§ Motion made, and Question proposed, That the sitting be now adjourned. [Derek Twigg.]
9.30 am§ Sir George Young (North-West Hampshire) (Con)I welcome this opportunity for a debate on premium rate numbers and the growing problems of abuse to which my constituents are falling prey. I note that several other hon. Members share my concern. It is good to see the Minister in his place. If I may say so, he is an effective political firewall for his Department, neutralising and repelling hostile attacks.
This is a topical subject. Last Thursday's edition of The Times featured a story by Helen Nugent—"BT chases phantom sex caller as bills soar"—and the day before I read "Pop-up scam hits internet phone lines" by Liz Philips in the Money Mail. The Sunday Times two days ago included the story "Premium rate robbery" by David Hewson, and I have a large number of headlines from press cuttings that were helpfully provided by the Library: "New mobile phone scam promises prizes but could cost a small fortune", "BT urged to act over internet scam", "Couple dispute £750 phone bill", "BT customers may sue over internet rogue-dialling scam" and, last but not least, "Phantom of the phone sex lines strikes again in Middle England".
I shall describe the premium rate number industry, set out the abuses that are now rife, analyse the regulatory response, which I believe to be wholly inadequate, and suggest some possible remedies. Basically, the premium rate number market revolves around the use of the 090 telephone number range, for which charges to the caller are up to £1.50 per minute. Most of the premium rate market, which is worth £1 billion per annum, does not involve any abuse. It embraces the voting lines for "Big Brother", lines for weather reports, technical help desks, chat lines, horoscopes, TV games, charities, music downloads, Government Departments and what is politely called adult entertainment The world would continue to rotate without premium rate numbers. Indeed, many countries have banned them. People in those countries who want to pay for premium services over the phone pay by credit card. I shall return to that nuclear option later.
The structure of the industry is not straightforward. Let us start with the network operator—BT. NTL or Telewest. They are the folk to whom we pay our phone bills. A premium rate call goes from our phone line through two separate organisations. First, it goes through the terminating network operator, of which there are several dozen. They are the owners of the 090 numbers, which are allocated by Ofcom. They in turn lease the numbers to service providers, which provide some 30,000 services. They are at the end of the chain and may or may not be located in the UK.
It is important to understand not only the structure of the industry, but the revenue-sharing arrangements. All the money that ends up in the hands of the fraudsters starts off in the hands of reputable telephone companies. As BT is typically paid quarterly in arrears for calls by its customers, it may be paid up to four months after a premium rate number has been called. However, it pays out to the terminating network as early as 14 days after a call has been made. BT keeps between 6p and 7p per minute and hands the rest to the terminating network, which, as the 090 host, keeps its percentage of the revenue and pays out the remainder to the service provider, which typically gets 80 per cent., although in some cases it may be less. The secondary settlements can take place weekly. If there is an abuse, it may not be noticed for some time; typically, it will be noticed when the subscriber gets a phone bill. In the meantime, the fraudsters receive their money—in some cases, they do so as soon as seven days after the call—leaving BT or NTL exposed and an argument about whether the bill should be paid.
BT is, in effect, acting as a credit card for the sale of services via the telephone line, but without some of the essential features of the credit card market. For example, a credit card company can be held jointly liable if the goods supplied by one of its merchants are faulty. In the cases we are debating this morning, however, BT has no control over the "merchant", because an intermediary in the process licenses the merchant and BT and other carriers are obliged to carry the traffic that presents itself. Again, I will return to the revenue-sharing arrangements at the end of my speech. That is the industry in a nutshell: the majority of carriers are responsible and law-abiding, but a minority are not so.
Abuse can take place over a telephone line, involving either the telephone or computer attached to it. Starting with the telephone, last year a spate of misleading and unsolicited text messages conned people into calling premium rate numbers to win non-existent prizes. Typically, a text message would appear on the screen of a mobile, saying, "Congratulations, you have won £2,000. Ring this number to collect your prize." It would not be made clear that the number was a premium rate number; that those who rang it would have to listen to a long pre-recorded message at £1.50 per minute; and that the prize would often be elusive or valueless. Children with mobiles got those messages, and in comparison with adults, they had less chance of knowing that they were a scam.
The Independent Committee for the Supervision of Standards of Telephone Information Services—ICSTIS—is the regulatory body, and it notes:
During the second half of 2003 we had to deal with over 7,000 of these complaints. In most cases it became evident that there was both spam marketing taking place and that 'services' associated with the text promotions were at best misleading and at times apparently fraudulent.Clearly, there was substantial abuse in that part of the market.
Scams targeting computers have generated most publicity recently. There are some legitimate services that can be accessed by dialling an 090 number via one's computer. When that happens, the computer will disengage from the normal service provider, dial a premium rate number and the user's phone bill will be charged accordingly. The principal type of abuse takes 3WH place when, unbeknownst to the owner, the computer initiates the dialling of the premium rate number. That can happen when a rogue dialler is installed, often through an unsolicited pop-up box that looks like an advertisement. It may ask the user if they want to download some software, and even if they click "no" or close the box, the software is downloaded. It replaces the number that the computer normally dials to get on line. which is typically 08, with a premium rate number—09. The rogue dialler is sophisticated enough to turn off the modem dialler, so that the user does not hear it dialling away at their expense. Some diallers call the 090 number once, some call programmatically—for example, in the early hours of the morning if the computer is left switched on—and some change the default dialler.
There are cases in which a member of a household dials one of those services, but denies having done so when the bill arrives. That obviously causes problems in the household and for BT. However, there are enough cases of clear fraud to cause concern, and they have been well documented in the press. Other hon. Members may also have their own examples.
Mr. and Mrs. Higdonof Maidenhead faced a £744 bill, run up in six weeks by calls to premium rate numbers linked to websites owned by a company in west Africa of which they knew nothing. BT has not so far waived the charges. A constituent e-mailed me last week after being charged for an internet call that he did not make. When he reported it, he found that it was already under investigation by ICSTIS, but BT has told him that its policy is not to refund.
§ Malcolm Bruce (Gordon) (LD)The right hon. Gentleman makes an important point. Does he not agree that even if people have knowingly accessed a premium rate number, they should also be given information about the charging rate? The fact that they may be embarrassed to admit that they made the connection should not be an excuse for people to rip them off.
§ Sir George YoungThe hon. Gentleman is right. The ICSTIS code makes it clear what information must be given to the consumer about the rate that is being charged, but, sadly, some rogue diallers do not provide consumers with those details.
Money Mail tells us of Raquel from Kensington who ran up a £300 bill, probably through a rogue dialler. She has been cut off by NTL, which will not reconnect her until she pays. Susan Westnedge was mentioned in Money Mail on 23 June. Her BT bill suddenly trebled from £50 to £150 in April. Nine calls had inexplicably been made to São Tomé in west Africa. She said:
When I rang, I was told nothing had been done to prevent this continuing. I was told BT was inundated with similar complaints about fraudulent calls.Some 19,000 BT customers are currently having calls to premium rate numbers investigated. At £102 per sum disputed—an ICSTIS figure—that is some £2 million of potential fraud, and those are just the cases that have been reported to BT.
