Column: If your phone line gets hacked, guess who your service provider thinks should pay the bill
Arlene Howard’s phone bill said she made a bunch of calls to Cuba, which she didn’t. Her service provider, Charter Communications, acknowledged that her office line must have been hacked.
But it still demanded that she pay thousands of dollars to cover the cost of the bogus calls.
To which all customers of Charter’s Spectrum service should rightly respond: Say what?!
You probably didn’t know this — I didn’t — but buried deep within the fine print of Spectrum’s terms of service for business and residential landlines is a provision that the customer, not the company, is responsible for any fraudulent use of the phone service.
I found similar provisions tucked away in AT&T’s and Frontier Communications’ terms.
You get hacked, you pay.
And that, of course, is nuts. It’s not your handset, after all, that’s being hacked. In most cases, it’s the telecom company’s network. Why should the customer be left holding the bag for a corporate security lapse?
“It’s frustrating,” said Christine Mailloux, staff attorney with the Utility Reform Network, a San Francisco advocacy group. “The companies will come up with a mumbo-jumbo, gobbledygook explanation for how it’s the customer’s responsibility. But it’s hard to see how these contracts are defensible.”
Howard owns a small PR firm in Brentwood. She relies on Spectrum — formerly Time Warner Cable — for her office’s phones, Internet connections and TV service. Her typical bill runs about $1,200 a month.
In January she received a bill that included nearly $6,400 in charges for international calls. Howard contacted Spectrum to ask what was going on.
“They said it was for all the calls I made to Cuba,” she told me. “I told them I didn’t make any calls to Cuba.”
Spectrum looked into things and acknowledged that Howard’s phones must have been hacked. Yet, because the company is so big-hearted, a service rep said, Spectrum would hold Howard responsible for only half the charges, or about $3,000.
“What do you mean half?” Howard replied. “I was hacked. This is your responsibility.”
This is where Spectrum pointed her to the service contract for business customers. It says that “the customer is solely responsible for prevention of unauthorized, unlawful or fraudulent use of or access to services.”
The fine print of the contract for residential customers is even more explicit. It says that the customer is “responsible for any fraudulent or unauthorized use of the voice service that occurs through the subscriber’s account regardless of who is responsible for such usage.”
It also says that “the subscriber shall be solely responsible for payment of all applicable charges ... even where calls are originated by fraudulent means either from the subscriber’s premises or from remote locations.”
Think about that. A hacker in Russia could run up crazy charges on your phone, and it’s your responsibility to pay the bill.
AT&T and Frontier aren’t much better. Their contracts specify that customers are responsible for all fraudulent charges that accrue prior to a hack being reported to the companies — which in most cases would be all charges, because you wouldn’t know you’ve been hacked until your bill arrived weeks later.
It looks like wireless customers are generally spared such manhandling. AT&T’s wireless contract, for instance, says that “you’re not liable for charges you did not authorize.”
Howard shared with me her correspondence with Spectrum. She hit a brick wall in trying to make the company back down from its customer-unfriendly position. Her lawyer also got nowhere.
Worse, Spectrum played hardball by twice cutting off her service and demanding payments. Last week, Howard shelled out $1,250 to get her service restored — for calls she didn’t make.
“What choice did I have?” she told me. “I have a business to run.”
The company gave Howard until Monday to cough up at least another $700 of the more than $3,000 it says is outstanding. If she doesn’t, it’ll shut her down again.
Spectrum’s stance is that it was Howard’s internal phone system, not Spectrum’s network, that was hacked, so none of this is the company’s fault.
That’s a bold position considering that it’s impossible to access Howard’s phone system without getting at it via Spectrum’s line. Nor could the fraudulent calls to Cuba have been made without Spectrum serving as a conduit.
“After thoroughly investigating this issue, it is clear Ms. Howard’s business phone system, which was purchased through a third party, was compromised — not our voice service to her firm,” Dennis Johnson, a Spectrum spokesman, said in a statement. “We have helped her secure her private business phones and provided a credit to her account.”
It’s unclear what he meant by that. Howard said no Spectrum technician has visited her office. That suggests Spectrum made any fixes remotely, which indicates some responsibility for network security.
The credit Johnson referred to was for some extra taxes that Spectrum acknowledged months ago it had erroneously tacked on to the fraudulent charges.
Johnson declined to elaborate on his statement. But the company apparently was nervous enough about my asking questions that it informed Howard it would reduce her outstanding bill by $500.
A telecom industry insider, requesting anonymity in return for telling the truth, told me that most phone companies insert these noxious you-pay-for-fraud provisions in their contracts to prevent customers from willy-nilly challenging all charges on their bill.
However, this person said, most companies won’t hesitate to write off fraudulent calls if it’s clear that the customer didn’t make them.
Debra Tortorelli, an AT&T spokeswoman, acknowledged that “if we determine that fraud has occurred on a customer’s account, we quickly reverse unauthorized charges.” Javier Mendoza, a Frontier spokesman, similarly told me that cases of fraud are reviewed “on a case-by-case basis.”
That’s good — and Charter should adopt a similar policy. However, if a phone company is flexible about such matters, it should say as much in its contract, rather than reserving the right to stick customers with bogus bills.
And if Spectrum is confident that its customer didn’t make thousands of dollars worth of international calls, which it apparently is in Howard’s case, the stand-up thing is to swallow the charges (the true cost of which undoubtedly is much less than what was billed).
Spectrum’s parent, Charter, pocketed $3.5 billion in profit last year. You now have to wonder how much of that came from strong-arming customers.