Summary: I believe slamming, and particularly malicious slamming, will be a lot easier.
I believe the details are correct, but will update if necessary.
What is slamming and why does it happen?
Slamming is simply changing provider on a service without the customer's permission. It dates back to US phone systems and long distance carriers being changed to get the new provider the business. For broadband, in the UK, it is changing the communications provider (CP) on a service without permission, and we see it for a few possible reasons:-
- Traditional slamming: Basically a CP getting business. Surprisingly we do see this, mainly with door to door salesmen.
- Mistake: This is where someone orders a service but gets their address wrong, which is easier than you might realise. We have one example of a customer who has had someone try to migrate his line four times!
- IT consultant: Changing a clients broadband to his preferred supplier (maybe to get a kick back).
- Accounts department: Thinking it is like gas/electric and just changing to a cheaper supplier without asking IT (not actually slamming but same problems).
- Fraud: mainly for telephone to allow calls to be made and received on someone else's number.
- Malicious slamming: Changing provider to cause a victim problems.
Existing safeguards
Slamming to a new technology is not that helpful - it means a new service installed, but they can't cease the old service - so you end up with two services, and can tell the new provider to piss off if it was not you that ordered it.
For the same technology, and in this case I mean a BT circuit, it can be migrated from one CP to another CP. This is where the problems lie, but there are safeguards:
- 14 day lead time.
- BT tells existing CP.
- Existing CP has to tell customer (OFCOM rules).
- Customer can cancel by telling existing CP (who tells BT).
New safeguards
One Touch Switching changing things, but is not without safeguards:
- The old CP has to match, which means address and surname and possibly more details like account number. However, an exact correct address and correct surname are good enough.
- The old CP tells the customer on match, and when it starts.
But there are other changes:
- No 14 day delay, it could be next day even, so customer has to on the ball.
- Customer can only cancel by talking to new CP. But if not them, the customer will not know account, login, password, email, or even first name used, so may have a challenge getting new CP to even talk to them.
But it is worse!
One Touch Switching only applies to consumer switching. For business, a simple BT circuit migrate happens as before. But that is OK, surely? That is how it has always worked.
Well, no...
- BT are removing the 14 day lead time, so customer has to be on the ball.
- There may be little, or no, advance notice any more (not entirely clear).
- It will no longer be possible for the old CP to cancel the order.
No, worse than that!
You might be thinking that, at least, consumers are protected by some safeguards (One Touch Switching)?
Well, no...
BT don't know if the end customer is a consumer, and neither does a new CP. You can order a business service on a circuit, and migrate it next day with no One Touch Switching, even if the victim is a consumer. They will just have broken internet (no idea of new router login). So consumers are not protected at all from malicious slamming - the slammer only needs the address, not even surname, as no match is done on a business order.
No, worse even than that!
Yep, it is worse. If the victim had an old fashioned landline still, broadband migration will kill the phone line. And whilst getting the broadband back may be possible, and maybe even quick, the landline won't come back. The victim has to sort a right to port on the ceased number, finding a suitable provider, and getting suitable VoIP equipment all set up.
Example
DON'T DO THIS, IT IS ILLEGAL IN MANY WAYS!
Imagine you have an annoying neighbour. If you know address and surname you can do a proper One Touch Switching migrate to a new service. It means lying to the new CP, obviously. Yes, if they are quick, they can contact new provider, and maybe get it stopped, but may be tricky if next day switching. This could kill their internet.
But you don't need to do One Touch Switching, just order a business service. Maybe from a business only provider that is not even part of One Touch Switching. You can lie to them, and provide real business details, so passing credit checks and so on, and give phoney bank details for direct debit. But the migrate could be next day, with no notice, and the victim not even knowing who the new CP is. And, as I say, losing a landline number in the process.
Now imagine it is not a neighbour, but a celebrity you don't like, or a politician. All you need is the address!
What about a restaurant that gave you bad service. Slam them, and suddenly no internet; no credit card machine; no online orders; no VoIP phones. Chaos, even if only for a day whilst they get it back.
And not so nice on the victim for costs - the old CP may be chasing early termination charges. Getting service back may also have a cost, and minimum term.
And not so nice on the CPs - who have a customer who (rightly) says it was not their fault, so won't be paying early termination charges, etc, and if the CP argues the customer goes to ADR (Alternate Dispute Resolution) which costs the CP as well.
Once again, DON'T DO THIS! I am not trying to incite anything, just giving some examples of the risks.
This is actually quite worrying.
ReplyDeleteSo anyone who has ever sent me a letter (or happens to know my address and surname) can switch my broadband to some crappy bottom-dollar supplier with dreadful customer service, and my only defense is to spend hours on the phone to some overseas call center begging the new supplier not to take my service away. Presumably the new company will want some proof that I'm the legitimate property owner with the authority to cancel the switch, which means I will be forced to provide personal information to a company I never chose to interact with, and do not necessarily trust.
At which point, I think I'd be looking at legal action against OFCOM for allowing such a broken and customer-unfriendly process.
Like I said before, this new switching process is completely unnecessary and creates a bunch of new problems that the old process did not have. The entire thing should be scrapped and the switching system kept as it is now.
ReplyDeleteSo just to be clear, we currently have two business services from A&A which are tagged to prevent slamming. Are you saying this protection will disappear in future ?
ReplyDeleteYes, sadly. Blame ofcom.
DeleteThanks for an informative article Adrian, but it is spoilt by some obvious typos - a quick proof-read would make the world of difference.
ReplyDeleteI did, but obviously not well enough. I’ll have another look
DeleteCan your contracts be modified to allow consumers and businesses to opt out of this OFCOM nonsense? In the same way employers can invite staff to opt out of the Working Time Directive. Or some process for your customers to serve some sort of formal letter on you saying they will never switch away unless they login to the control panels and press a particular button. Do you still have your retained lawyer who could look at building a watertight process here?
ReplyDeleteSadly, no
DeleteIn one sense it’s a shame FTTC moved away from having to use an Openreach modem because one check point when placing a migration could have have been please enter the MAC that’s printed on the front of you modem and then cross check.
ReplyDeleteObviously suitable for FTTP as long as the MAC ID doesn’t show up on any availability checkers
This is a real mess. So where do I change my surname to something more creative to avoid getting slammed?
ReplyDeleteLine details on control pages, but that is not guaranteed to stop slamming. It may help if OTS used.
DeleteIn theory AA could scramble all the subscriber names with something random that only the subscriber knows.. If you had to request a line transfer under the name DF£$%£%G! then it'd be a lot harder for a malicious actor.
DeleteI suspect Ofcom would object though.
That only helps if OTS is used, but we do allow customers to set surname - on the argument that GDPR compels us to update personal details, and that a person can have any name they choose. On that basis I am not sure OFCOM can complain. Random scrambling would be harder to justify, and we don't want to make it hard for someone that does want to switch, obviously.
DeleteI might change to my middle name as most entities only know my first name and surname.
DeleteWow what a mess, how can they get something tht should be simple so wrong.
ReplyDeleteWhat they probably should have done is reduced the delay to something like 2-3 days, 14 was way too long.
Add a mechanism for old CP to block transfers, a bit like how on domain names you can block the transfer via a lock. This mechanism would be configurable online e.g. the AAISP control panel.
Of course keep it so old CP notifies the customer.