LCQ6: Redress channels for commercial clients of telecommunications service providers
Following is a question by the Hon Chung Kwok-pan and a reply by the Secretary for Commerce and Economic Development, Mr Gregory So, in the Legislative Council today (June 8):
Recently, the owner of a small company sought my assistance, saying that he received a phone call from his telecommunications service provider (TSP) in early March this year, notifying him that his company's telephone line for long distance calls had been "hacked". He then followed the TSP's advice to encrypt the telephone line to prevent recurrence of similar incidents. However, he later received the telephone bill for the month of March in which the fees payable soared to nearly $40,000 from the normal level of $560, with most of the charges relating to the long distance calls that his company had never made. While confirming that the company's telephone line for long distance calls had been "hacked", the TSP concerned still requested the company to pay the bill in full, otherwise the TSP would terminate the telecommunications services for that company. The owner had sought assistance from the Consumer Council and the Communications Authority (CA), but the former said it would not accept complaints from commercial organisations about the goods and services they purchased, and the latter said that it would not handle complaints involving only monetary disputes. In this connection, will the Government inform this Council:
(1) whether it knows the number of complaints received by CA from commercial organisations against TSPs in each of the past three years, with a breakdown by the content of the complaints, and whether the number of such type of complaints has shown an upward trend; among such complaints, of the number of those involving TSPs charging unreasonable fees from commercial organisations whose telephone lines have been hacked;
(2) of the statutory institutions, other than the court, that may currently handle complaints from commercial organisations about the goods and services they purchased; and
(3) whether it knows if CA will discuss with TSPs to examine the formulation of measures to protect the rights and interests of clients, for example, TSPs making enquiries immediately with the clients or even suspending the relevant services once TSPs are aware of suspicious call records in the clients' accounts, capping the number of calls for long distance call accounts, and building in a procedure for verifying the identities of clients, with a view to reducing the disputes between TSPs and their clients over telecommunications service fees?
As the statutory body overseeing the telecommunications and broadcasting sectors, the Communications Authority (CA) regulates the provision of public telecommunications services pursuant to the powers conferred by the relevant ordinances, including the Telecommunications Ordinance (TO) and the Competition Ordinance (CO).
My reply to the three questions raised by Hon Chung Kwok-pan is as follows:
(1) As at end of February 2016, there were about 4.22 million fixed telephone lines in Hong Kong, of which about 44 per cent (about 1.86 million) were subscribed by non-individuals (including commercial organisations).
From January 2013 to April 2016, the annual number of complaints received by the Office of the Communications Authority (OFCA) from non-individuals (including commercial organisations) against telecommunications services providers (operators) with a breakdown by the major types of complaints, and the number of complaints involving "charges arising from suspected unauthorised use of International Direct Dialling (IDD) services account" are set out in the table at Annex. The numbers of complaints for the past three years generally remained steady, with those involving "charges arising from suspected unauthorised use of IDD services account" at a relatively low level.
(2) Broadly speaking, different approaches are adopted in handling complaints relating to goods or services in different sectors. In general, contractual disputes between commercial organisations can be resolved through negotiation or obtaining legal advice for deciding whether to take legal action.
For telecommunications services, if there are disputes between consumers and operators on service charges, consumers can first discuss with the operators. If the disputes cannot be resolved, the complainants can contact the CA to provide detailed information. If the CA discovers contraventions by the operators at any stage, it will take appropriate investigation and regulatory action. For those consumer complaints not involving contravention of the TO or licence conditions, the CA will follow the existing procedures in handling consumer complaints: refer the cases to the operators concerned with complainants' agreement and request the operators to handle the complainants' cases with discretion as well as to give a direct reply. Based on past experience, upon the CA's referral of the cases, a mutually-accepted resolution could generally be reached.
It is worth mentioning that as the billing disputes in question involve IDD services, the local operators have to pay the long-distance network usage fee to the overseas telecommunications network operators. Therefore, in cases involving "charges arising from suspected unauthorised use of IDD services account", if the consumers refuse to pay, the local operators will need to fully bear the monetary loss arisen from the unauthorised use of services.
(3) As mentioned above, the CA will help consumers by referring their dispute cases with the operators to the operators concerned and request the operators to give a direct reply to the complainant. Based on past experience, upon the CA's referral of the cases, a mutually-accepted resolution could generally be reached. This shows that the CA's existing approach in handling the relevant disputes is effective.
For IDD services, the operators have put in place various security measures (e.g. allowing customers to set passwords) at present to prevent unauthorised use of their customers' IDD services accounts by other parties. Moreover, major operators would impose a monthly credit limit on their customers' IDD services accounts. When customers' IDD monthly charges reach the preset limits, the operator concerned would take the initiative to contact the customers for more details so as to protect the interest of the customers. The above measures are applicable to both individual and commercial customers.
Since 2013, OFCA has received a total of 16 complaints (i.e. an average of 4.8 per year) from non-individuals concerning charges arising from suspected unauthorised use of IDD services accounts. The above figure indicates that the situation is neither common nor on the rise. This reflects that the security measures offered by the operators may have effectively reduced the risk of unauthorised use of their customers' IDD services accounts.
Cases of suspected unauthorised use of IDD services accounts mainly involved IDD services chosen by the customers that do not have a password protection function, the customers did not set passwords for their IDD services accounts, leakage of password, or security vulnerabilities in the customers' telephone systems, etc.
To reduce the risk of unauthorised use of IDD services accounts, in respect of small and medium enterprises (SMEs), the former Office of the Telecommunications Authority (now known as OFCA) wrote through SME organisations to their members in April 2011 to remind them of the potential security risks of the IP PBX telephone systems which can be connected to the Internet and to advise them (if they were the users of IP PBX telephone systems) to take precautionary measures to prevent unauthorised use of their IDD services accounts by hackers who invade their IP PBX telephone systems.
OFCA has launched a dedicated web page concerning IDD services security (www.ofca.gov.hk/en/consumer_focus/education_corner/guide/advice_lfs/idd/index.html) to provide to consumers (including commercial organisations) information on the prevention of unauthorised use of IDD services, and on the credit limit that would be imposed by the operators on customers' IDD services accounts, etc and remind them to activate the security function of their IDD services to prevent unauthorised use.
Although the TO does not confer on the CA the statutory power to handle billing disputes between operators and their customers, the CA has been monitoring the market situation closely and is committed to ensuring that the interests of consumers (including non-individuals) in using telecommunications services are reasonably protected by, amongst others, issuing guidelines to the industry timely for reference, discussing with the industry to implement self-regulatory measures as well as conducting consumer education.
OFCA will continue its commitment to educate consumers on the use of IDD services and telephone system security so as to enhance their security awareness and vigilance regarding their IDD service accounts. In addition to the dedicated web page launched, with a view to enhancing consumer protection, OFCA will contact the operators and remind them to advise customers of the security measures concerning the use of IDD services.
Ends/Wednesday, June 8, 2016