How the WASP double opt-in system has been improved

Since Vodacom launched its double opt-in system for wireless application service providers in 2011, it has been steadily improved to prevent unscrupulous WASPs from tricking people into signing up for services.

Among the more recent improvements is a feature called network-initiated unstructured supplementary service data (NI USSD).

The general manager for WASPA, Ilonka Badenhorst, said that NI USSD makes it more difficult for a rogue WASP to circumvent the verification systems networks have in place.

WASPs are typically associated with subscription services that charge a fixed amount over a certain period in exchange for digital goods or services.

You might subscribe for R2 a day and have songs and wallpapers regularly delivered to your phone, for example.

Other examples include Vodacom’s Look 4 Me phone tracking service, which charges R11.70 per month. MTN offers a similar service called WhereRU at R12.49 per month. Both services levy additional fees on messages sent to interact with them.

Since the advent of double opt-in, subscribing to services such as those mentioned above requires a WASP to send you a confirmation of your subscription.

You might click a link on a website to sign up to such a service, or send a registration message via SMS to a number like 31888. The WASP must then send you a confirmation message.

Only once you have responded affirmatively to the confirmation message may the WASP begin billing you.

Fixing exploits

Despite efforts to ensure that people only subscribe to services they want, rogue WASPs still found and exploited loopholes to trick people into subscribing.

Network-initiated USSD is one of several steps networks have taken to prevent WASPs from circumventing the verification mechanisms in place.

WASPA said that such USSD requests are more difficult to intercept through malware and other illicit means, compared to SMS.

Vodacom explained that with NI USSD, it receives a customer’s confirmation of a subscription to a service.

In addition to network-initiated USSD, MTN and Vodacom now require that all WASPs use an industry approved anti-fraud system. MTN allows Perimeter X or BlockFraud, while Vodacom has rolled out BlockFraud on its network.

MTN said it will take further steps by amending its business rules for third-party services, while Vodacom curtailed new WASP activations in April 2018.

Only after Vodacom was given validation of a WASP’s security processes and tools was it allowed to operate on the network, the company told MyBroadband.


Badenhorst said WASPA and its members want an ethical market where companies adhere to the rules and regulations.

While WASPA is an industry association which represents the interests of its members, it must also consider consumer interests.

That is the only way to ensure the long-term sustainability of the WASP industry, said Badenhorst.

Now read: Blocking WASPs on mobile networks – Tested

Latest news

Partner Content

Show comments


Share this article
How the WASP double opt-in system has been improved