Wikipedia:Reference desk/Archives/Computing/2018 November 9

= November 9 =

Can people rob a mobile phone having just the NUMBER?
I ran across an article that made it sound like cramming (fraud) could be done by anybody that has a mobile phone number, which seems hard to believe. But the FTC makes it sound the same way. Our article Cramming (fraud) makes it sound like somehow cashing a rebate check is needed, or something. What's the truth? How hard is it to take a payment from a mobile account?

Additionally, I'm curious if this is being done to "burner" phones (TracFone and cogeners). Those don't have a monthly bill, but could scammers take money out of the accumulated minutes or something?

Also, is this actually useful for a small legitimate website as a way of collecting money? How much is the phone company's markup, and are there onerous bureaucratic requirements only a scammer could pass? Wnt (talk) 13:14, 9 November 2018 (UTC)


 * The scheme involved here - as detailed in this lengthy report from the FTC - requires your phone carrier to accept the charge first, and then to forward the charge to you in your bill. In a sense, your telephone service provider is acting as a credit-provider to a third-party, on your behalf - and consequently, it is the responsibility of the telephone service provider to evaluate the risks of extending credit to a possibly-non-creditable third-party.
 * So, when you ask whether anyone can conduct this type of scam, the answer is "no." Only people who are trusted by your phone company would be able to get money out of this scheme.  That category of merchants - legitimate or otherwise - would send a bill to your phone company; your phone company would pay them, track the charge, and some time later, you'd receive the bill.  Functionally, it only works for merchants who are "white-listed" - authorized by your service provider to levy a charge.
 * That bureaucratic step alone is enough to make this type of scam difficult to execute. If a random individual, with no legitimate credentials and no legitimate purpose, began a large-scale effort to send charge forwarding or "other forms of carrier billing arrangements" to a major company like AT&T, they would just ignore you.  You would never get any money from AT&T out of the scheme, and the people you attempted to victimize would never know that you were hassling their carrier with fraudulent paperwork; and the more that you significantly attempted this effort, the greater the probability that somebody would pursue civil or criminal charges against you.
 * The scam works best against the customers of little tiny mobile service carriers. The people who run those carriers might not realize that when they enable this technical service, they're effectively offering credit to anyone who asks for it - which is always a recipe for attracting scam-artists, even if it attracts other legitimate users as an ancillary detail.
 * Large and respectable phone providers will only honor charges billed from large and respectable merchants. This is where accountability comes in to play; the bigger the scam you run, the harder it would be for you to stay hidden while conducting fraudulent activity.
 * Like everything else in commerce, it is possible for a few bad guys to make a little scam work for a little while - but the bigger they get, the harder it is for them to hide; and if they don't get large, they don't get any meaningful amount of money. Taking it mainstream would require hiring and paying more bad-people to help with the details.  Taking it mainstream would also raise the hackles of the end-consumers, and then by proxy would raise the hackles of the major carriers, who would cease forwarding the charges from that particular scammer.
 * For the same reason, cheque fraud doesn't work, even there's no real technical protection to prevent a bad check. A check is basically just a piece of paper with a bunch of numbers on it.  You can walk into any major bank in the United States and try to cash a totally fictitious check from a totally fictitious account.  Most big banks would verify the details, and would throw you out if the account was false, and even if it was legitimate, they won't give you money if you don't have valid ID, already have a valid account, and demonstrate the other things that scammers don't typically want to present (because they don't want to get caught).
 * Some smaller banks (like those yucky payday loan establishments) might actually let an anonymous entrant walk into the store and cash a check with no questions asked. They incur the risk that you might be scamming them, and they mitigate this risk by taking most of your money from you up front before they cash the check.  They also mitigate their risk by associating with the scary folks in the dark alley they usually keep behind their not-so-pleasant store-front: if your check is bogus, they find you and get their money back.  We have an awfully white-washed article sub-section on their ... ahem, "aggressive collection practices."
 * Nimur (talk) 22:39, 9 November 2018 (UTC)