Defend yourself from unsolicited mobile subscriptions charges with SMS (text) barring

If you talk with the call center of any Italian mobile carrier to have explanations they will tell you that it’s your fault, that you didn’t paid attention while browsing and you definitely tapped recklessly on some clearly visible banner.

It’s false.

It’s been some years, in my case from 2014 with H3G better known as Three Italy, that the illegal practice of the Italian mobile carriers to charge phone credit for unsolicited silly weekly subscriptions has become quite aggressive. We’re talking about the notorious mobile services like games, music and adult content, which no sane person in the age of Steam, Spotify and PornHub would be willing to sign with them.

Timed redirects

Some time ago paying attention to the content on the screen of your smartphone was really sufficient to avoid any nasty surprises, but now it happens more and more often that by just sitting on a web page, shortly after you will be sitting on a different page or find a background tab opened to a link that you didn’t request, and this happens only when pages are viewed with a mobile carrier connection.

Basically an automatic redirect takes place with a timeout of few minutes, this way the user does visits the page with the contents he’s interested in, and then find himself shortly after on a different page, without having touched anything, that warns about the service charge and activation.

The mobile carriers, perfectly complicit with this illegal practice, will immediately charge the costs of these services that were never intentionally requested, mostly subscriptions with automatic weekly renewal, preventing the unfortunate navigator any possibility of control over what is happening to the credit of his phone card , with the added burden of having to hurry and request deactivation to avoid incurring in additional charges.

This automated mechanism gives operators the alibi to justify the charge, so that the intended page has been visited, and the charge is held up as your carelessness for which the carrier won’t make any reimbursement, claiming they respected your explicit consent.

Brushing  vs tapping, definition of “tap”

In other cases, they make use of a technical subtlety linked to the different states of touch events. To be able to claim that you really wanted to select a specific element of the interface, in an equivalent manner of a mouse click, for a proper “tap” on the touchscreen the following three conditions must be true :

  1. the touchstart event fires on the intended element
  2. there mustn’t be any touchmove or touchcancel
  3. the touchend event must occur on the same element where first event started

Well in most circumstances the banners that activate redirects to charge these services react immediately to the first event alone, mostly when the user thinks he’s simply scrolling the page contents, thinking that as long as he doesn’t raise his finger before moving everything is fine, but he’s wrong.

The bummer

With this modus operandi, in just the three months between July and September 2014, I found myself billed for four (4) weekly subscriptions costing 5€ each, all canceled within the next 20 minutes.
Cost of the joke: 20€ and a lot of anger.

Following the barrage of charges I wrote a letter of formal notice, demanding reimbursement of the amount they illegitimately charged, using the form published by the Italian consumers union AltroConsumo which I sent off the 8th September 2014.

diffida H3G
Form by consumers union AltroConsumo to ask reimbursement of services charged without consent, they will deny it anyway

A week goes by before I receive a call from an H3G accountant claiming that they cannot provide any refund because “it’s not within our procedures”, it seems that their internal regulations are efficient only when it comes to cheat on the customers, and that they are even above the law because the resolution 664/06 / CONS to. a) and art.66 quinques Leg. 206/05 states that:

“The consumer shall be exempted from the obligation to provide any compensation in cases of unsolicited supply of goods, water, gas, electricity, district heating or digital content or unsolicited provision of services, prohibited by Article 20, paragraph 5, and from ‘Article 26, paragraph 1, letter f) of this Code. In such cases, the absence of a response from the consumer following such an unsolicited supply shall not constitute consent”

I can’t do much but accept the answer I was given, nine moths passed without surprises till I receive yet another notification of charged service, costs rise to 25€ :

Hand Games, h3g three Italy unrequested subscription, 03/06/2015
Hand Games, h3g three Italy unrequested subscription, 03/06/2015

Request the barring of chargeable texts

Having realized that the formal letter had absolutely no effect I turn again to google and find out that a class action is being made against all the carriers, all culprit in various ways of using these practices:

http://www.altroconsumo.it/organizzazione/media-e-press/comunicati/2015/servizi-non-richiesti-vodafone-wind-h3g-telecom

Currently it is unclear how and whether it is possible at all to reclaim back the amounts charged, as I already tried but failed, still it is clear that if the amount is not much big the game’s not worth the candle, a details that the carriers have been clever about having “played “with small amounts but on a big crowd.

However the only way to ensure that these charges stops occurring is having the holder of the card to call the call center  of the carrier asking literally the activation of the SMS (text) barring to lock any paid service, the numbers of major carriers are:

  • TIM : 119
  • Vodafone : 190
  • Wind : 155
  • H3G : 133

As for H3G the process is particularly difficult and slow, it will require at least 1 hour on the phone with the operator that will ask several times, with an almost mobster tone, to identify yourself asking all sorts of personal information as possible to ensure that you are indeed the holder of the number, trying to make you give up the barring request, finally concluding with an audio recording of the verbal will to proceed.
All of this just to not be charged money, not to activate a service that has a cost to the holder of the card, ironic huh?

At the end of the long and unpleasant phone call you will be rewarded with the following text confirmation:

Barring SMS H3G Three Italy, block of premium services and paid text
Barring SMS H3G Three Italy, block of premium services and paid text

On the opposite, the same operation won’t require more than 5 minutes with the carrier TIM, without having to autenticate 10 times over the phone like you’re entering some super high security facility.

Barring SMS TIM, block of premium services and paid text
Barring SMS TIM, block of premium services and paid text

The only possible “side effect” to keep in mind is that also text messages coming from banks will be blocked if they require phone card charging, you can easily address the problem with a dedicated old style phone type incapable of web browsing with a dedicated SIM, spending less than what the carrier would charge for those subscriptions in the long run anyway.

Free at last

The block of premium services does not mean that the carrier will stop trying to charge the damn subscriptions, but that every time they attempt it instead of the charge confirmation page you’ll be presented with a page notifying the failed attempt, asking you to call your carrier in order to lift the block (as if).
Up to now I have counted 6 failed attempts, for a total of 30€ saved:

Attempts that occurred visiting newspaper pages from Facebook apps, navigating technology forums from chrome and so on.

Code Injection in the page

The precise moment in which the injection of the JavaScript code responsible for this mechanism is handled is a bit unclear, the first idea that came to my mind is that it could be the website backend, when it receives the information related to the user’s connection method, that creates the page source with the code already embedded before serving it to the device.

injectionA
first hypothesis, the individual sites have agreements with service providers

However having found this mechanism on many foreign sites as well, who are unlikely to have entered into specific agreements with the Italian carriers, it is more plausible to think that it’s the carrier himself that, more or less randomly, injects this malicious code in the pages that are being requested via their connection, serving a “modified page” to their unsuspecting victims.

injectionB
second hypothesis, the mobile operators intervene on the source code of the pages before serving to brower altering the content to serve the malicious code

However, regardless of whether you have a SIM card that you use regularly to surf the web via the mobile or you just bought one, if you have an Italian SIM card the first thing you want to do is call the carrier’s call center and request the SMS barring, now.

  •  
  •  
  •  
  •  
  •  

https://sresc.io/sVf

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.