The high-tech crime unit of the police is now involved and has stated publicly that it suspects collusion and/or conspiracy to defraud within what is called the value 4WH chain. However, with much of the fraud committed by companies based overseas, it may never bring the culprits to book.
What has been the regulatory response to the abuse? The role of ICSTIS is to prevent consumer harm by requiring clear and accurate pricing information; honest advertising and operation of services—that relates to the point made by the hon. Member for Gordon (Malcolm Bruce)—and appropriate and targeted promotions. It is funded by the industry, with a budget of some £2.8 million in 2004. It enforces its decisions through an Ofcom-approved code of conduct. It sets and reviews standards of content and promotion for premium rate services, and it licenses services, ensures compliance, investigates complaints, adjudicates and applies sanctions, such as fines. That is the theory.
In its October 2003 newsletter, ICSTIS said of text messages, the first scam I that mentioned:
Wherever necessary, we have acted to bar access to numbers and impose heavy finesHowever, when I took up a constituency case in that very month, the response was wholly unsatisfactory. I e-mailed ICSTIS on 18 October last year, after a constituent got a message that said:Urgent; your mobile number was awarded a £2000 bonus.To collect the prize she had to telephone a premium rate number, with a long pre-recorded message, which cost about £8. I got no reply to my e-mail to ICSTIS and wrote again on 7 January. I also wrote to the company responsible—Prize Line, PO Box 80, 571 Finchley lane—and never got an answer. I eventually got a reply from ICSTIS on 10 March, four and a half months later:I am responding to your email of October 18th and your subsequent letters of 11 and 27 February. I am sorry you have had to chase for a response in this way.If that is the service given to MPs, what sort of service do our constituents get when they contact ICSTIS directly? In its consumer guide, ICSTIS says that it aimsto resolve all complaints quickly, effectively and consistently".That was not my experience in this case.
The letter went on to reveal the failure of the regulatory system. To take action against the service provider at the end of the chain, ICSTIS needs to get its identity from the terminating network—the guys in the middle. The letter stated:
While we have been active in closing down services, the co-operation of the terminating network is required in every case. In some cases, we have problems with network operators failing to provide the necessary information promptly or otherwise failing to assist us with the investigation of cases. This information is essential if we are to act to close apparently rogue services in order to stop harm. In your case the network responsible for the 090 number is One World Interactive and the service provider contracting for its use was Smile Telecom Ltd … The identity of the service provider was not however known to us for a period of 10 weeks as a result of delays at the network level.In other words, when an alleged scam was reported, ICSTIS could not close it down because the host would not reveal the name of the service provider. And so the scam continued, with money going to Smile Telecom, until eventually One World Interactive told ICSTIS who had the number.
On the current scam involving rogue diallers, the regulatory system seems to be in meltdown. Many have tried to complain to ICSTIS, but the line has been 5WH constantly engaged. The helpdesk is in meltdown because of a record volume of complaints. On 16 June, the ICSTIS director, George Kidd, said that it had never before had to respond to so many complaints from the public. Daily, 2,000 calls are being reported to ICSTIS—and those are the ones that get through. With such a high volume, it takes up to 26 weeks for ICSTIS to conclude investigations.
I note from ICSTIS's June newsletter that the Minister said:
ICSTIS does an excellent job, and is a good model of effective self-regulation without, until now, any legislative support".In light of the current circumstances, I wonder whether he stands by that statement.
ICSTIS has the ability to fine, but 70 per cent. of fines do not appear to be paid, presumably because the offending company is based overseas or is in liquidation. ICSTIS tells me that, in 2003, it fined the highest sum in its history. That was a reaction to the batch of wilful spam and scam mobile promotions that swept the UK, which I have mentioned. The basic figures for 2003 show that 209 companies were fined a total of £1.26 million, of which less than £500,000 was paid. Some fine income received in 2003 relates to fines set in 2002. Equally, it is likely that fines issued in the last month of 2003 will not be settled or written off until early 2004.
So there is abuse and regulatory failure. That leads me to remedies. A first option would be a total ban on premium rate numbers. That has happened in other countries. It would mean that legitimate enterprises—"Big Brother" and the like—would be unable to collect revenue via a premium rate service. I suspect that that would affect the viability of some popular television programmes. The alternative revenue stream could come from credit cards, but that is logistically more difficult for the companies and less convenient for users of genuine premium rate services. I personally would not favour that solution at this stage, but if I were the Minister or ICSTIS, I would use the threat of closure in the near future as an incentive for the industry to get its act together.
§ Mr. Mark Lazarowicz (Edinburgh, North and Leith) (Lab/Co-op)I am grateful to the right hon. Gentleman for bringing the issue to the attention of the House. I am sure that there is not a single Member of the House or of the population who has not been affected in some way by someone trying to sell premium rate numbers to them.
Will the right hon. Gentleman expand on why he has rejected the idea of a total ban on premium rate numbers? With so many abuses, is there not a case for that simple resolution of the problem? To use his example of television reality shows, I am sure that the makers or the companies would find some way of allowing the public to vote for them. It seems hard to suggest that the world would be a worse place if we did not have premium rate telephone numbers.
§ Sir George YoungThe hon. Gentleman makes a strong case for abolishing premium rate numbers. As I said, I do not rule that option out. My initial view is that, as the majority of the industry is responsible, it would be sad if the activities of a minority wiped out an industry. I hope that we can improve the regulatory system in the 6WH way that I am suggesting, which would mean that the fraud was wiped out, but would enable the legitimate industry to survive. I do not rule out abolition in the long term, but I think that it would be a bit defeatist to go for that option at this stage.
The second thing that we could, and I think should, do is make the terminating networks responsible for the fines imposed by ICSTIS on the service providers if they are not paid. That would encourage the owners of 090 numbers to be far more careful about the folk to whom they lease the numbers. Of course, unlike ICSTIS, those owners can access revenue flow to ensure that the fines are paid. At the moment, the terminating networks are not at risk, although the fraud can take place only with their compliance. Moving responsibility for collecting fines to the terminating networks would significantly reduce the administrative burden on ICSTIS, which is seriously stretched.
Thirdly, the terminating networks could be asked to put up bonds before they can issue numbers. The bonds could be drawn on either if the fines remain unpaid or for the resourcing and funding of a proper compensation scheme, of which I shall say more in a moment. Fourthly, the TNOs should be stripped more readily of their licence to issue numbers. I mentioned earlier the delay in providing ICSTIS with the details of Smile. ICSTIS told me:
The real problem however was the subsequent reluctance and in effect refusal by One World Interactive to provide us with the service provider information for the number range in question.Why in heaven's name is Ofcom or ICSTIS allowing One World Interactive to go on issuing 090 numbers if it refuses to co-operate? Service providers get away with the scam only because of shoddy work by a few TNOs, but ICSTIS seemed reluctant to act. On 10 June, it told me thatwe are involved in three enforcement actions against terminating networks who have failed to provide us with information or who have failed to prevent access to services when so instructed or who have failed to withhold payments when told to do so.Those are the companies that issue the numbers; they should be thrown out.
