wordpress blog stats
Connect with us

Hi, what are you looking for?

, , , ,

The TRAI needs to revisit VAS fraud regulations

It was fairly common a few years ago for citizens to get billed for services without consent: I remember waking up one morning to see a notification of having been charged Rs 99 for apparently downloading an animation at 3am, while asleep. On another occasion, an extra connection, which wasn’t checked very often, was been charged Rs 30 per month for job alerts. While India had become the poster-child for the success of “Ringback Tones”, the inside story was that most of those users didn’t know why they had been subscribed to it, and why money was also being deducted from it. The reason for this problem: the money was being deducted, on most occasions, from peoples prepaid balance, a wallet which already had money deposited it it after the user recharged her phone. From what we hear, subscription was either without consent, or on the basis of manufactured consent (logs being changed; they’re editable). The situation reached bizarre levels where consumers were being charged even when they had no balance left: it was called negative billing. The scam, so-to-speak, was run in two ways: firstly, via an out-bound-dialer, where people would receive phone calls, and would get subscribed to services. Secondly, via online advertising, where services would be activated merely upon clicking on an advertisement, where click to buy ads were being run.

It doesn’t matter where the blame lies: with the telecom operators, the mobile VAS companies, or both. The fact remains that both benefited from this, and consumers were cheated. When the TRAI finally took note of this, telecom operators tried cleaning up the system: at that time, Tata Docomo ran a project for “Clean VAS“, listing complainants who couldn’t be subscribed to these services. Bharti Airtel issued new guidelines, disallowing negative billing.

The TRAI came up with specific notifications to prevent some of them fraud, given the volume of complaints:


Telecom operators were asked to provide a system which takes a second consent from the customer before it is enabled, and added a consent mechanism for verification, which didn’t allow the VAS company from activating the service on its own. Provisions were also put into place for providing adequate information to consumers about activation and deactivation. We’re not sure of this (and if you know, please leave a comment), the consent mechanism hasn’t been weakened yet. There were telecom operators asking for the removal of the second factor of authentication because it would impact revenues.

It appears that the VAS scam still hasn’t stopped: while it is impossible for us to verify any of these complaints, in the morning today, I was informed about continuing instances of this issue: this, this, thisthis and this.

Advertisement. Scroll to continue reading.


While there is no means of verifying this, it is important for not just the TRAI to act upon it, but also to punish telecom operators that either cheat customers in this manner, or allow their vendor mobile VAS companies to cheat customers. It needs to publish fresh data on VAS related complaints, and audit logs related to these complaints. This is nothing short of theft, and while no one was punished for it then, it shouldn’t be allowed now. We’re not sure of what else the TRAI can do to prevent the theft, since the consent mechanisms seemed to be appropriate. Perhaps it should ensure that VAS companies get an OSP license, allow only OSP providers to provide VAS, and cancel licenses in case of fraud.

We’re filing an RTI next week for updated data on VAS activations and complaints.


Advertisement. Scroll to continue reading.
Written By

Founder @ MediaNama. TED Fellow. Asia21 Fellow @ Asia Society. Co-founder SaveTheInternet.in and Internet Freedom Foundation. Advisory board @ CyberBRICS

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...


By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