Lentswe, Klerksdorp - For over a de-cade, South Africans were victims of a criminal enterprise that was allowed to steal billions from unsuspecting mobile subscribers without fear of consequences. None of the perpetrators faced fraud charges. Not a single arrest was made.
According to MyBroadband, these weren’t mafias or some underground criminal ring, but rogue wireless application service providers (WASPs) - companies that operated in the open and were given a direct interface into cellular networks’ systems.
Although the industry has self-regulated by establishing the Wireless Application Service Providers’ Association (WASPA), bad actors could simply choose not to become members and subject themselves to its code of conduct.
These dodgy players were allowed to act with impunity for years, even as mobile operators implemented systems to curb the fraud.
While cellular operators played cat-and-mouse with rogue WASPs, they steadfastly refused to block WASP billing by default, which would have shut the problem down at the source.
WASPs generated a substantial amount of revenue for Vodacom and MTN, and they just couldn’t bring themselves to give it up.
Cell C also benefited, but it at least eventually offered an option to disable WASP billing entirely.
Telkom did not enable WASP services until much later and allows subscribers to disable it from its app.
Vodacom first rolled out its double opt-in system in 2011 to prevent fraud where rogue WASPs could subscribe numbers to their service without any checks.
MTN and Cell C followed two years later and finally launched mechanisms allowing subscribers to manage their premium content subscriptions.
Before this, cellular users were completely at the mercy of the WASP and the operator.
If the WASP did not offer a way to unsubscribe, you would have to phone your operator’s call centre and hope they would help you.
Even after double opt-in, these issues persisted. Rogue WASPs would find a way to forge or otherwise fake subscriptions.
One method they used was clickjacking attacks, where malicious code on some websites, especially mobile sites, spoofed the taps and clicks needed for a subscriber to opt in.
This led operators to deploy more advanced systems to detect this kind of activity.
One of these was fraud detection and blocking software Secure-D, which MTN implemented in 2018.
Even these weren’t perfect, and MTN and Vodacom faced a spate of complaints in 2020 regarding WASP fraud - including their own internal WASPs subscribing people without consent.
This all came to a head following the assassination of Western Cape anti-gang unit section commander Lieutenant-Colonel Charl Kinnear.
Kinnear was tracked using a WASP that had access to the mobile operators’ geolocation services.
While this “location ping” platform was intended for use between consenting parties, or law enforcement with a court order, it essentially used an honour-based access control system.
Following the revelations about how Kinnear was tracked prior to his murder, Vodacom and MTN suspended their location-based services and undertook independent audits.
They also cracked down on WASPs who had access to the service.
Unfortunately, complaints about rogue WASP subscriptions have persisted.
Anyone who has been a victim of a fraudulent WASP subscription should contact their operator and WASPA to complain and demand a refund.
Steps for stopping WASP subscriptions on SA’s mobile networks:
- Vodacom: Send an SMS containing “STOP ALL” to 31050: If you are subscribed to WASP services, you should receive a response indicating that your request to unsubscribe has been received.
- MTN: USSD - Dial *155#, Select “More”, elect “Block/Unblock future charges, Select “Premium-rated services”. Follow the prompts
- Telkom: From the Telkom app navigate to “My Products”, Select “Subscriptions”, Choose “Content Services”, Select the appropriate option, Then return to “My Products”, Select “Manage”, Choose “Protect Your Mobile Number”, Set this option to “On”
- Cell C: Dial *133*1# to block all existing and future content billing.
(Article sourced from MyBroadband.co.za)