Fifthly, we should change the arrangements for the flow of revenue. The rapid outpayments that I mentioned earlier reduce the likelihood that funds can be frozen at the network level, even when an emergency procedure is invoked. Weekly payments to service providers should stop at once. I was surprised to learn that modest reforms to the payment regime may require legislative change. When I queried the current regime with ICSTIS, I was told:
You should note that there are legal constraints on our right to require that monies be withheld at the TNO level pending completion of an investigation. If the Committee agree there is the risk of serious harm, they can approve an Emergency Procedure action of the kind previously described. This involves an instruction to withhold revenue to the TNOs involved. If the case does not merit pre-emptive action we are advised that it would be prejudicial to withhold payments, other than provision for administrative costs, pending an eight to twelve week process and adjudication.BT is also quoted as saying that it could be sued if it does not pay the premium line holder monthly. Perhaps the Minister will comment on whether there are legal constraints that prevent slowing down the revenue flow—particularly when there are allegations of fraud— which I regard as an important part of the solution.
Sixthly, one could ask the service provider to put up a deposit, which it would lose should it be found by ICSTIS to be abusing the system. Service providers should also register details with ICSTIS of what they plan to do and get prior permission—something that used to happen but which has now stopped.
Seventhly, ICSTIS needs more resources simply to cope. It needs more people on the helpdesk, quicker investigations and a more proactive approach to prevent abuse. The levy on the industry should be put up to fund this; I am certainly not advocating any taxpayer support. I welcome much of the work that ICSTIS has done. It provided advice recently to MPs on how to help our constituents, and it recently participated in a seminar chaired by the hon. Member for Sheffield, Hallam (Mr. Allan), which was very helpful. However, it is drowning under the wave of complaints.
Eighthly, we need more publicity for free premium rate service barring, free software downloads and better customer education. I welcome what BT is doing by contacting every BT customer over the next few months to alert them of that and it has already e-mailed its 1.8 million retail internet customers. Perhaps it should be bolder about cutting service providers off when fraudulent activity is taking place.
Ninthly, we need a faster uptake of broadband so that the problem of rogue diallers cannot arise. I know that the Minister is committed to roll-out, but the issue at the moment is low take-up where it is available.
To bring the score up to 10, and to conclude, what is needed is an effective, comprehensive and properly resourced regulatory regime with meaningful sanctions promptly enforced and an efficient compensation scheme for telephone subscribers who are ripped off by fraud. We are some way from that goal, and I have identified some milestones along the route. If we do not start moving along it, we should look again at the nuclear option mentioned by the hon. Member for Edinburgh, North and Leith (Mr. Lazarowicz) of removing premium rate numbers entirely. I hope that the Minister will be able to respond to this debate by outlining a strategy for recovery.
§ Mr. Derek Wyatt (Sittingbourne and Sheppey) (Lab)I congratulate the right hon. Member for North-West Hampshire (Sir George Young) on securing the debate and thank him for his long and detailed speech, which will make the speeches of others much shorter. I also apologise to the Minister because I am supposed to be in two other places at once; a Select Committee meeting and a meeting with the Under-Secretary of State for the Home Department, my hon. Friend the Member for Don Valley (Caroline Flint) where we shall deal with some of the issues raised today. Please forgive me if I am not here at the end of the debate.
Previously, Government debates have been concerned with the Independent Broadcasting Authority, the Independent Television Commission, and the problems of floating a licence for ITV or putting it into the public domain. In 1998 there was a bidding document on 3G phones. Neither system was right, but we are beginning to tease out something on which, as the 8WH right hon. Member for North-West Hampshire said, there should be a bond. If we cannot solve the problem, I suspect that we may have to return to saying that the cost will be x up front, which is one way of solving some of our problems. There is a second, nuclear option.
Two of my constituents have e-mailed me. The first stated:
I don't really know the technical side of it. As I understand it, I must've visited a website which then sneakily changed my dial-up phone number. I believe that I made all the calls that were on my phone bill—but that the dial-up number was changed to a premium rate number … I am careful not to open up pop-up windows when visiting most websites, but some open automatically.I was told by someone at work that her husband phoned BT and asked them about it and they said that your computer would only be affected like mine if you visited 'adult' websites. I don't know how much truth is in that".The cost to my constituent was phenomenal. She spent 47 minutes on the internet through a premium-rate dial-up without knowing it and it cost her £60.45. Her usual phone bill is around £65.73, so there was an enormous increase in her bill.
The second constituent stated that if someone had access to websites without going through a recognised service provider such as BT or AOL, sites were often prone to add-on programmes that illicitly and illegally changed the dial-up telephone number without notification. There were innocuous questions at some point and if the x in the top right hand corner was not clicked, agreement was effectively given. My constituent thinks that that is very underhand and that it is wrong that it is allowed to continue.
§ Mr. Richard Allan (Sheffield, Hallam) (LD)It is important to dispel a myth about visiting websites. Every day, my inbox contains e-mails carrying diallers, which are effectively viruses. If I click on or do anything with those e-mails, the dialler will be installed on my system. It is important that users understand that the problem exists on e-mails daily and that the suggestion that someone must have visited an adult website is not true.
We have heard about the scale of the problem from BT, which said that 19,000 of its customers are having calls to premium rate numbers investigated. It went on to say that that figure is not considerable for BT, but I simply do not know how long it will be before those calls are investigated and I doubt whether BT has the resources to do so. Our constituents are very concerned, especially older people who do not really understand. Younger people are web-savvy and mobile-savvy and get the gist that something is going on, but an elderly woman may not realise until she receives a bill for £700 or £800 and BT, NTL or Telewest tells her that she must pay it. The whole telecoms servicing section should be looked at. I cannot understand how BT can deal with 19,000 customers.
There are several cases in my constituency and it seems that BT is saying that it will take them off the account, park them in a lay-by and have a debate, but that is not good enough because so many cases are 9WH coming in; 2,000 a week. How on earth can ICSTIS cope with so many? It is bad enough with BT, but ICSTIS is seriously under-resourced.
Perhaps the Minister will comment on whether the role of ICSTIS as a regulator is part of the problem. Should it be in the business of providing advice and information online and through its helpline, or should it be pulling back and limiting itself to an enforcement role? At the moment, it cannot do both. Every week, 25,000 people try to get through but cannot because it is simply impossible to find a free line. ICSTIS reckons that it handles about 25 per cent. of calls. That is not reasonable. Unless there is some way of splitting ICSTIS or making some short-term funding available, I do not see a resolution to the problem before Christmas. All that will happen is that many more thousands of people will be severely embarrassed by their phone bills. We cannot just leave the issue in mid-air and hope for resolution at some stage. We need a short-term fix, and a short-term fix tomorrow would do.
The right hon. Member for North-West Hampshire mentioned the piece by Helen Nugent in The Times last week. Let me refer to some of the bits in it that surprised all of us; 18 households in the hamlet of Mew Green near Bardfield Soling in Essex were charged £1.50 a minute without their knowing, and dozens of villagers in Helions Bumpstead near Haverhill were charged, as were 28 of the 65 households in Thurne near Acle, where I was called yesterday by the BBC to do a radio interview. No one can quite understand what is happening. Mystery phone calls are being charged to people.
A cybercrime unit is needed to deal with these rogue forces. One problem is that cybercrime is not taken seriously in this country. In fact, I understand that none of the Home Office figures in the public domain include cybercrime.
