1. The Council welcomes the move by the TA to address the problem of billing and metering accuracy of public telecommunications services. The Council agrees with the TA's view that the market needs a practical and simple mechanism that would best suit the need of customers and the industry. However, the Council holds the belief that this initiative should not diminish the major requirement for a scheme that resolves the problems identified through customer complaints.
Scope of proposed Scheme
2. The Council agrees with the TA's view that the scheme should be applicable to all public telecommunications service providers under the TA's licensing control insofar as they operate services which involve usage or time charges.
Billing and metering integrity standards
3. The TA has suggested that the industry should develop billing and metering integrity standards similar to the standards, guidelines and principles adopted by other countries. However, the TA has made no reference to a common standard that could be applied, nor urged industry associations to develop a common standard for their sectors.
4. Notwithstanding the competitive environment, and the possibility that service providers could promote their service by reference to billing performance, it is by no means certain that a high standard will develop through this approach. Given the major focus on price competition, it cannot be expected that service providers will have much incentive to direct resources to maintaining high quality billing services.
5. Without some direction and influence by the TA, it is possible that a 'lowest common denominator' standard of billing services could arise that will not adequately address the problems that arise in the market. In order to achieve a high standard without mandatory requirements, the Council suggests that the TA should urge relevant telecommunications service associations to develop a common standard for the industry, and provide guidance in this regard.
Self-appraisal system and auditing system
6. The Council welcomes the self-appraisal system that requires service providers to perform self-appraisal on billing and metering systems based on a Quality Assurance Manual which is to be submitted to the TA for approval. However, the Council has some reservations about the proposal that the operators employ their own certified public auditors to audit and certify the measurement results under the self-appraisal system.
7. The Council believes that in order to increase consumer confidence in the self-appraisal system, and to remove any suspicion that the process has not been undertaken in a completely impartial manner, auditors used in the audit and certification process should not be employed by the service provider. Selection of appropriate auditors be undertaken through the TA assigning an auditor, or a panel of certified auditors acceptable to the TA for service providers to use. The selection process could be either:
- direct by the TA, for example, selected through competitive tenders for the provision of those services where auditors would be selected on the basis of the lowest service price (to be paid by the service provider); or
- the TA could require that auditors chosen by service providers for carrying out the work, are independent of the service provider and must have certain qualifications that are appropriate for the task. Appropriate qualifications need not be telecommunications specific but could be general such as a CPA qualification.
Monitoring system
8. The Council welcomes the TA's proposal requiring all operators to submit certified measurement results and the number of customer complaint cases related to billing disputes that have been made to the operator. The Council agrees that it could be beneficial for consumers if they are aware of the compliance status and performance of individual operators, in order to assist them in making informed choices.
9. However, the Council would point out that unless the TA standardizes the format for reporting by operators, for example, similar to reporting requirements for the financial services and banking sector, the picture on individual operator performance could be inadequate or distorted. The latter would be a particular concern for those operators who are more transparent and frank about their problems than others. These more candid operators, could be unfairly viewed in comparison with others who might have a worse record of complaints, but have been able to manipulate the reporting requirements to indicate a comparatively better picture than their competitors. Given these concerns, the Council would suggest that the TA take appropriate measures to prevent abuse of the reporting system by standardizing the reporting format.
10. In addition, the Council would also suggest that the TA to urge service providers to provide an online metering and billing enquiry system that consumers can use to easily check on their usage time. This would provide an additional means to monitor the performance of the billing and metering system.
Industry Forum
11. The Council welcomes the initiatives to create a forum to study the matter of billing and metering accuracy. It would also stress the need for strong representation in the forum, and active participation in the decision making process, from consumer and commercial user groups, in addition to service providers.
Security systems in handling customer account information
12. While addressing the issue of meter and billing accuracy, the consultation paper has not addressed the issue of unauthorized use of another person's account, which may also be the cause of some charging disputes. This kind of problem occasionally surfaces where telecommunications company employees access a customer's telephone line at the switch. It can also arise where computer system intruders access a customer's account information and make costly and lengthy overseas telephone calls payable by the customer, or otherwise disturb the trust between the service provider and the customer.
13. There has always been a difficulty for the customer in proving that they did not in fact make the calls and that they have in fact been the victim of theft (unauthorized use of property) by the company's untrustworthy employees or unsecured computer system. Similar cases can arise in other industries, where there is no actual payment demanded but where there has been unauthorized use or theft of another person's property. For example a consumer who has a car repaired and the repairer's employees use the vehicle for their own personal use or enjoyment while it is in the repairer's custody.
14. Some issues that arise in the telecommunications industry are
- Access to passwords. While some persons in the company will be able to know customers' passwords, limited access to the password would be preferable. For example, apart from reducing the risk of unauthorized use, it would also reduce the number of suspects if formal investigation of unauthorized use were required.
- Handling sensitive customer information. Such information would be user account information, PIN and credit card information. For example, when services are being actively and publicly promoted and personal information is being obtained from customers to process an application, especially 'on the street', some safeguards should be in place to maintain customers' security.
- Default passwords. The ways in which operators generate default passwords for subscribers could be subject to scrutiny. For example, the practice of using the first six characters of a subscriber's ID card as the default password, which the Council believes is a current practice, would raise concerns as to the security of the system and should be avoided.
- Alert System. It is not until a billing notice arrives that a consumer is made aware of excess usage, possibly arising from unauthorized use of the account. The Council is concerned that the trend in using non-paper billing by telecommunication service providers will make it difficult for consumers to uncover unauthorized use of their accounts early enough, and thereby enable them to confine the potential for further damage.
15. It would be expected that 'quality' service providers would have in place some safeguards to ensure that their employees do not engage in activity that is essentially criminal in nature, or at least to reduce the risks of that, or any other unauthorized use occurring. It would also be expected that quality service providers would find ways to assist their customers identify circumstances where security systems, however stringent they believe them to be, have failed. For example, in order to assist customers identifying possible unauthorized use, or limiting the possibility of being encumbered with excessive phone calls that have been unauthorized, the Council would encourage service providers to provide devices that alert customers once pre-agreed thresholds have been exceeded.
16. The Council recognizes that the degree to which safeguards need to be formalized, and how stringent they need to be, in order to be considered trustworthy, is open to question. However, a precedent exists elsewhere in Hong Kong that could be used for reference.
17. The Draft Code of Practice for Certification Authorities, in electronic commerce, on which the Consumer Council commented recently, had provisions for certification authorities to maintain a 'trustworthy system' in order to preserve the integrity of the Certification Authority's role. There was a perceived genuine need to have guidelines and an auditing regime for a trustworthy system at its inception given the importance of having trust in the certification process.
18. The Council suggests that the TA could consider whether 'Guidelines for a trustworthy telecommunications operator' would be appropriate for the telecommunications industry. This would require operators taking practical steps to address the above issues, which would assist in enhancing trust between the operator and the customer.
