How to steal billions and get away with it

There is a criminal enterprise which has stolen billions from South Africans over the last decade without as a much as a criminal case against them.

If you think we are talking about the Gupta family, think again. The culprits here are rogue wireless application service providers (WASPs) and content subscription services.

These rogue WASPs fraudulently subscribe South Africans to content subscription services without their knowledge or consent.

Through these fraudulent subscriptions, they steal millions in airtime from mobile subscribers every day.

The exact scale of this fraud has never officially been reported, but conservative estimates by industry players suggest it runs into billions of rands.

What is of particular concern is that criminals are using gateways provided to them by the mobile operators to commit this crime.

Mobile operators like Vodacom, MTN, and Cell C make it possible for WASPs to directly bill mobile users through carrier billing. They are basically given the keys to subscribers’ accounts.

Mobile operators can block WASP billing by default, but despite a decade of fraud and billions in airtime stolen, they refuse to implement this solution.

The problem goes even deeper. In some of the cases where airtime was stolen, the mobile operators themselves acted as the WASP.

That means the airtime was stolen from Vodacom and MTN subscribers through fraudulent subscriptions to content services offered by Vodacom and MTN themselves.

What this fraud looks like

When people think of multi-billion-rand fraud they expect large corrupt deals with Eskom, the SAA, or the government.

In the case of rogue WASPs, however, the amounts are very small. They only steal of few rand per user per day.

What makes this crime so lucrative is that they steal airtime from a large number of victims – sometimes tens of thousands of users per day.

For example, a rogue WASP can fraudulently subscribe 60,000 mobile users to their services and bill them R5 each per day. This adds up to R110 million per year.

Most of this money lands up in the pockets of rogue WASPs and mobile operators as pure profit.

The beauty from a criminal perspective is that no subscriber will open a criminal or civil case for a few hundred rand – it is simply not worth the trouble.

The criminals know this, which is why they could steal billions from South Africans without a single criminal prosecution for this crime.

The mobile bills below show what the crime looks like in real-life – small amounts stolen from large numbers of South Africans each day.

No risk of criminal prosecution

As described above, the criminals behind subscription fraud face virtually no risk of criminal prosecution if they are caught.

When a mobile subscriber falls victim to criminals stealing their airtime, all they can do is to ask for their money back and block WASP subscriptions.

One would think the mobile operators will take criminal steps against fraudsters abusing their billing system and stealing money from their subscribers, but this is not the case.

In fact, they simply pass the buck. Vodacom told MyBroadband only the defrauded party – the mobile subscriber – is permitted to open a police case.

This means that rogue WASPs can abuse the systems provided to them by Vodacom to steal subscribers’ money without any real risk of criminal prosecution.

The criminals have become so brazen that they are not even willing to stop stealing when they are caught.

In many cases, Vodacom had to go to the High Court to terminate WASP provider agreements of these rogue WASPs.

MTN, in turn, told MyBroadband that WASPs and content providers are not the criminals.

“In our experience, none of our WASP partners have been the actual perpetrators of “stolen airtime” from our customers,” MTN said.

MTN’s comment is perplexing, as many WASPs have been fined by the Wireless Application Service Providers’ Association (WASPA) for stealing airtime from MTN subscribers in the past.

In fact, MTN’s own Internal WASP Service has been found guilty and fined by the WASPA for not adhering to its code of conduct.

Cell C told MyBroadband it has no reason to take severe action against WASPs because it has implemented double opt-in for all WASP services.

As with MTN and Vodacom, numerous Cell C subscribers continue to complain about subscribed to WASP services without their consent.

There are many examples of rogue WASPs bypassing double opt-in measures, but Cell C does not seem to be concerned about this issue.

What became apparent is that the mobile operators have never taken criminal action against rogue WASPs who have stolen money from their subscribers.

MyBroadband could not find evidence of any criminal case and successful prosecution against a WASP which committed fraud.

Even WASPA general manager Ilonka Badenhorst did not want to engage much on criminal matters related to rogue WASPs.

Instead, she told MyBrooadband for criminal matters, including alleged theft, “a member of the public will have to lodge their complaint with the appropriate authority to be dealt with in the relevant forum”.

This raises the question of why mobile operators are so resistant to take serious action, including opening criminal cases, against this criminal enterprise which steals money from their subscribers.

Industry speculation suggests that it is because they are making a large amount of profit from this fraud on their networks.

Others told MyBroadband the mobile operators are running rogue WASP services themselves, which is why they are avoiding criminal action against fraudulent WASPs.