§ Malcolm BruceIs not it the case that the boxes in the street are accessible with a T-key? Anyone who knows what they are doing can access them, dial a premium rate number and charge it to a domestic bill. Is not the first priority to have a little more security on the boxes?
§ Mr. WyattThe hon. Gentleman is absolutely correct. That is a problem, and we need greater security.
The Network for Online Commerce, which was set up in 1994 as a not-for-profit trade association, has been in touch with me. In March 2004, it created the dialler action group. It had been talking to ICSTIS and had become worried that ICSTIS was overwhelmed. I have received a letter from its chairman, who says that the NOC is totally supportive of ICSTIS but suspects that, under its current structure, it is difficult to react with sufficient speed and technical appreciation of this sophisticated market. The NOC is working with ICSTIS to assist in assuring effective change to limit any industry problems associated with diallers. ICSTIS is overwhelmed, not just by technical issues but by its day-to-day activities. To constituency MPs, the problems seem similar to those of housing benefit or the Child Support Agency. The system is overwhelmed.
I wonder whether I might put in my three penn'orth. I do not have 10 suggestions, but I have had an interesting e-mail from David Knell of Coulomb Ltd. 10WH about the terminating network operators, which are important. He makes three recommendations that are worth considering. First,
ICSTIS should be able to set and revise the level of the bond required from each TNO".That is key. That can be done now; in the future, perhaps it will have to be done up front. I recommend that proposal. On his first recommendation, he goes on to state:In the event of complaints against one of that operator's service provider being upheld by ICSTIS, they should instruct the TNO to compensate the customer.Our constituents have nowhere to go. They do not know how to complain and cannot get through, yet they are worried about their bill, which racks up interest. They are very concerned.
Mr. Knell'ssecond recommendation states:
TNOs who wish to provide dialler services will need to accept that there is a short-term need to provide additional funding to ICSTIS to allow them to cope with the current flood of helpline callers.I wonder whether any amount of money will resolve that problem, but it is probably what is needed in the short term. Thirdly, he states:TNOs who provide numbers to repeat offenders should either have the level of their bond increased or their authorisation to provide numbers removed.It should be the latter first.
In conclusion, it is interesting that the crime side of police forces so undervalues cybercrime. Police forces require training, and we need a specialist unit to teach and train policemen and women in different constabularies.
§ Michael Fabricant (Lichfield) (Con)Is the hon. Gentleman aware that in the United States a division has been established under the Department of Homeland Security to deal with that very issue? The US authorities not only recognise that there is a threat from cybercrime—actual cybercrime of the sort we have discussed today—but from cyberterrorism. At the moment the Government are doing nothing to counter that threat.
§ Mr. WyattThe wider issue is that any regulation made in the United Kingdom will lead to crime going offshore, and one can keep going offshore for ever. The G8 and the European Union should be creating a new world internet organisation that deals with cybercrime. One would not expect the UN or the World Trade Organisation—bless them—to deal with it, because they just are not up to it. We need a more nimble, smarter world body. I do not see such an initiative yet, but I hope that the Babbage institute may come.
I conclude by reading something from a note from Rob Johnson, who said:
I am dismayed that there has been only one upheld complaint against Dialer fraud since February 1 by ICSTIS. I am led to believe that there is underlying 70 per cent. non-collection of levied fines.If those companies are based offshore, the situation is difficult, but the whole process seems to be tipping over, and we need quick service to ensure that ICSTIS is brought back in line. In the longer term, we may need a new regime.
§ 10.7 am
§ Mr. Richard Allan (Sheffield, Hallam) (LD)I should like to follow on from the hon. Member for Sittingbourne and Sheppey (Mr. Wyatt) in talking about internet diallers. I offer my apologies to the Chamber because I also have to go to the meeting at the Home Office, at which we shall discuss the Computer Misuse Act 1990.
Mr. Deputy SpeakerOrder. If I may, I shall interrupt the hon. Gentleman. Both the hon. Members for Sheffield, Hallam (Mr. Allan) and for Sittingbourne and Sheppey have fully used the courtesies of the House in advising myself, the Minister and the initiator of the debate of their need to be elsewhere at 11 o'clock. We are grateful to them for exercising the proper courtesies. I wish that were done more often.
§ Mr. AllanI am grateful to receive such a ringing endorsement from the Chairman of the Procedure Committee who, above all other hon. Members, knows how things should be done.
I am grateful to the right hon. Member for North-West Hampshire (Sir George Young) for raising an issue in which I have been interested for a couple of years since first coming across diallers on my own computer and being horrified at their potential. I raised the issue during the passage of the Communications Act 2003. I come at the matter from three angles. First, there is the question of consumer protection of our individual constituents, about whom we are all concerned. Secondly, we need to tackle criminal activity and not allow spaces to exist within which fraud can be committed easily. At the moment, we have allowed spaces to exist within which fraud is far too easy. The right hon. Member for North-West Hampshire referred to the money flow chain as being critical to that situation.
Thirdly, there is the issue of maintaining public confidence in the internet, which is a concern shared by the right hon. Gentleman and the hon. Members for Lichfield (Michael Fabricant) and for Sittingbourne and Sheppey through our membership of the all-party internet group. We want to ensure that the internet is safe and that people in the UK feel comfortable using it. That objective is important, and rogue diallers are a potential disincentive for people to use the internet because they may have read in the paper about people running up massive phone bills.
ICSTIS has been helpful in briefing us, and it held a helpful meeting on the matter in the House last week. The Telecommunications UK Fraud Forum, to which one of my weblog readers pointed me last week, has also been helpful. It sent me some briefing material, including a helpful article on how to write one's own rogue dialler.
The ICSTIS briefing on the premium rate industry opened my eyes to what is going on. We have effectively developed a micropayment system based on the existing consumer credit arrangements organised by telecommunications companies, or telcos. The system is cheap to operate and permits services to develop that would not otherwise function. If one wanted to take 10p for a voting call through a credit card, many services simply would not be cost-effective.
We have different personal views about the value of the services offered; tarot readings online or over the telephone are not my cup of tea. However many are popular, as we have seen when there is a link with television programmes, and the public clearly demonstrates an appetite for them, spending about £2 billion a year on premium rate calls.
Although we have heard that there are wrinkles in the system now that the volume of services is increasing and SMS scams are taking place, voice services have developed quite constructively on the whole, thanks in part to the ICSTIS regulations and the nature of the activity itself. ICSTIS has tried to apply the same sort of disciplines to premium rate internet diallers and has developed a code of practice detailing that terms and conditions should be available on screen and that users should be fully aware of the costs. Premium rate voice numbers state the call rate at the bottom of the advertisement. ICSTIS has said that there should be an on-screen clock to tell users how much they are racking up, and that access to the site should automatically stop if the total cost of connection reaches £20.
If the code were fully implemented, there would be fewer problems. However, there are important differences between the architecture of voice and data premium rate calls, which make data calls more prone to fraud than voice calls and dodgy operators more likely to operate them. In a voice call, the user has to take active steps to initiate the call and to extend its duration. There may be a long spiel that in itself causes a problem, but the user chooses whether to stay on the line or terminate the call. The user manages the whole thing. With a data call, the computer does the managing, which can be entirely invisible to the user until the bill arrives. That is the critical difference; even for an expert user, there is no way of telling that the activity is taking place.
