Gico Europe LLP (Case reference: 28785)
| Case Number | 28785 |
| Published date | 21 August 2013 |
| Adjudicated Party | Gico Europe LLP |
| Procedure Type | Emergency Procedure (Phone-Paid Services Authority) |
Code Compliance Panel
Tribunal Decision
68
Tribunal Sitting Number 130 / Case 5
Case Reference: 28785
Level 2 provider
GICO (Europe) LLP
Type of service
Competition - non-scratchcard
Level 1 provider
MC Mobile Connectivity GmbH and Velti DR Limited
Network operator
All Mobile Networks
THIS CASE WAS BROUGHT AGAINST THE LEVEL 2 PROVIDER UNDER PARAGRAPH 4.5 OF THE
CODE
BACKGROUND
The Level 2 provider, GICO (Europe) LLP, operated an online subscription competition quiz service using
the brand name “Triviato” (the “Service”). The Service operated on the premium rate shortcode 80876
at a
cost £4.50 per week
. The Level 1 providers for the Service were MC Mobile Connectivity GmbH and Velti
DR Limited.
The Service offered consumers the opportunity
to participate in monthly quiz competitions. Consumers
were required to answer ten questions
. The person who answered the most questions in the fastest time
every month won a prize, such as a Shell giftcard.
The Service operated from September 2012 to 2 J
uly 2013 (when it was suspended as a result of the use
of the Emergency procedure).
Serious concerns regarding the promotion of the Service were uncovered as a result of in-
house
monitoring of the Service conducted by the PhonepayPlus Research and Market I
ntelligence Team (the
“RMIT”). The monitoring revealed that affiliate marketing promotions
, which generated consumer traffic to
the Service, appeared to utilise a form of malware (ransomware) that stopped consumers’ internet
browsers working, resulting in
users being unable to access a large number of popular websites, including
Facebook, Ebay, Google. Users were told that they were required to sign up to the Service (and/or other
premium rate services) in order to unblock their browsers.
Between 8 November
2012 and 28 June 2013, the Executive received nine complaints from consumers,
although none specifically concerned the ransomware affiliate marketing.
Monitoring
On 12 June 2013 and prior to uncovering the ransomware promotions for the Service, the RMIT
visited the
website “wifihackpassword.com” (Appendix A), which offered users a file
that purported to enable them to
hack into locked wireless networks. The RMIT attempted to download the file (Appendices B, C and D).
The monitoring session concluded with the RMIT’s Internet Explorer browser being blocked.
The RMIT conducted an additional monitoring session on 25 June 2013. The RMIT opened the I
nternet
Explorer browser and found that it could not access the Google homepage as it
was still blocked. The
browser displayed a webpage that contained the warning that the website had been blocked (Appendix
D). In exactly the same manner as before, the RMIT was directed to complete a “survey”
to win products.
Upon clicking on the first offer the RMIT was directed to the “Triviato” landing page (Appendix E) and
Code Compliance Panel
Tribunal Decision
69
followed the instructions to complete a quiz question, which required the RMIT to enter a MSISDN. The
RMIT monitoring phone received a free message to which the RMIT responded with the trigger word
contained within the message received
. This was immediately followed by a subscription confirmation
message. The RMIT returned to the open browser and clicked on the “START QUIZ” button but at this
point did not complete any further questions. The RMIT closed all th
e browser windows that had been
opened during the monitoring session and opened a new browser window to attempt to access the G
oogle
search engine. However, the same notification tab appeared stating
that the website was blocked
(Appendix D).
The RMIT clicked on the button to unblock access and received a warning pop-
up prompting it to select an
offer. The RMIT clicked on an offer for a “Tesco gift card offer” and later a “Morrisons Gift card”, on both
occasions the “offers” led the RMIT to the Service landing page.
The RMIT noted that during the monitoring sessions, completing the “offers” resulted in users subscribing
to the Service. However,
the internet browsers that were blocked by the malware were not unblocked
following entry into the Service. The Executive noted
that in order to unblock its internet browser the RMIT
had to re-
boot its desktop in “safe mode” and eliminate all viruses using its existing security software. The
Executive noted that it is likely that end users without specialist IT knowle
dge (and unable to search for a
solution on their own computer) would require specialist assistance (potentially at a cost).
The Investigation
The Executive conducted this matter as an Emergency Procedure investigation in accordance with
paragraph 4.5 of the PhonepayPlus Code of Practice (12th Edition) (the “Code”).
On 21 June 2013, the Executive notified the findings of its preliminary investigation to a membe
r of the
Code Compliance Panel and obtained authorisation to invoke the Emergency procedure in
relation to the
Service pursuant to paragraph 4.5.2 of the Code. The outcome and a direction to suspend the Service
was
communicated to the Level 2 provider on 1 July 2013. The Level 1 provider was directed to withhold
revenue on 1 July 2013. On 2 July 20
13, both the Level 1 and 2 providers confirmed that the Service had
been suspended.
On 2 July 2013, in accordance with paragraph 4.5.1(c)(iv) of the Code, PhonepayPlus published a
notification on its website stating that the Emergency procedure had been invoked.
The Executive sent a breach letter to the Level 2 provider on
10 July 2013. Within the breach letter the
Executive raised the following potential breaches of the Code:
• Rule 2.3.1 - Fair and equitable treatment
• Rule 2.3.2 - Misleading
• Rule 2.5.5 – Avoidance of harm (fear, anxiety, distress or offence)
• Rule 2.2.5 – Pricing prominence
• Rule 2.2.2 – Written information material to the decision to purchase
• Paragraph 3.4.1 – Registration of organisation
• Paragraph 3.4.12 (a) – Registration of service
The Level 2 provider responded on 17 July 2013. On 25 July 2013,
the Tribunal reached a decision on the
breaches raised by the Executive. The Level 2 provider did not make any informal r
epresentations to the
Tribunal.
To continue reading
Request your trial