A prominent industry player has revealed that a security flaw on MTN’s network allows rogue WASPs to “secretly” subscribe users to content services and steal their airtime.
The industry source, who asked to remain anonymous, told MyBroadband this weakness shows that MTN is not adequately protecting its subscribers against rogue WASPs.
He said the flaw may look like a system bug, but it is more likely a proactive measure by rogue WASPs and potentially MTN employees to commit fraud.
Many MTN subscribers have been complaining about airtime theft, and this security flaw may explain some of the fraud on MTN’s network.
Two of the main issues detected on MTN’s network are:
- There is no welcome SMS when a person is subscribed to some WASP services.
- There is a fake ‘subscription problem’ message, despite the fact that a person is subscribed to the service.
The Wireless Application Service Providers Association (WASPA) Code of Conduct clearly states:
Once a customer has joined a subscription or notification service, an SMS message must immediately be sent to the customer confirming the initiation of the service.
A live demonstration provided to MyBroadband shows that this “welcome SMS” is never sent to MTN users who are subscribed to some WASP services.
This compulsory SMS is one of the main weapons against fraudulent subscriptions and airtime theft.
Without this SMS notification, MTN users have no idea if they have been subscribed to a content service.
It therefore provides rogue WASPs with a perfect platform to fraudulently subscribe mobile users to services without their consent and knowledge.
Demonstration of security flaw
The live demonstration provided to MyBroadband illustrates the security flaw on MTN’s network.
The user said he initially thought there was a problem with the subscription service, but when airtime started to disappear, he realised it was a flaw.
“It is not just a system fault as multiple SIMs showed exactly the same behaviour,” he said.
Jacqui O’Sullivan, MTN SA’s executive for corporate affairs, told MyBroadband they are not aware of these security flaws.
“However, we take these issues very seriously and would therefore appreciate the opportunity to investigate this further,” she said.
O’Sullivan added that MTN regularly conducts tests and system updates to its services as ad-fraud criminal networks are continually introducing new ways of bypassing their systems.
“MTN views mobile ad-fraud as a serious issue and remains committed to taking additional steps to address this,” she said.
“As further evidence of our commitment to treating our customers fairly at all times, should our investigation show that a customer has been the victim of fraud of this nature, we will refund in full.”