The ease with which such diallers can be produced is demonstrated in a helpful article by the Telecommunications UK Fraud Forum. We are told that production takes about 60 lines of code in a fantastic and very neat language called Perl. I will not read out those lines, suffice to say that it is shorter than most speeches that take place here and that in fewer lines I could produce something that would collect £1.50, £3, £30 off thousands of people throughout the country. It is that simple. The article tells us how to ensure that the user cannot see that the dialler is dialling, how it can turn off the modem so that it does not make a noise.
The points made by the right hon. Member for North-West Hampshire to set the issue in context were helpful. The question is about the existence of the industry at all. We must be clear that it would be unacceptable for us to say to constituents who have been ripped off by fraudsters, "There is nothing that can be done, mate." They will not accept that. The likelihood is that their number will increase; internet crime and fraud comes in waves and the wave of dodgy diallers is only just beginning. We can expect far more to arrive. The industry must act or the ultimate solution will be to pull the plug on premium rate calls. That much is at stake.
I would be interested in the industry's response to credit limits on land-line phone accounts. The average problem bill that is queried has an excess of £100, but that disguises many problems for individuals who have an excess of £500 or £1,000, as highlighted in the debate 13WH already. I see no reason why a phone company should allow someone to run up a £500 or £1,000 bill without any prior consent. I have a credit limit on my mobile phone account. I understand that mobile phone accounts operate with modern systems and that putting credit limits on all accounts would be technically complex and potentially expensive for BT's large system, but it should be on the agenda because unlimited, unbridled and largely unregulated credit is going out to people and that seems entirely unacceptable.
So, I question whether, as a matter of course, we should have credit limits on land-line phone accounts. If someone is a regular premium rate user and wants to extend their credit, they could come to an arrangement, much as they would with their mobile phone, to get a credit limit of £500 or £1,000. That is between the user and the company. I cannot see any reason why anyone should run up £1,000-worth of debt without the person offering that credit intervening at any stage, particularly when, on a normal residential phone line, the typical amount of debt might be £50 or, as a maximum, £100 per month.
In terms of consumer protection, the second point is that we should have a caveat vendor principle, rather than caveat emptor. The sellers ought to be aware that, if they do not provide the services properly, they will not get paid. That would create an incentive throughout the chain for people to make sure that things happen properly. A good starting point would be to say that the consumer should not be liable if they query charges that have been run up with a dialler that does not comply with the ICSTIS guidelines that operate in the UK for premium rate numbers.
If someone is operating a premium rate number and has not complied with all the points—turning it off at £20, having clear information online and so on—there should be no reason for anyone to have to pay that company because the company has failed to comply with the guidelines. That would lead to network operators making sure that they did not offer services to people who do not comply with the guidelines.
It may be that we have to move to a prior approval procedure, particularly in the internet field, where it may be the way forward. I understand why, because of the volume of voice calls and the nature of the voice market, we have moved away from prior approval to a situation where people set up numbers and, if there are problems, we deal with them later. However, because of the smaller volume of internet-related numbers and the architecture of the internet—space being difficult—prior approval may be the best option.
The caveat vendor principle should be applied. Many of those people are complete crooks and I find the idea that we are handing money over and UK reputable business is actively participating in extracting money from our constituents and handing it over to crooks so offensive. We must say that that cannot happen. We must find some way to deal with that.
That may result in an additional difficult problem— diversion to international and satellite numbers. We must recognise that. If we regulated all the 09 numbers there might be diversion to international and satellite numbers, but the fact that that is a difficult area does not mean that we should not act. Where we have things in 14WH our jurisdiction—premium rate numbers in UK number space are in our jurisdiction—the fact that we may get diversion to other areas is not an excuse not to act. We should clean up our 09 numbers. There are other issues that we need to resolve in dealing with international and satellite numbers.
My second area of concern is tackling fraud and doing it robustly. We should consider taking up the Computer Misuse Act cases for unauthorised access. Those should be taken up by ICSTIS or by consumer bodies and the Government should participate in that actively.
We understand that the Computer Misuse Act is moving back up the agenda and that the Government want to review it. My reading of the way in which it works is that if somebody plants a programme on to my computer without my explicit consent and that programme does things to alter the nature of my computer and my dial-up settings, that is a prima facie case of unauthorised access according to the terms of the Computer Misuse Act. I think that a criminal prosecution under the CMA would, in many cases, be far more effective as a discouragement for those who operate in the rogue dialler market than any fining that takes place through ICSTIS. So I hope that the Government are robust in making sure that CMA prosecutions take place.
I understand that a review of the fraud legislation is also taking place. There is a range of telecoms and internet-related fraud and we need to make sure that a new fraud Act—which I would welcome—encompasses telecommunications and internet-based fraud. If we are going to use micropayment systems in the future, all those micropayment systems, whether there are for mobile phone or land-line networks, will need to have the backup and support of a tough regulatory environment that deals with fraudsters.
The final issue that I want to consider is confidence in the internet. The most important thing is to stop fraud happening. There is also a strong role for education. Broadband removes the risk, but only if the modem is unplugged. If anyone using broadband finds that their connection becomes slow one day, there is often a good reason for that. Many people leave their modems plugged in as a back-up line. However, using broadband and not having a modem plugged in is a possible solution.
Locking down diallers would also help. It is popular in such debates to knock the relative lack of security of the Microsoft Windows operating system. However, it is also appropriate to do so, because it is a fact that that operating system does not lock things down in the way that other operating systems do. There is a good reason for that. Ease of use and security are always a trade-off. The easier something is to use, usually the less secure it is; the more secure it is, the harder it is to use. As a consumer operating system, Microsoft Windows is easy to use. However, in comparison with other operating systems, it is not very secure.
However, something can be done within that system. Users can be educated to lock down their diallers, so that people would need to have super-user administrative permission to replace one dialler with another. That is technically possible, but it is not done in most consumer environments. Education may encourage people to do that.
§ Michael FabricantI agree with the hon. Gentleman, but when someone knows that they are going to leave their computer unattended and on—incidentally, there is nothing to stop a rogue Trojan virus from switching someone's computer on; the potential is there—surely the ultimate safeguard is not all the software that he has been talking about, but simply unplugging the modem and disconnecting it from the system.
§ Mr. AllanThat is an option, but for most users in most households, who are still using a dial-up connection, it is quite unsatisfactory. Again, we are back to the trade-off between ease of use and security. I want to turn up, turn my computer on and go; that is ease of use. However, I can make my computer more secure by unplugging everything and checking it all. All that I am saying is that the balance needs to shift a little away from ease of use and towards security, on this and a whole range of other issues. People need to be told that that should be the case, so there is an educational role.
ICSTIS, which has been referred to repeatedly, is the front line. It has an important role; if I have a complaint, I phone ICSTIS up. At the moment, I probably will not get through. The telecoms industry needs to be realistic. If it values this part of its sector, it must put a hell of a lot more money into ICSTIS. It is as simple as that. It is the industry's responsibility to do so. There should be no excuse for the industry funding a regulator that cannot answer calls from our constituents who have queries about the way in which the industry is operating. The industry is very profitable. A lot of money is being made. It is the industry's choice; if it wants the business to survive, it needs to put money back in to ensure that it is clean, safe and works in a way that is publicly acceptable.
