2024-08-09

Broadband slamming

With One Touch Switching (OTS) only a month away, it seems a good time to talk about how it changes broadband slamming.

Summary: I believe slamming, and particularly malicious slamming, will be a lot easier.

I believe the details are correct, but will update if necessary.

What is slamming and why does it happen?

Slamming is simply changing provider on a service without the customer's permission. It dates back to US phone systems and long distance carriers being changed to get the new provider the business. For broadband, in the UK, it is changing the communications provider (CP) on a service without permission, and we see it for a few possible reasons:-

  1. Traditional slamming: Basically a CP getting business. Surprisingly we do see this, mainly with door to door salesmen.
  2. Mistake: This is where someone orders a service but gets their address wrong, which is easier than you might realise. We have one example of a customer who has had someone try to migrate his line four times!
  3. IT consultant: Changing a clients broadband to his preferred supplier (maybe to get a kick back).
  4. Accounts department: Thinking it is like gas/electric and just changing to a cheaper supplier without asking IT (not actually slamming but same problems).
  5. Fraud: mainly for telephone to allow calls to be made and received on someone else's number.
  6. Malicious slamming: Changing provider to cause a victim problems. 

Existing safeguards

Slamming to a new technology is not that helpful - it means a new service installed, but they can't cease the old service - so you end up with two services, and can tell the new provider to piss off if it was not you that ordered it.

For the same technology, and in this case I mean a BT circuit, it can be migrated from one CP to another CP. This is where the problems lie, but there are safeguards:

  • 14 day lead time.
  • BT tells existing CP.
  • Existing CP has to tell customer (OFCOM rules).
  • Customer can cancel by telling existing CP (who tells BT).
This works well, and there are even anti slamming services to automatically cancel a migrate (useful for that customer that has had it tried 4 times already!).

New safeguards

One Touch Switching changing things, but is not without safeguards:

  • The old CP has to match, which means address and surname and possibly more details like account number. However, an exact correct address and correct surname are good enough.
  • The old CP tells the customer on match, and when it starts. 

But there are other changes:

  • No 14 day delay, it could be next day even, so customer has to on the ball.
  • Customer can only cancel by talking to new CP. But if not them, the customer will not know account, login, password, email, or even first name used, so may have a challenge getting new CP to even talk to them.
So yes, there are some safeguards, and the most benefit I can see is handling the mistake type slamming, as the surname match should solve wrong addresses in most cases. It is also possible for a customer to tell their CP they have a new surname, which then needs to match, though can mean an engineer asking for Mr Antislamming when there is a fault :-) 

But it is worse!

One Touch Switching only applies to consumer switching. For business, a simple BT circuit migrate happens as before. But that is OK, surely? That is how it has always worked.

Well, no...

  • BT are removing the 14 day lead time, so customer has to be on the ball.
  • There may be little, or no, advance notice any more (not entirely clear).
  • It will no longer be possible for the old CP to cancel the order.
It is not even clear if the old CP will know who the new CP is. If slamming, the customer might not know until they get a letter in the post asking for money.

No, worse than that!

You might be thinking that, at least, consumers are protected by some safeguards (One Touch Switching)?

Well,  no...

BT don't know if the end customer is a consumer, and neither does a new CP. You can order a business service on a circuit, and migrate it next day with no One Touch Switching, even if the victim is a consumer. They will just have broken internet (no idea of new router login). So consumers are not protected at all from malicious slamming - the slammer only needs the address, not even surname, as no match is done on a business order.

No, worse even than that!

Yep, it is worse. If the victim had an old fashioned landline still, broadband migration will kill the phone line. And whilst getting the broadband back may be possible, and maybe even quick, the landline won't come back. The victim has to sort a right to port on the ceased number, finding a suitable provider, and getting suitable VoIP equipment all set up.

Example

DON'T DO THIS, IT IS ILLEGAL IN MANY WAYS!

Imagine you have an annoying neighbour. If you know address and surname you can do a proper One Touch Switching migrate to a new service. It means lying to the new CP, obviously. Yes, if they are quick, they can contact new provider, and maybe get it stopped, but may be tricky if next day switching. This could kill their internet.

But you don't need to do One Touch Switching, just order a business service. Maybe from a business only provider that is not even part of One Touch Switching. You can lie to them, and provide real business details, so passing credit checks and so on, and give phoney bank details for direct debit. But the migrate could be next day, with no notice, and the victim not even knowing who the new CP is. And, as I say, losing a landline number in the process.

Now imagine it is not a neighbour, but a celebrity you don't like, or a politician. All you need is the address!

What about a restaurant that gave you bad service. Slam them, and suddenly no internet; no credit card machine; no online orders; no VoIP phones. Chaos, even if only for a day whilst they get it back.

