Jesta Digital GmbH (Case reference: 28782)
| Case Number | 28782 |
| Published date | 21 August 2013 |
| Year | 2013 |
| Adjudicated Party | Jesta Digital GmbH |
| Procedure Type | Emergency Procedure (Phone-Paid Services Authority) |
Code Compliance Panel
Tribunal Decision
1
Tribunal Sitting Number 130 / Case 1
Case Reference: 28782
Level 2 provider
Jesta Digital GmbH
Type of service
Mobile download
Level 1 provider
Velti DR Limited
Network operator
All Mobile Network operators
THIS CASE WAS BROUGHT AGAINST THE LEVEL 2 PROVIDER UNDER PARAGRAPH 4.5
OF THE CODE
BACKGROUND
The Level 2 provider, Jesta Digital GmbH, trading as “Jamster” operated an online subscription
content download service using the brand names “
Jamster Action Club” and “The Tone Club”
(the “Service”
). The Service operated on the premium rate shortcode 88888 and via Payforit
(“PFI”), and cost £4.50 per week. The Level 1 provider for the Service was Velti DR Limited.
The Service offered consumers the opportunity to download unlimited mobile content such as
ringtones, games and wallpapers. The PFI service operated from 3 June 2013 to 2 July 2013
(when it was suspended as a result of the use of the Emergency procedure).
Serious concerns regarding the promotion of the Service were uncovered as a result of in-
house
monitoring of the Service conducted by the
PhonepayPlus Research and Market Intelligence Team
(the“RMIT”). The monitoring revealed that affiliate marketing promotions
, which generated
consumer traffic to the Service, appeared to utilise a form of malware (ransomware)
that stopped
consumers’ internet browsers from working, resulting in users’
being unable to access a large
number of popular websites, including Facebook, Ebay, Google. Users
were told that they were
required to sign up to the Service (and/or
other premium rate services) in order to unblock their
browsers.
Between 25 June 2013 and 2 July 2013, the Executive received six complaints fro
m consumers,
although none specifically concerned the ransomware affiliate marketing.
Monitoring
On 12 June 2013 and prior to uncovering the ransomware promotions for the Service,
the RMIT
visited the website “wifihackpassword.com” (Appendix A), which offered users a file
that purported
to enable them to hack into locked wireless networks. The RMIT attempted to download the file
(Appendices B, C and D).
The monitoring session concluded with the RMIT’s Internet Explorer
browser being blocked.
The RMIT conducted an additional
monitoring session on 25 June 2013. The RMIT opened the
Internet Explorer browser and found the G
oogle homepage was still blocked. The browser
displayed a webpage that contained the warning that the website had been blocked (Appendix D
).
In exactly the same manner as before, the RMIT were directed to complete a “survey”
to win
products. Upon clicking on a product, the RMIT were directed to the Service
landing page
(Appendix E) and followed the instructions to subscribe to the Service via PFI.
The RMIT
eventually closed all the browser windows that had been opened during the monitoring session
Code Compliance Panel
Tribunal Decision
2
and opened a new browser window to attempt to access the Google search engine but again a
notification tab appeared which stated that the website was blocked (Appendix D).
The RMIT noted that during both monitoring sessions, completing the “offers” resulted in users
subscribing to a premium rate service but the internet browsers that were blocked by the malware
were not unblocked following entry into
the subscription Service. It is of note that in order to
unblock its internet browser the RMIT had to re-
boot its desktop in “safe mode” and eliminate all
viruses using its existing security software. The Executive noted that it is likely that users with
out
specialist IT knowledge (and unable to search for a solution on their own computer) would require
specialist assistance (potentially at a cost).
The Investigation
The Executive conducted this matter as an Emergency procedure investigation in accordan
ce with
paragraph 4.5 of the PhonepayPlus Code of Practice (12th Edition) (the “Code”).
On 28 June 2013, the Executive notified the findings of its preliminary investigation to one membe
r
of the Code Compliance Panel and obtained authorisation to invoke the Emergency P
rocedure in
relation to the Service pursuant to paragraph 4.5.2 of the Code. The
outcome and a direction to
suspend the Service
was communicated to the Level 2 provider on 1 July 2013 and the Executive
directed the Level 2 provider to suspend
the Service immediately. The Level 1 provider was
directed to withhold revenue on 1 July 2013. On 2 July 2013, the Level 2 provider
confirmed that
the Service had been suspended. On 2 July 2013, in accordance with paragraph 4.5.1(c)(iv) of the
Code, Phone
payPlus published a notification on its website, stating that the Emergency procedure
had been invoked. On 4 July 2013 the Level 2 provider requested a review of the use of the
Emergency procedure. The Tribunal declined the application for review, as it was out of time.
The
Executive sent a breach letter to the Level 2 provider on
10 July 2013. Within the breach letter the
Executive raised the following potential breaches of the Code:
• Rule 2.3.1 - Fair and equitable treatment
• Rule 2.3.2 - Misleading
• Rule 2.5.5 – Avoidance of harm (fear, anxiety, distress or offence)
• Rule 2.2.2 – Written information material to the decision to purchase
The Level 2 provider responded on 17 July 2013. On 25 July 2013 the Tribunal reached a decision
on the breaches raised by the Executive
. The Level 2 provider made informal representations to
the Tribunal.
SUBMISSIONS AND CONCLUSIONS
PRELIMINARY ISSUE
Responsibility for affiliate marketing
The Tribunal noted that Level 2 providers are responsible f
or the Services that they operate; this
includes how the services are promoted.
Part 2 of the Code states:
“References to a premium rate service…include all aspects of a service including content,
promotion and marketing…Level 2 providers have responsibility for achieving these outcomes
To continue reading
Request your trial