Let us think about the scale of the problem. BT is not the only telco that is affected; all telcos are. However, if BT has 19,000 customers with complaints and if each of those customers takes up only one hour of time—I am sure they all take up far more than that—by my rough calculations, we are talking about 10 person years just to deal with that lot. The problem is huge. Perhaps telcos have decisions to make about whether the business is worth conducting, given the potential losses and hassle that it causes them.
Like the right hon. Member for North-West Hampshire, I do not instinctively want to ban the industry. It can be very cost-effective, and can encourage all kinds of business to take place online, whether over the internet or over telephone lines. People want to engage in that. However the clear message is that if the industry wants to offer such services, they must be better regulated and we must ensure that there are no spaces for fraudsters.
Above all, we must ensure that our constituents are not confronted by huge bills that they do not understand and for which no one can give them an adequate explanation. No one can give them the certainty that that burden will be lifted from them because the area is deemed to be too complex. I hope that the Minister will give us some pointers today, although I recognise that a lot of the responsibility lies with the industry. However, the Government can heavily influence the direction that the industry takes from this point.
Mr. Deputy SpeakerWe now start the winding-up speeches. May I make a plea to the Liberal Democrat spokesman and to Her Majesty's Opposition spokesman to sham some of the extra time, but leave adequate time for the Minister to reply? This is an interesting and technical Adjournment debate and the Minister must be given sufficient time to reply to it.
§ Malcolm Bruce (Gordon) (LD)Mr Deputy Speaker, I am happy to accept your constriction on time. Many more expert speeches have been made before mine.
The right hon. Member for North-West Hampshire (Sir George Young) should be congratulated on highlighting a serious and current issue that is a growing problem. It needs to be addressed and he has, on behalf of his constituents, informed himself about the nature of the problem and some of the solutions. I do not envy the Minister, because he is under considerable pressure to come up with practical answers before the problem gets out of hand. My hon. Friend the Member for Sheffield, Hallam (Mr. Allan) is a considerable expert on the matter and said that it is totally unacceptable for us and our constituents to have money taken out of our accounts without our knowledge and transferred to people engaged in criminal activity. No Government can stand back and regard that as tolerable.
Instinctively, I think that it would be unfortunate if the industry had to be banned because of the activities of a minority, but if we cannot find solutions, that may be the result, which is all the more reason to try to find solutions. The industry has an obligation to find them because it is in the middle. BT is in the front line because, as the biggest single provider, it generates most hostility from customers about disputed bills. It is in BT's interest to have the matter resolved.
Although many services are legitimate and consumers are prepared to pay a premium for them, it is unacceptable that if people choose to log on to those services, they may find that they are being charged at a rate of which they have no knowledge or which is different from what they were led to believe. If their account can be accessed when they believe they have terminated it and further charges can be run up, that is a total abuse. It is another matter when people have gone nowhere near those services, but still incur charges because of a virus, e-mail or some other mechanism when they have exercised no conscious choice. That criminal activity is fraud and we must find a means of stopping it.
I am led to believe that the problems in Essex and one or two other parts of the country that have been mentioned may have been caused by people going round in the middle of the night, tapping into boxes and dialling a premium number several times, which then appears on a domestic bill in that area. An obvious solution is to make the boxes secure.
§ Michael FabricantThe hon. Gentleman may be relieved to know that BT is moving to an internet protocol system for all telephony and it will be far more difficult for people to tap in to those boxes, although I doubt whether that is happening a lot at the moment.
§ Malcolm BruceI am happy to hear that. As my hon. Friend the Member for Sheffield, Hallam said, telecoms and internet fraud unfortunately move ahead faster than the enforcers, so another scam may arise. Another point that was made to me is that it is a dial-up problem and not an internet problem. Consumers do not make that distinction. If someone is surfing the net and closes a pop-up box that opened itself, that is an internet problem for those people. If we do not deal with the problem, people will not use the internet because they will not take the chance of such a thing happening. That would be unfortunate, because this fantastic information exchange service would become devalued if people were nervous of using it. That would be a retrograde development.
In a debate such as this, the Minister would not expect to be given the definitive answer. He has been given a number of suggestions and a number of indications of the scale of the problem. We are all interested to hear what the Government can do to respond.
My hon. Friend the Member for Sheffield, Hallam suggests some kind of micropayment credit system that would effectively limit the costs that people could incur. I wonder whether it is possible to have a system in which premium numbers are blocked. I know that BT offers that service, but to my knowledge it has at no time communicated to me, a BT subscriber and internet user how I might do that. I hope that it will be more proactive.
There may be another answer. Many people would say that the number should not be blocked all together as that will kill the business, but a way around that is to say, "It is blocked, but you can access it with an override and a password," so that it can be accessed only consciously and overtly, and so that the provider must give a clear indication of cost. I am not a technical expert, but I worry that people will find a way around that. Assuming that something along those lines could be a solution, it would be one way of giving people informed choice. No one would object to that; people object to being charged for a service that they did not choose to use, or to the fact that they exercised one choice and were inveigled into something more substantial than they realised.
My hon. Friend the Member for Sheffield, Hallam mentioned broadband and the caveats about people having to disconnect their dial-ups. That raises a question of which the Minister will be well aware, which has been asked by my party in particular, but not exclusively: how do we achieve universal broadband access? That is an issue in many constituencies; certainly in mine, if not my hon. Friend's. We welcome the fact that the internet is reaching more and more people, and is reaching out into rural areas, but there are still many rural consumers who will not get it for some considerable time, or may never get it. Such people will not be impressed by the Government telling them that the way to avoid internet scams is to get on to a service that they cannot access. BT says that its ambition is that there should be universal access, but it has not told us how it will achieve that.
There is also an issue with disputes and the total overwhelming of the system. It is slightly worrying that ICSTIS's starting point is to say that such problems are between the customer and the provider, although it then acknowledges that it must do more about the situation. 18WH That is an unequal contract; one is not really a customer if one has been illegitimately loaded on to something that one did not contract for. There has to be an acknowledgment that if there is an imbalance between customer and provider, any kind of regulator has to step in on behalf of the little guy. It may well be that we need some kind of independent brokerage that can second-guess, because BT and others are likely to say, "Well, we've contracted, we've paid. As far as we're concerned, you have accessed these services, so you must pay." They make things difficult for people who want to dispute what they should pay for.
Conscious as I am of the desirability of giving the Minister time to respond, I will raise one final issue; the broader case for solving the problem. I understand that the BT system almost came to a total halt after the World Trade Centre atrocity on 11 September 2001, because everybody was phoning everybody else. The system was nearly overwhelmed. It has been pointed out to me that it would be possible, with the technology available, for someone to set out to do just that with a virus; to make every number in the country dial every other number so that the system is completely locked out. One might do that for the sheer joy of mayhem. Strange as it may be, that seems to be the inspiration for virus anoraks. They do it not necessarily for gain, but to see the chaos that ensues. However, there are more sinister people who see ways of using that technology to block the whole system before mounting some kind of terrorist attack, so that emergency and other services may be disrupted because the system is in chaos.