And not so nice on the victim for costs - the old CP may be chasing early termination charges. Getting service back may also have a cost, and minimum term.

And not so nice on the CPs - who have a customer who (rightly) says it was not their fault, so won't be paying early termination charges, etc, and if the CP argues the customer goes to ADR (Alternate Dispute Resolution) which costs the CP as well.

Once again, DON'T DO THIS! I am not trying to incite anything, just giving some examples of the risks.

at
Labels: , , , ,

15 comments:

  1. InfiniteDissentFriday 9 August 2024 at 11:45:00 BST

    This is actually quite worrying.

    So anyone who has ever sent me a letter (or happens to know my address and surname) can switch my broadband to some crappy bottom-dollar supplier with dreadful customer service, and my only defense is to spend hours on the phone to some overseas call center begging the new supplier not to take my service away. Presumably the new company will want some proof that I'm the legitimate property owner with the authority to cancel the switch, which means I will be forced to provide personal information to a company I never chose to interact with, and do not necessarily trust.

    At which point, I think I'd be looking at legal action against OFCOM for allowing such a broken and customer-unfriendly process.

    ReplyDelete
  2. AnonymousFriday 9 August 2024 at 12:12:00 BST

    Like I said before, this new switching process is completely unnecessary and creates a bunch of new problems that the old process did not have. The entire thing should be scrapped and the switching system kept as it is now.

    ReplyDelete
  3. AnonymousFriday 9 August 2024 at 14:10:00 BST

    So just to be clear, we currently have two business services from A&A which are tagged to prevent slamming. Are you saying this protection will disappear in future ?

    ReplyDelete
  4. AnonymousFriday 9 August 2024 at 14:37:00 BST

    Thanks for an informative article Adrian, but it is spoilt by some obvious typos - a quick proof-read would make the world of difference.

    ReplyDelete
    Replies
    1. AnonymousFriday 9 August 2024 at 14:45:00 BST

      I did, but obviously not well enough. I’ll have another look

      Delete
  5. AnonymousFriday 9 August 2024 at 18:09:00 BST

    Can your contracts be modified to allow consumers and businesses to opt out of this OFCOM nonsense? In the same way employers can invite staff to opt out of the Working Time Directive. Or some process for your customers to serve some sort of formal letter on you saying they will never switch away unless they login to the control panels and press a particular button. Do you still have your retained lawyer who could look at building a watertight process here?

    ReplyDelete
  6. AnonymousFriday 9 August 2024 at 18:12:00 BST

    In one sense it’s a shame FTTC moved away from having to use an Openreach modem because one check point when placing a migration could have have been please enter the MAC that’s printed on the front of you modem and then cross check.

    Obviously suitable for FTTP as long as the MAC ID doesn’t show up on any availability checkers

    ReplyDelete
  7. Leading GeekTuesday 13 August 2024 at 10:57:00 BST

    This is a real mess. So where do I change my surname to something more creative to avoid getting slammed?

    ReplyDelete
    Replies
    1. AnonymousTuesday 13 August 2024 at 11:18:00 BST

      Line details on control pages, but that is not guaranteed to stop slamming. It may help if OTS used.

      Delete
    2. AnonymousTuesday 13 August 2024 at 13:50:00 BST

      In theory AA could scramble all the subscriber names with something random that only the subscriber knows.. If you had to request a line transfer under the name DF£$%£%G! then it'd be a lot harder for a malicious actor.

      I suspect Ofcom would object though.

      Delete
    3. AnonymousTuesday 13 August 2024 at 13:52:00 BST

      That only helps if OTS is used, but we do allow customers to set surname - on the argument that GDPR compels us to update personal details, and that a person can have any name they choose. On that basis I am not sure OFCOM can complain. Random scrambling would be harder to justify, and we don't want to make it hard for someone that does want to switch, obviously.

      Delete
    4. ChrisWednesday 28 August 2024 at 01:47:00 BST

      I might change to my middle name as most entities only know my first name and surname.

      Delete
  8. ChrisWednesday 28 August 2024 at 01:44:00 BST

    Wow what a mess, how can they get something tht should be simple so wrong.

    What they probably should have done is reduced the delay to something like 2-3 days, 14 was way too long.
    Add a mechanism for old CP to block transfers, a bit like how on domain names you can block the transfer via a lock. This mechanism would be configurable online e.g. the AAISP control panel.
    Of course keep it so old CP notifies the customer.

    ReplyDelete

Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

Subscribe to: Post Comments (Atom)

Another pub

If you have followed me on mastodon you will know what is happening. Some of you may know I purchased a former pub for my home in Wales near...

  • It's official, ADSL works over wet string
    Broadband services are a wonderful innovation of our time, using multiple frequency  bands  (hence the name) to carry signals over wires (us...
  • Air conditioning at home (planning permission!)
    For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
  • EICAR test QR
    It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...