont be topping up again until it is

by: celinego
on: 27-12-2018 10:19

This is an excellent idea as my 16 yr old has just been conned out of £3 per week subscription by a company called Taptronic / Fitguru. Yes, we've blocked and I've called them and they're refunding but this idea would have prevented all of that.

Also, as my son is a minor, can't giffgaff also automatically block all premium services/numbers from minors's accounts? A child may not even notice such a premium number text, not tell their parents therefore continue to be exploited by such underhand scammers.

by: andy69
on: 17-10-2018 14:01

Here's a website that checks one of the ways numbers were leaked. For me, no phone number leak is detected whilst browsing over mobile network. See http://www.mulliner.org/pc.cgi.

See https://nakedsecurity.sophos.com/2012/01/25/smartphone-website-telephone-number/

Is there another way for a number to be leaked? If so, how?

by: jaymailsays
on: 17-10-2018 23:28

That website has not been given the decypher codes by giffgaff/telefonica. Payforit Merchants have paid for access to your mobile number during mobile browsing and they can decode the header info. Even using a vpn does not always protect you. Use WiFi whenever you can as that protects your information by isolating the mobile network from your browsing and hence payforit (part controlled by Telefonica) Occasionally o2 mess up and the number is on view to everyone.

Occasional Naked Security contributor Terence Eden has made a video demonstrating the problem:

The evidence.

by: andy69
on: 19-10-2018 07:42

Isn't that video linked to from the article I posted above. https://nakedsecurity.sophos.com/2012/01/25/smartphone-website-telephone-number/ IE before O2 fixed that issue. Is there a link to another website that we can use to test as the one in the video just hung for me?

by: joe_mattinson
on: 18-09-2018 10:42

Hello,

THat's a brilliant idea, supported.

Having read down the replies, it's apparent that this is a fix to a deeper problem: GiffGaff and other networks give out our mobile numbers over xG networks which allows 3rd parties to process payments straight to our mobile accounts.
Whilst this can be useful, there is no protection for us against any scammers who just take our numbers and charge us without reason - it is simply theft.

And, GiffGaff get a cut of the profits of the PayForIt service that services these payments, so they have no incentive financially to stop them happening.

GiffGaff MUST do something to prevent theft from their members - us!
Either allow a bar on Charge to Mobile, or your suggestion of 2-factor authentication would work; I prefer your solution as it gives the users control.

Thank you!
JoeM

by: suzisuz
on: 24-09-2018 07:51

2-factor authentication sounds good to me, like you said JoeM it gives the users control.

by: muddycalhoun
on: 18-02-2020 10:23

I have been a firm advocate of this and have urged people to add votes. The shame is that although Giffgaff could have implemented this ages before it was actually done by their being forced to by regulation.

How many people could have avoided the headache and stress and financial ramifications of the payforit scams if Giffgaff had acted on the votes for this and the lab's process

Whatever one of the best suggestions for members comments and participation

Edited
by: kanga92
on: 04-12-2019 23:48

ok

by: stephen_connell
on: 26-11-2019 10:48

Please add this feature, I have suffered from the Wapstar debacle

by: being
on: 21-11-2019 18:18

This sounds a great idea. those w#pstar a'holes have no morals by the sounds.

Its important to stop the charges and to get refunds too.

by: scottblackburn
on: 24-10-2019 18:43

Please get this added

by: tjtomlinson
on: 15-10-2019 20:15

Got stung by WAPSTAR and got charged the £4.50.

Initally I simply swiped the text into 'archived' thinking it was just an obscure number, then when my credit balance appeared (after a call) I noticed it had dropped significantly.

After reporting it to Giffgaff, who denied any responsibility but did give info on stopping any further payments, I texted STOP to the number supplied. Further £0.10 drain on my credit balance. >:(

Now intend to send an email to the 'gaming' and 'pay2bill' companies requesting my money back.

Am I hopeful? Not really :(