Clearly, that would be an appalling scenario and I do not suggest that it is a prime reason for reforms, but considering the injustice to people who are billed for services that they did not access or did not access on the terms for which they are billed, that legitimate telecoms providers are taking money from our constituents and giving it to criminal elements, and the risk of a terrorist or viral attack on our system that could have serious consequences for national security, I hope that the Minister will accept that there is a growing concern about the issue.
I suspect that if the process continues to accelerate, and we debate the issue again in a few months, this Chamber will be full. I accept that technical constraints prevent the Government from solving the problem alone. However, they must, together with the industry, come up with answers; and soon, before it gets out of hand.
§ Michael Fabricant (Lichfield) (Con)This has been a remarkable debate, first, because it affects so many people and secondly, because there has been such unanimity about the problem and what needs to be done about it. The hon. Member for Gordon (Malcolm Bruce) is right; next time. there will be many more people here. The problem is growing, not decreasing. I very much congratulate my right hon. Friend the Member for North-West Hampshire (Sir George Young) on initiating the debate.
Some 2,000 cases are reported daily, as has been mentioned, and some 19,000 cases are under investigation. Clearly, ICSTIS has a great problem in trying to administer such a large volume of cases. 19WH Various hon. Members have suggested that the industry should provide more money for ICSTIS. However, the Government also have a role to play. My right hon. Friend the Member for North-West Hampshire came up with 10 possible remedies. We shall all be interested to hear what the Government can do, as ICSTIS does not have a huge remit to provide a solution. If one consults the ICSTIS website and asks:
Do you have to pay for the calls to this number?the response is:Each telephone company has its own processes for dealing with disputed bills, so you must speak to them.It goes on to say:ICSTIS has no authority to stop your telephone company (BT, Telewest, One-Tel etc) making you pay for calls or to postpone payment. On your behalf we have made your telephone company aware that we are investigating the service on the number(s) listed and we will advise them of the outcome in due course.And what does it say is the solution? It says that people should write to Rik Covell, at an address in the British Virgin Islands. I suspect that Rik Covell, whoever he might be, will not respond. If ICSTIS cannot respond to letters from a Member of Parliament because it is so flooded with complaints, I rather suspect that Mr. Covell will not respond either, but for different reasons.
The issue is serious, for the reasons identified by the hon. Member for Sheffield, Hallam (Mr. Allan). It is not just a matter of voice calls; one could well say of those "caveat emptor", because there is a clear obligation on premium rate number suppliers to make it clear how much calls cost. One might have to control one's household, particularly if it contains young children who make calls. The short-term remedy could be for a householder to have 090 numbers barred. Incidentally, the hon. Member for Gordon asked how one could bar an 090 number. Anybody who wishes to do so should go straight to bt.com; the website gives very clear instructions. However, that is the ultimate sanction. As hon. Members have pointed out, many premium rate operators are legitimate. It is a great shame that their services should be barred simply because of the illegality of others.
I am concerned by the other issue, however, which my right hon. Friend the Member for North-West Hampshire raised and which the hon. Member for Sheffield, Hallam discussed; the issue of the rogue dialler that infects itself on to a computer. I strongly believe that that is a prime example of where the Government should use the Computer Misuse Act 1990 against operators in the UK. I received a list of some of the companies under investigation from ICSTIS. I shall not name them, but I shall say where they are based: Germany, Switzerland, Lichtenstein, Florida, Spain, Moldova, Panama and the British Virgin Islands, which I have already mentioned. However, some British companies are involved too, so the Computer Misuse Act 1990 could apply. Has the Minister spoken to the Director of Public Prosecutions to see whether prosecutions will be initiated under that Act?
§ Mr. AllanJust to be clear, the Computer Misuse Act 1990 can be used against people based abroad. Higher order offences, such as gaining unauthorised access in 20WH order to commit fraud, carry a sufficient penalty to be extraditable. We have pressed the Government to extradite people. Just as the US would extradite people from the UK who hacked systems there, we should do the same with people in other countries.
§ Michael FabricantThe hon. Gentleman raises an interesting point. How seriously does the international community regard such crime? The problem is that, despite the fact that 19,000 cases are under investigation, the Government—I am not condemning them—do not yet regard the issue as serious enough in their order of priority. However, the problem will be serious, as the hon. Member for Gordon said, when in the months to come we debate in the House the hundreds of letters that we receive each week from people whose computers have become infected.
My right hon. Friend the Member for North-West Hampshire has come up with 10 possible remedies. Some of them are extreme, but others are practical. Should the main telephone provider withhold payments? For example, it is extraordinary that BT has to pass on payment to premium rate providers within 14 days and yet does not receive income itself for up to four months. What a negative cash flow!
Withholding money would be an effective sanction. If BT could withhold money to premium rate suppliers following serious misuse, particularly with pop-ups and infections, which I believe would be a prima facie case for withholding such money, there would be a great incentive for those suppliers not to breach the Computer Misuse Act 1990. At the same time, however, we must be careful, because BT and other telephone companies, such as NTL and Telewest, cannot become judge and jury and withhold money unilaterally. There must be clear prima facie evidence of infection. I would be interested to hear what the Minister has to say about that. What guidance will the Department of Trade and Industry give telephone companies regarding that issue?
The difficulty is a manifestation of the much wider problem of internet abuse in general. The problem is similar to the situation that existed not so long ago with the copyright Acts We all accept that there should be intellectual property rights, yet China was abusing copyright, producing music and software CDs, and so forth, and not paying any copyright fees at all. It took many years to change that. Only recently, when China joined the World Trade Organisation, did it finally accept that it had an international obligation.
Some 50 years ago, the British Government initiated the first world administrative radio conference, which was a recognition that unless countries came together and recognised that they could not abuse radio and television frequencies, there would be mayhem and anarchy. One could be watching the 10 o'clock news on the BBC or ITN, and suddenly there could be an interruption from a rogue broadcaster in France, beaming pornographic programmes across to Britain. Of course, that does not happen because there is international recognition of the methodology by which countries come together to control radio frequencies.
The Government have a duty of care to the worldwide community, not only to people in the United Kingdom, to initiate a similar conference on controlling the internet. I accept that, in theory, the Computer Misuse 21WH Act 1990 might result in extradition. However, until we get worldwide agreement that all nations must cooperate, there will be mayhem on the internet, just as there could have been mayhem on broadcast frequencies.
I want to allow the Minister plenty of time to reply. This is an important problem, and there are some interesting solutions. I shall be very generous and not use the rest of my speech, as the issues have been covered so well by other right hon. and hon. Members. I look forward to hearing what the Minister has to say.
§ The Minister for Energy, E-Commerce and Postal Services (Mr. Stephen Timms)I am grateful, too. I congratulate the right hon. Member for North-West Hampshire (Sir George Young) on securing this debate. The contributions that he and others made have highlighted the scale of this serious problem. I am not quite sure what he was referring to when he described the firewall with which I am protected, but I am grateful to him for taking the trouble to let me know beforehand the points that he would raise in this debate.
The premium rate services industry has been one of the successes of the communications revolution. We have heard about several services, from interactive voting on "Big Brother" to getting new ring tones on mobile phones—hon. Members may be aware that the UK ring tone market is now larger than the singles market—and new internet-based services. Such services make up a successful market that was worth more than £1 billion last year, making the UK the biggest market in the world for services of that kind.
