O2’s Childish Mistake On Age Verification

O2 logo

Say you’re waiting on a bus or a train. It’s dead time, so to ease the boredom you grab your smartphone to check the latest post on your favourite site – this one, of course. You get a nice strong 3G signal, and hit the bookmark.

Instead of that familiar, beautifully designed opening page, you get a warning from your mobile provider, telling you that the site you’re trying to reach is only suitable for over-18s, and that you need to go through an age verification process. You’re then taken to another page which, although it has livery from your provider, seems to be from another website entirely. And this page is asking you for your credit card details.

It’s an obvious and rather lame attempt at phishing. You’re not any kind of idiot (you’re a member of The Readership, after all) so you spot it as that instantly, and sadly inform the webmaster that his site has been hacked.

Except it’s not a scam. Well, not in the true textbook sense of the word, anyhoo. The scenario above happened yesterday to O2 customers across the country, as a age verification process was extensively rolled out. It only affects their 3G and GPRS networks, and it’s really, really stupid.

The reason for the credit card charge (£1, following which you’re refunded £2.50 as a one time payment) is to ensure that the person attempting to access “adult” material is over 18. You have to be over 18 to own a credit card. QED. But you also have to be 18 to set up a Pay Monthly account, and surely it would be simpler to set up a password controlled block in the website accessible only to the bill-payer. And the over-enthusiastic filter O2 have put in place means that PAYG customers are being blocked from sites they have perfectly legitimate reasons to visit. It’s just nonsense.

What on earth was going through the O2 mind (you know, the one that’s currently TV advertised with a very badly disguised version of Mr. Tumnus in place)? Did no-one think that suddenly switching on a filter without fair warning that would direct their customers to a site asking for credit card details might not be taken as entirely genuine? O2 claim that the company in question, Bango, have many years experience and are a trusted partner. Fine. I’ve never heard of them, and have no reason to trust them on O2’s say-so.

More worryingly, O2 have yet to explain what Bango (the name that doesn’t fill me with trust, it has to be said) do with your credit card details after the verification transaction. And, for that matter, how long your payment stays in Bango’s account before you get your £2.50 refund. I call shenanigans on this. It all feels a bit suspect, a bit slippery. Why a quid, for example? PayPal do a similar thing to ensure the card you’re linking to their system is legitaimate, but they do it with payments or 3 or 4p. Stick a couple of hundred thousand pounds of your customers cash in a high interest account for a couple of days, and there’s a decent profit to be made.

It’s the mealy-mouthed, box-ticking nature of the exercise that really makes my teeth itch. The block only operates on O2’s mobile internet services, meaning that your child can easily access all the adult content they want as soon as they hop onto a wi-fi signal. That, of course, is outside O2’s remit. They’ve done their job, and been seen to be compliant with a self-regulatory agreement with no legal basis.

O2 have really dropped the ball on this one. If they wanted to worry, bother and honk off a fat chunk of their customer base in short order, then they’ve found the perfect way of doing it. The process assumes a blithe ignorance of internet safety 101, and contravenes advice that they give on their own website. The O2 forums are full of seething customers that had no idea that O2 were about to drop this on them.

I’m absolutely furious. At one point yesterday morning, I was convinced that X&HT had been hacked, compromised and retasked as a phishing site. All because some hand-wringing twonk at O2 doesn’t want to take responsibility when a 15 year old accesses questionable material on their network.

Here’s an idea. If you don’t have a credit card, you can age verify at any O2 store with photo ID. I suggest that every aggrieved customer who feels a bit uncomfortable at giving out their credit card details to a third party for access to the sites they’ve always been able to access with no trouble before does exactly that. If that happens en masse, we’ll clog up the stores and cut into O2’s profits a bit. Direct action, taking a page from the UK Uncut playbook. That’ll send a message that they can’t ignore.

Who’s with me?