Let me tell you a joke…
Customer: Walks in to a phone shop – “My phone was stolen, can you help?”
Phone shop: “Great, let me pull up your upgrade options, and by the way, you owe us £150!”
True story! If you are reading this, your phone was probably stolen and money was taken from your account without your consent. We feel you, we are in the same position and have spent hours trying to get back the money stolen from our phone bill.
In this blog post, we’ve collected all the relevant information that we’ve found, that may help you get your money back.
TIMELINE
2024-10-26 The phone was stolen at the Admiral Duncan SOHO
2024-10-27 Theft Reported to Three, new sim in store, store advised of charges on account.
2024-10-27 Unable to report charges to google as Correlation IDs are not available from Three.
2024-12-01 Second lot of charges with no verification but order confirmations received by sms
Again unable to report to Google as no correlation ID’s are provided by Three.
UPDATE 2024-12-13
Our progress so far is £34.94 credited back to the account after about £300 stolen from a Three UK phone number across two billing periods since 26th October 2024.
UPDATE 2024-12-17
This is an example of Three support lying to the customer. After extensive chasing they managed to locate the correlation id’s:
UPDATE 2024-12-30
After submitting the correlation IDs to google they responded that the transactions are legitimate even though its pretty obvious that they are not.
The underlying cause for phone theft in the UK
There is a gap in regulation and enforcement of phone payments billed to the mobile phone number in the UK.
The thieves are able to launder the stolen money via in-app purchases. The money is paid into an app store with in-app purchases and the app users are able to withdraw the money in a way that looks like a legitimate income from the app marketplace.
The ease with which they are able to extract hundreds of pounds of laundered cash from the stolen phone numbers increases the criminal’s returns and greatly exceeds the re-sell value of the stolen device. We believe this is one of the primary drivers behind the increase of phone thefts in the UK.
The problems:
- Phone thieves can make unauthorized payments using just a stolen SIM card. Even after replacing the SIM card.
- No additional verification is required for these payments.
- The phone number is verified with a code to the SIM card when the number is attached to the app marketplace. Individual transactions are not verified at all. This offers no protection to the victims of phone theft.
- Charges can continue even after the theft is reported as the thieves only need to receive a single sms to start charging the account.
- Up to £240/month can be charged as “credit” regardless of account spend cap or pre-paid balance. (this is against existing regulations)
- Mobile carriers and app stores are not taking responsibility for fraudulent charges.
- Mobile carriers refuse to provide transaction numbers. (this too is against existing regulations)
- There’s no clear process for victims to recover funds.
- The apps used by the thieves to launder the money – Google Coins TikTok and SoulChill-Voice Chat
- Payment methods: ThreePay via Google Play Mobile Operator Billing
How to report phone theft and lock down your account with your phone provider.
- Report theft to the phone company
- Request a replacement sim
- Ask the phone company to limit the spend cap (phone usage) to £0, this should limit phone call overspend with the company
- Ask the phone company to limit the account credit limit / three pay / third party spend / phone-paid / paid by mobile credit to £0, this should stop any other charges from app stores on your bill.
Cancelling the phone payment with the bank can lead to credit score and debt problems, be very careful.
Switching provider or cancelling the number can make it more difficult to contact your phone company about the affected account.
Report fraudulent transactions to the app marketplace
https://payments.google.com/payments/unauthorizedtransactions | [email protected] | |
Apple | https://reportaproblem.apple.com |
How to get the correlation ID?
Depending on the phone company, there may be several intermediaries that may be involved and its worth checking your number against them first:
Boku | https://customer.boku.com/login | |
Fonix Mobile | https://care.fonix.com/ | |
Phone-paid service authority (Contact Ofcom after 1 Feb 2024) | https://psauthority.org.uk/ |
If you could not get the correlation ID from the above, contact your phone provider’s support.
If the prone provider fails to give you the transaction numbers for the fraudulent payments, ask them to provide details of the intermediary payment processor company.
Make sure to escalate the issue to the fraud and billing teams and file a complaint.
Increase awareness and safeguard yourself by posting your progress to social media tagging the companies and the regulators on the social media platform of your choice. (Most companies have representatives on x.com)
If you got the correlation IDs, well done, use these to report the transactions to the app marketplaces.
List of regulators
Please write a complaint explaining your issue and email to each of these:
Phone-paid service authority UK regulator for content, goods and services charged to a phone bill. | https://psauthority.org.uk/ | [email protected] |
Ofcom The regulator for the communications services | https://www.ofcom.org.uk/ | [email protected] |
CMA Competition & Markets Authority | https://www.gov.uk/government/organisations/competition-and-markets-authority | [email protected] |
FCA The Financial Conduct Authority | https://www.fca.org.uk/ | [email protected] |
NCA National Crime Agency | https://www.nationalcrimeagency.gov.uk/ | [email protected] |
FOS Financial Ombudsman Service | https://www.financial-ombudsman.org.uk/ | [email protected] |
Regulations:
FCA Handbook states that premium services can be charged against prepaid balance, Q41A para 3:
https://www.handbook.fca.org.uk/handbook/PERG/15/5.html
FCA Exclusion relied upon does not include tips, digital tokens, digital currency in the wording:
Electronic Communication Exclusion | (i) for purchase of digital content and voice-based services charged to the related bill |
https://www.fca.org.uk/firms/electronic-communications-exclusion
OFCOM General Conditions state that bills should provide reasonable and accurate information.
It is reasonable to be able to request payment transaction numbers and to see the credit limit on the bill.
https://www.ofcom.org.uk/phones-and-broadband/coverage-and-speeds/gen-conditions/
Scope and other people in the same situation:
https://support.google.com/googleplay/thread/292135065/unrecongised-purchase?hl=en
https://community.three.co.uk/t5/Account-and-services/Stolen-Phone-Google-Play-Tiktok-Coin-Charges/m-p/29706
https://support.google.com/googleplay/thread/279581785/unauthorised-payments-taken?hl=en
https://community.three.co.uk/t5/Account-and-services/Google-play-charges-after-phone-stolen/m-p/41168/highlight/true
https://community.three.co.uk/t5/Account-and-services/Google-play-charges-after-phone-stolen/m-p/32873
https://community.o2.co.uk/t5/Tech-Support/Google-Play-Correlation-ID/td-p/1567842
https://community.ee.co.uk/t5/Contracts-Billing/Fraudulent-Google-Play-Transactions/td-p/1131743/page/2
https://community.three.co.uk/t5/Account-and-services/Google-play-charges-after-phone-stolen/m-p/31150
https://forum.vodafone.co.uk/t5/Pay-monthly/Google-Play-Correlation-ID/m-p/2705308
https://community.o2.co.uk/t5/Pay-Monthly/Fraudulent-Google-Play-Charges-to-Bill-Correlation-ID/td-p/1595728
https://community.o2.co.uk/t5/Discussions-Feedback/Google-play-fraud/td-p/1748855
https://community.o2.co.uk/t5/Android/Unknown-Google-Play-Charges/td-p/1410582
https://community.three.co.uk/t5/Network/Tiktok-scam/td-p/18787