I agree with the hon. Member for Gordon (Malcolm Bruce) that, if the market is to continue to thrive, it is absolutely essential that consumers are confident that they can use such services without becoming the subject of a scam or a fraud. The calls this morning to pull the plug on the market will only increase if the problems are not swiftly addressed.
My hon. Friend the Member for Sittingbourne and Sheppey (Mr. Wyatt) drew attention to a letter that he had received from the Network for Online Commerce. I also received a letter from it that made some interesting points. I understand that a small number of the companies causing the problems are, in fact, members of that organisation. Any organisation that represents this industry must ensure that its members are innocent of the kind of practices that we have been discussing today, as such practices undoubtedly pose a serious threat to the industry. Everybody in the industry with any sort of responsibility must ensure that participant companies rapidly address the matter.
As we heard, premium rate services are regulated by ICSTIS through a code of practice that is underpinned by Ofcom. The Communications Act 2003 contained provisions to ensure that the ICSTIS system of co-regulation of the advertising and services would continue to be supported. The Act contained for the first time a reference in law to the ICSTIS code of practice. ICSTIS is an independent body, with sanctions ranging from —100,000 fines to the disconnection of service 22WH providers that breach its code of practice. ICSTIS frequently uses those powers and it has a good record of using its emergency powers swiftly and decisively to stop abuses linked to premium rate services.
The right hon. Member for North-West Hampshire asked whether I stood by the comment quoted in the ICSTIS newsletter of June 2003. Yes, I do. The model is a good one, but ICSTIS has struggled to cope over the past few months with the volume of complaints that it has received, and it has recently seen a big increase in the number of complaints about internet dialler services. We are taking the problem seriously; the industry, too, needs to take it seriously. Last week, ICSTIS provided a parliamentary briefing that was chaired by the hon. Member for Sheffield, Hallam (Mr. Allan). Others referred to that valuable briefing.
As we have heard, the services link premium rate numbers to diallers. A dialler is a small piece of software that, when downloaded to a PC, temporarily replaces a user's normal internet service provider connection—typically a local rate 0845 number—with a premium rate number.
§ Michael FabricantThe Minister is right to highlight the role of ISCTIS. Like him, I agree that self-regulation is better than Government regulation if it is effective. Does he not accept that ICSTIS is completely overwhelmed by the number of complaints? The current situation will not do. If people cannot get through to ICSTIS to complain, the organisation will become impotent.
§ Mr. TimmsICSTIS has certainly struggled with the volume of complaints in recent months. I shall say in a moment what might be done to deal with that, but the strongest message that today's debate should send the industry is that it needs to clean up its act. Otherwise, its future is in peril.
When a dialler works well, it enables a content provider to charge a micro-payment for content without the need to resort to credit cards. Charges of up to £1.50 per minute are made to the user's phone bill. As we have heard, the vast majority of those services are not fraudulent. However, there have been cases of internet diallers replacing a user's ISP connection without the user's knowledge and without the user having to take action to download the dialler. As a result, users may not be aware that they are connected to a premium rate number when using the internet.
That sort of scam can result in users realising that they have been ripped off only when they get their next phone bill. As we have heard, given BT's usual billing cycle, that is often not for another three months. Those charges are typically about £100, but they are sometimes much more. Not all those scams involve premium rate numbers, as some operate on international or satellite numbers, but the premise is the same—to run up charges to consumers that are passed on through the telephone billing system.
Some hon. Members have pointed out that, so far, such scams are not a problem on broadband. However, as the hon. Member for Gordon pointed out, that is not much comfort if broadband is not available. None the less, as more than 80 per cent. of households now are within reach of a broadband service, internet users may want to take note of the fact.
Those scams may be in breach of the Computer Misuse Act 1990. They may even be straightforward fraud. They are certainly in breach of the ICSTIS code of practice, and the organisation has been taking strong action against them. ICSTIS has passed details to the hi-tech crime unit. It has fined several companies a total of some £300,000, and it has many more complaints in the pipeline.
ICSTIS has been inundated with complaints about dialler services, and is receiving thousands of calls a day on the subject. However, it is important to put that into perspective. Most complaints are from people who do not understand how internet diallers work, and who are unaware that that their monthly ISP charges do not cover access to premium rate internet services. Some complainants raised the issue of unauthorised use where someone in the household has used the services without the knowledge of the family member who pays the phone bill. However, there is no doubt that a significant number of consumers have been the subject of scams and faced charges of £100 or more on their phone bill for services that they simply have not used.
§ Malcolm BruceI appreciate what the Minister is saying, and of course the providers will say, "You have used these services and you should pay," but does he not agree that we must get to the bottom of the scams that connect people many times over or do not give any information? How do we deal with people who may have knowingly accessed a premium rate service but are charged many times the amount that they expect?
§ Mr. TimmsI agree with the hon. Gentleman. Ofcom is working closely with ICSTIS to analyse solutions to the dialler problem and examining the role of the terminating networks that have contracted with the service providers in order to carry the service. Where there is evidence of network non-compliance with ICSTIS rules, Ofcom will investigate and take appropriate enforcement action, including fining providers where necessary.
Ofcom is also writing to the terminating networks that have contracted with premium rate service providers, which the right hon. Member for North-West Hampshire mentioned, to set out its strong concerns at the lack of due diligence demonstrated by certain 24WH companies in signing up service providers in the first place. They must check that the providers with which they contract are bona fide service provider organisations. Ofcom will not tolerate that activity, and it is investigating the role of those providers with a view to taking enforcement action.
ICSTIS is building cases that suggest that a small number of terminating networks are not complying with the obligations in its code of practice. It is collecting evidence to support that claim and will shortly pass it to Ofcom to consider what action to take, including prosecutions. I hope that as soon as that information is received, Ofcom will move swiftly.
Ofcom is asking several of the larger telephone service providers to explain their position on making customers pay for disputed bills where fraud is suspected. It will point out that they must act in accordance with the conditions imposed upon them relating to non-payment of bills. The conditions prevent operators cutting off customers where a dispute over a premium rate service bill is being investigated.
We heard from the right hon. Member for North-West Hampshire of a case where one provider had cut off a customer while their case was being investigated. That is a breach of the conditions that Ofcom imposes on the service providers, as I understand them. BT will make an announcement later today about the additional steps that it will take to address that serious problem.
My Department is working with ICSTIS, Ofcom, the industry and the Internet Service Providers Association, UK to raise awareness of what consumers can do to protect themselves from dialler fraud with increased use of firewalls and filtering software on their PCs. We have heard several remedies this morning, and anti-virus software is often available free of charge from internet service providers. Consumers can ask their telcos to block access to all premium numbers if they are worried about falling victim to those scams.
We are working with all those involved to ensure a coordinated approach to help consumers. Following last week's briefing, ICSTIS plans to bring together all the key players together next month to co-ordinate the work to tackle the problem. I hope that there will be a great deal of co-operation between everyone in the premium-rate industry, Ofcom, Government and ICSTIS to ensure that consumers are not exposed to that unacceptable face of the communications revolution.