After I was defrauded through a commercial unsolicited electronic communication (UEC) and National Communication Authority (NCA) failed to bring the culprits to book, I have come to the conclusion that NCA is not interested in checking telcos and their partner content providers (CPs) who flout the Code of Conduct for Unsolicited Electronic Communication and profit from it.
NCA has a beautiful, well structured Code of Conduct for Unsolicited Electronic Communication. But the code is only as good as sitting on the NCA’s website for interested persons to just read and know it exists. But the NCA has no interest in enforcing the punitive measures in the law against recalcitrant telcos, their third-part content providers (CPs) and even individuals and organizations who send us UECs without our consent.
This comatose posture of the NCA regarding the blatant violation of their UEC Code of Conduct, has emboldened telcos and their CPs to use all kinds of clandestine tactics to get people to activate such premium short codes and get charged for services they might not even know about. If you are lucky and you figure it out, the telcos and CPs play a blame game, pointing accusing fingers at each other, and sometimes even at the NCA. Then the next thing they do is to tell you the victim to send ‘STOP’ to deactivate the service. And if you squeak hard enough, they will reluctantly refund the moneys they have taken already, and it ends there.
The question is, how many consumers are they stealing from without those customers even realizing it? How many people are vigilant enough to know they are being defrauded in this manner? And if the telcos and CPs know they can easily get away with just deactivation and refund of a few cedis, how would they be deterred from that daylight fraud? Obviously, the NCA, which is known for fining telcos heavily for any and everything when it suits them, have no interest in cracking the whip on telcos when they steal from us the consumers, in this manner.
Now here are my experiential reasons why I have come to these conclusions about the NCA regarding unsolicited electronic communication.
My MTN TurboNet
Sometime in November last year, I discovered three deductions of GHC1 each from my MTN TurboNet. So, I quickly made a report to MTN (which is the right thing to do) and I was told the deductions were for some Weather Report Service on short code 544, which is activated on my TurboNet SIM. My TurboNet SIM is a data SIM, which I have never taken out of the TurboNet and I have never used for any activity, so there was no way I could have even mistakenly activated any premium short code service on it myself. I demanded to know how the service got activated on my TurboNet number and who did it, but what I got was a refund of the GHC3 deducted, with a promise to look into it and give me feedback later. This was December, 2020 – we are now in May, 2021 and I am still waiting for the feedback.
With a heightened curiosity to know exactly what happened, I did further investigations and found out that short code 544 is owned by a CP called Ignitia, for whom NCA licensed that short code directly. The MTN person actually shifted blame on NCA by saying “I think you should direct your complaint to NCA because they licensed the short code directly for the CP.”
At this point, I knew I was eventually going to go to the NCA, but I needed to first find out who were behind that third party CP, so that my report to the NCA would be complete. I managed to get the contact of one Diogo, who is supposed to be the lead at Ignitia in Ghana (I found some South African connections around Ignitia) and I contacted him via WhatsApp.
His responses were very revealing. Here are his exact words:
“The billing platform and subscription platform are managed by the mobile operators. The reason why that happened is because in the past CPs had full control but not anymore…to avoid the claim that CPs do these scams.”
In short, he admitted that what happened to me was a SCAM. He also stated clearly that Ignitia as a CP, has no access to even activate any short code service on any telco network, neither do they do billing. Ignitia only got notification from MTN that my TurboNet number had requested for a commercial service on 544, so they should provide the service to it. Once they provide the service, MTN bills me for it and pays Ignitia their cut. So, the only entities that could have activated the short code on my TurboNet number were either MTN or me. On my part, I knew my TurboNet number has been inside the TurboNet since I bought it; so, the only entity left in this equation was MTN.
So, here we are, MTN is telling me Ignitia operates the short code directly licensed to them by NCA, and so they (ignitia) would be the ones who may have activated the short code without my consent. Now here is Diogo from Ignitia also saying subscription and billing are entirely within the purview of the telco (MTN) and the SIM owner (me), so they (Ignitia) could not have, under any circumstances, activated any short code for me, as MTN sought to say.
