/ Technology

You shouldn’t have to foot the bill for stolen phones

Lost smartphone in grass

We’re calling on mobile providers to play fair with their customers one year after they promised to protect people facing massive bills if their phone is lost or stolen. You should not have to foot the bill for fraud.

Discovering that you’ve lost your mobile phone can be a pain. Especially if it turns out it’s been stolen.

However, phones are becoming increasingly secure with functions that make them unusable once they’ve been reported stolen. Meaning that for some criminals, getting their hands on your Sim card to make expensive phone calls is far more appealing. Until you report theft to your mobile provider, the fraudsters can rack up huge bills in your name by calling the premium rate numbers they’ve set up.

Does the cap fit?

That’s why in December 2013 the Government announced that the major mobile providers had agreed to introduce a liability limit to protect customers from excessive costs if their phone was used fraudulently when it was lost or stolen.

However, it’s now more than a year later and we’re still waiting for Vodafone, O2, EE and Virgin Media Mobile to implement a limit. While Three has introduced a cap, customers will still be faced with a bill for the first £100 if the loss or theft is reported within 24 hours.

We found that a third of mobile users would find it difficult to cope with an unexpected expense of £100, and six in 10 think they shouldn’t have to pay any of the costs incurred from fraudulent use when their phone’s lost or stolen.

Time to report lost or stolen phones

While you might assume that people would be able to report the loss or theft quickly, there are a number of reasons why you might need longer. Have you ever realised you’ve left your phone somewhere else, say at work and gone home without it? We found nearly a quarter of people said they’d accidentally left their phone somewhere for a whole day or overnight in the last two years.

That means the amount of time you have to report your phone lost or stolen before you are liable for all the costs is crucial. We think you should have 48 hours to do this. Which? Convo commenter Mike told us about the big bill he’d been hit with:

‘My own phone was stolen abroad earlier this year and, despite being locked, the Sim was used to rack up over £2,000 in a few hours before I could report it stolen.’

What are you liable for?

We don’t think you should have to foot the bill if criminals run up expensive charges on your phone. Mobile firms agreed to introduce a limit on excessive costs over a year ago, so why haven’t they implemented safeguards that really protect their customers?

Do you think mobile users should have to pay for fraudulent activity on their mobile phone if it’s lost or stolen? If so, how much should they be liable for? And how much time should they have to report a lost or stolen phone to their provider?


Thanks for the warning, Vanessa. I have made a note of the number to call if my phone gets stolen and will put this in my wallet and car.

Premium rate calls are already blocked on my phone. I cannot remember whether I did this or it was the default setting.

A friend had her four year old iphone stolen when abroad and reported the theft to O2 promptly. She wrongly assumed that O2 would cancel the rolling monthly contract but subsequently discovered that they had taken two payments after the phone had been stolen. The last I heard was that O2 had refused to give a refund.

Having a PIN set up on the handset and blocking premium calls on the handset won’t protect you.

The fraudsters take your SIM out of your handset and put it in another handset. If the SIM card does not have a PIN set up, they can then make calls and run up your bill.

They call premium rate numbers which they own and then collect the revenue share payments generated by those incoming calls.

Is it not possible to put apply a PIN to your SIM as well as your phone/

BBC Watchdog talked about this at the end of Nov 2014, although their advice seems to have left many without a usable phone.

So maybe Which should look at getting the phone companies to make that process easier.

It is, but many users don’t understand the difference between the PIN on the handset and the PIN on the SIM and get them mixed up.p

If the SIM PIN is entered incorrectly three times, you need the PUK to proceed. If the PUK is entered incorrectly ten times, you need a new SIM card.

Ian – I understand that a PIN can be set on the SIM but failed to achieve this when I bought my first phone contract last year. Is it always necessary to insert a default PIN before setting the one you want? I have been reluctant to experiment, knowing that I could disable my phone.

Please ignore my request. The default PIN for an iPhone is 0000 and once this is entered it is easy to set up a SIM PIN. RTFM 🙂

Yes, the SIM has a default PIN and it differs depending on the network.

Since the phone owner’s losses arise from criminal activity I wondered whether the insurance industry would step up to the plate and offer suitable provision in household contents cover [for an additional premium of course] as they did in respect of data theft and other such risks. There would probably have to be an excess to deter negligence and a requirement to mitigate the loss at the earliest opportunity but it might be a worthwhile protection for some.

One of the benefits of PAYG phones is that the amount you can lose is limited to the credit balance when the phone is stolen. Three are offering charges of 3p/min, 2p/text, 1p/MB. If someone steals the emergency phone I keep in the car, my loss is limited to the £10 credit and an old phone.

Having lost a wallet when abroad and managed to avoid a pick pocket in another country, I would not travel with an expensive phone. As John says, it might be worth looking at insurance cover.

In many countries, SIM cards are routinely issued with their PINs enabled. The SIM card’s initial PIN is printed on the outer card which surrounds the SIM card before it is broken out. Sometimes the initial PIN is a standard PIN (e.g. 0000) or sometimes it is a random unique PIN. When users have to enter the SIM card’s PIN every time they switch on their phones, they quickly change the PIN to a unique PIN of their choice.

UK networks always issue SIM cards with the PIN disabled and a standard initial PIN (e.g. 0000 or 1111); this is negligent. Imagine if credit and debit card issuers similarly issued cards with the PIN disabled and allowed purchases without a PIN. Such negligence would cause them to be liable for all losses if the card was stolen. Ofcom should publish rules whereby UK mobile networks are are fully liable for all fraudulent usage on SIM cards issued with the PIN disabled. This would put a swift end to this negligent practice by UK mobile networks.

And please can we be clear about the terminology. This is not about losing mobile phones, but about losing SIM cards. The loss of the device is irrelevant to this issue except in the very rare case that it stolen while in use with the screen unlocked. Most smartphone users enable their device’s PIN, which protects their data, but this does nothing to protect the SIM card against fraudulent use in the case of its loss or theft. The focus in this context needs to be specifically on SIM cards, not on devices.

Yvonne says:
1 February 2015

We should be able to set our own spending limit on the account in away that is independent of the phone and requiring extra security that would not be known to the thieves. I have raised this with Three and their response was to make any limit easily overridden from the handset! No good for me and useless to parents.
Do they want contract customers? I doubt we will be renewing if they do not change this most idiotic retrograde step!

You cannot use a credit card if you go over the limit, so why can your phone continue to rack up a huge bill above your payment plan?

There are times when you might need to go over your limit and this needs to be securely catered for, but if a phone is stolen, the bill should be covered by the phone company. They would soon put suitable procedures in place then.

Alfa – I very much agree about the need to ensure that we are not faced with unexpected bills. On the other hand, why should a phone company have to pick up the bill for those who are careless and don’t even use a PIN, for example?

Consumers need protection, but so do companies.

If spending limits were capped to your monthly plan, there wouldn’t be horrendous bills if a phone was lost or stolen.

Then the customer and the phone company would be protected from a mis-used phone. Phone companies are not going to do anything to protect the customer while they can benefit from mis-use. So if they were made liable, they would soon put something in place or face the consequences.

OK Alfa. I concede defeat on that. 🙂 I’ve marked down my own post.

LOL !!!!!!!!

That hits the nail on the head – whether your phone is stolen or you accidentally have data roaming switched on when abroad, a credit limit would solve all those sorts of problems in one go. I can’t think of any other service that you sign up to for which you have unlimited credit but is so open to unexpected usage.

As contract phones seemed to offer the best value, I used talk mobile (from carphone warehouse) when getting a phone for my daughter. They use a standard £50 credit limit which you can reduce down to £10.