What WASPs accused of airtime theft say

MyBroadband contacted six WASPs accused of airtime theft, and only one of them responded. It said:

“We have no evidence or reports of service activation without the customer’s consent. Payment by credit card or carrier billing adheres to the mandatory regulatory standards.”

It added that people whose airtime was stolen should “raise any billing enquiries with the relevant service provider and or payment provider to identify the nature of the charges”.

Other WASPs blamed content providers for the fraudulent billing, saying they are mere conduits for the billing from third parties.

MTN even blamed malware and bots installed on user’s smartphones and click-jacking for this fraud.

“When mobile devices are infected with malware, consumers, who experience its effects, such as unwanted charges and data depletion, tend to blame the mobile operator or WASPs,” MTN said.

“Like customers who have been affected by mobile ad fraud, the adverse effects from this criminal enterprise are also felt by mobile operators and content providers.”

When MyBroadband asked MTN who benefits from this fraud, it said it receives a portion of revenue.

“However, we do refund customers if it has been found that the subscription was fraudulent.”

From these responses, it is clear that neither mobile operators nor WASPs want to claim responsibility for this fraud.

With billions stolen from South Africans – often the poorest members of society – one would have expected strong action from the operators and authorities.

This did not happen, allowing criminals to steal large amounts of money from mobile subscribers for over a decade.

Here are the official responses from the Vodacom, MTN, and Cell C regarding WASP subscription fraud and airtime theft on their networks:


We take a hard line in the event that a third-party contravenes any agreement they may have with Vodacom or the likes of WASPA’s code of conduct.

We have and will continue to suspend and terminate the services of WASPs and their affiliate content aggregators and will continue to investigate reported transgressions and then ensure that we take appropriate action.

Vodacom is fully committed to assisting relevant authorities in instances where customers open criminal cases. In terms of the criminal process in South Africa, only the defrauded party is permitted to open a police case.

Vodacom has won a number of High Court cases that have resulted in the termination of WASP provider agreements. As matters stand, all WASP providers must be a member of WASPA.

We have temporarily suspended the services of a number of Direct Charge to Bill (DCB) / third party provider partners. These provide a service on Vodacom’s behalf and appear on a customer’s bill as a Vodacom service.

As we indicated previously, Vodacom will require all DCB partners / third party providers of content services to become members of WASPA.


In our experience, none of our WASP partners have been the actual perpetrators of “stolen airtime” from our customers.

Instead, when MTN receives complaints, our first action is to suspend content partners from acquiring customers until channels through which the fraudulent subscriptions have transpired have been investigated and closed.

In all cases our WASP partners have been fully supportive and refunded customers in full.

Our findings indicate that the problem is not with the WASPs but with fraud in downstream advertising channels. They may advertise through an affiliate network which in turn has advertising partners who have later been found to behave fraudulently.

The root cause of almost all the fraud we see on our network comes from malware and bots installed on user’s phones, or from click-jacking.

When mobile devices are infected with malware, consumers, who experience its effects, such as unwanted charges and data depletion, tend to blame the mobile operator or WASPs.

However, WASPs and content providers are not the criminals. Like customers who have been affected by mobile ad fraud, the adverse effects from this criminal enterprise are also felt by mobile operators and content providers.

MTN has very strict policies and processes in place to prevent such fraud from happening. As a result, mobile ad fraud on our network is significantly lower than on other networks in developing countries.

Despite our best efforts, we are aware that some click-fraud can bypass our systems. That is why we have implemented additional measures to prevent the scourge of click-fraud from impacting our customers.

Even if a bot or malware has subscribed someone to a service, our double opt-in requirement forces a confirmation button to be clicked.

In addition, we send an SMS to the customer advising them that they have been subscribed to a service and giving them 24 hours to cancel the subscription without being charged. In many of the cases, it is this SMS from MTN which triggers alarm from customers, and they have not been charged because of this measure.

We also send a weekly SMS to customers for each service alerting them to the fact that they are subscribed, and including a link to unsubscribe.

MTN views mobile ad-fraud as a serious issue and remains committed to taking additional steps to address this. As further evidence of our commitment to treating our customer fairly at all times, should our investigation show that a customer has been the victim of fraud of this nature, we will refund in full.

Cell C

Cell C has had no reason to go this route [lay criminal charges or take other severe action] due to the double opt in for all WASP services. It aims to provide an extra layer of protection for Cell C customers.

Double opt in requires for the customer to opt in with the WASP Service Provider first and then affirm the subscription on the Cell C network independent of the WASP Partner.

This is an opinion piece.

Now read: Vodacom caught stealing airtime from its own subscribers

Latest news

Partner Content

Show comments


Share this article
How to steal billions and get away with it