And what Ignitia said has regulatory basis. Here is the entire Section 31 of the Unsolicited Electronic Communication Code of Conduct, which places the all liabilities in such circumstance squarely at the doorstep of the telcos, irrespective of the fact that the short codes themselves were licensed to CPs.
Section 31. Liability of Network Operators (NOs) and Agents in Outsourcing Arrangements
31.1 Licensees who outsource all or part of the sending of Commercial Electronic Communications to a third party, ranging from a simple outsourcing of the actual sending work to the complete outsourcing of the process (e.g. from the identification of potential recipients through the management of address lists to the actual sending of the messages and the operation of unsubscribe facilities) without the consent of the subscribers contravenes section 50 of Act 772 and Reg. 32 (1), L.I. 1991.
31.2 Licensees shall bear in mind that any act done or conduct engaged in by an agent or the outsourced service provider will be treated as done or engaged in by the principal (i.e. the network operator).
31.3 Licensee shall take all practicable steps under the outsourcing arrangement to prevent their outsourced service providers from breaching this Code of Conduct.
The code is very clear on where ultimate responsibility lies, and that was why the telcos themselves stopped CPs from managing subscriptions since the implementation of this code; and yet, till date, telco customer service staff keep pointing subtle accusing fingers at CPs and even the NCA when these things happen.
But Diogo also did explain that it was possible that someone using a device connected to my TurboNet, activated the service via an weblink on their phone, and instead of MTN extracting that person’s phone number, they picked my TurboNet number instead and that was how come they started billing me. I got to know from him that the service was activated on my TurboNet in August 2020.
To me, that only meant that whatever set up runs that process at MTN, is a dumb set up. How could one phone number activate a service, if indeed that was what happened, but you pick another number because that was convenient for you? So, does it mean if ten devices connect to my TurboNet and all of them activate the same short code, MTN will pick my TurboNet number 10 times and bill me accordingly – or in that case they will conveniently identify each of those numbers that activated the service and bill those numbers?
Let’s get serious. MTN did not start today. This kind things should not be happening.
Complaint to NCA
Armed with this information, I waited a while for the MTN feedback, but as was to be expected, once they have given me a refund, they never bothered to give me any feedback, so I made a formal complaint to NCA on January 9, 2021, spelling out all the details of the matter, including what I got from Ignitia. NCA replied and said they will reach out to the service provider and get back to me. But we are in May now and no feedback from NCA either. I have sent about three reminders to NCA on the matter but still no response.
I am under the impression that NCA contacted the service provider and they were told that I had received a refund so it ends there. I am sure they were also told that I activated the service via some weblink in August, so there is no cause for alarm. But the Section 6.1.3 of the NCA’s Code of Conduct on Unsolicited Electronic Communication says “The process of obtaining consent shall be clear and transparent to the subscriber.” So, if the telco chooses to hide the short code in a weblink, how should the NCA accept that as a transparent way of seeking consent? Secondly, Ignitia stated clearly that another number connected to my TurboNet subscribed to the service via a weblink, so, how does the NCA justify the billing of my TurboNet as lawful?
Again, I did mention in my complaint that I received a refund, but what does the regulation say about such fraudulent activities – just a refund of a few cedis and the operator gets away with murder? How many more customers are they stealing from in that manner without the customers realizing it? Even my 82-year-old dad who has no clue what these commercial short code services are about, has been a victim several times and it always had to take my intervention for them to stop stealing from him. When is NCA going to issue a deterring measure to make telcos and CPs think twice before using clandestine means to activate premium short codes and steal from unsuspecting customers?
Well, NCA itself stated that sanctions for UEC violations are can be found in the Electronic Transactions Act, Act 722. Section 50 (1 to 4) of that Act sufficiently spells out what the possible sanctions for such violations are, and we expect the NCA to enforce the law, at least for once, so that telcos, CPs, political parties, businesses and individuals who make a habit of sending UEC and siphoning money from customers in some cases, would stop violating our rights for good. Per the law, the sanctions could go up to five thousand penalty units fine or a jail term not exceeding 10 years, or both. One penalty unit is GHC12, so 5,000 penalty units is GHC60,000. That is still too small, but at least it is better than refunding just a few cedis to the victim. If NCA gets serious and catches the violators on even ten cases, that is GHC600,000. When it hurts hard enough, they will change their ways.
Hidden short codes
Speaking of clandestine means of activating premium short codes for customers, I only recently discovered that telcos and CPs INTENTIONALLY hide short activation keys in weblinks, crawlers and allegedly in internet Cookies, and when you go online and click on those links, thinking you are doing so for a completely different purpose, you end up activating short codes on your phone and they start sending you unsolicited communication at a fee. How does that pass the transparency text in the Code of Conduct?
As I speak now, I am on two of such paid services on MTN – Selfie Star and Navara. I have no clue how I got on those services. All I know is I got a message one time that I am on Navara and I am being charged 45Gp per week for it. And a similar message came for Selfie Star as well, telling me my subscription has been renewed. Meanwhile, I did not even subscribe in the first place. I have written to MTN customer service to ask about what those services are and who are behind them. Till date, I don’t have any feedback. What I personally found out was that Navara is actually an Indian-based gaming platform registered on MTNPlay. So, it is MTN which is managing the subscriptions and billings like Diogo from Ignitia explained. But when I called MTN again, recently, a lady gave me the usual cliché or template response – MTN is not responsible for it, but you can just send STOP to that short code and the service will be deactivated. She did not say anything about refund or anything of a sort.
This is where I have issues with NCA. If NCA was cracking the whip hard enough on unsolicited electronic communication, like it does on quality of service and fines telcos heavily, telcos and CPs would be deterred from engaging in this deliberate hiding of short codes in internet links, crawlers and possibly Cookies just to steal from unsuspecting customers – they would know that the day they are caught, it will cost them more than just refunding a few cedis.
NCA, we know what you can do. Please, do more of that when it comes to consumer interest. Don’t only play macho when there is money to be collected from telcos for your use, as we continue to suffer these fraudulent practices. Your own code of conducts places a duty on telcos to PROTECT subscribers from abuse through clandestine onboarding practices. But what the telcos rather do is to subtly shift blame on the CP and on the NCA with the claim that the NCA licensed short codes directly to CPs.
While I am at this, let me also point out that Vodafone is also very notorious for either using short codes or sometimes even regular phone numbers to make machine calls to customers, or they allow some CPs on their network to do that to us.
I used to be on Vodafone sometime ago and I ported my number because of this problem, plus other reasons. Recently, I returned to Vodafone and this problem is still on the network. In fact, this time it is even worse.
The first time I experienced it years ago, I was on a trip to South Africa when I saw a call from a regular Vodafone Ghana number. I picked the call, only to hear some machine talking to me and promoting some irrelevant Vodafone Ghana service to me in South Africa. I was charged for picking that call because of international roaming rules, but it was of no benefit to me.
Fast forward, I recently ported my Vodafone number back to the network and I have already received at least four of those nuisance machine calls – one from a regular phone number, 0508544958 and the others from a three different short codes, 250, 585 and 1303.
I first reported the matter to a human being at Vodafone but till date I don’t have any tangible feedback. At some point I called their customer service, 100, thinking I will get to speak with a human being, only to be directed to their customer service bot called ToBi. To cut a long story short, ToBi was not smart enough to figure out what my problem was, even though I stated them clearly. All ToBi could do was to identify my communication as a “Complaint” and suggest some template remedies that did not address my concerns in anyway whatsoever.
I would have thought that the way to make ToBi smart and friendly was to empower it with a feature that enables it to transfer issues it cannot solve for human intervention. But it appears Vodafone is so confident ToBi has absolute powers to deal with all issues end-to-end. But that is not the case at all.
I guess by this submission, I am suggesting to Vodafone to fix ToBi to serve us better. If you really want to be a digital operator, as you seem to want us to believe, make digital interventions like ToBi a little smarter to know what they can solve and what they cannot. Stop priding yourself in creating a bot that do not meet all of customers’ aspirations.
But the nuisance calls we get from 250, 585, 1303 and worse of all 0508544958 is something NCA would have to deal with.