/ Technology

New cap on bills for stolen mobiles falls short

Phone being stolen

Should you have to pay for a bill that’s been racked up by criminals? The Government has reached a voluntary agreement with five mobile operators to tackle shock phone bills – we don’t think it goes far enough.

EE, O2, Three, Virgin Media and Vodafone are to set a cap of £100 on your phone bill if you report your mobile lost or stolen within 24 hours.

Three has already introduced the cap, with EE planning to introduce the same within the coming weeks. O2, Virgin Media and Vodafone will follow with the new measures later this year.

Shock mobile phone bills

We’ve heard from people who’ve been served with bills costing thousands of pounds due to mobiles (and their SIM cards) ending up in the hands of criminals. Which? supporter Frances shares her experience:

‘[My daughter’s mobile provider] let a bill of £1,800 run up on my daughter’s stolen phone before they let us know. They are now harassing us for payment which we cannot afford.’

Although the long overdue cap will limit the impact of shock bills like the one shared by Frances, the measures still fall short of our expectations.

Why pay for fraud?

You might remember that we surveyed mobile phone users to find out whether they thought a £100 cap would be fair. A third of them said they’d find it difficult to cope with an unexpected expense of £100, and six in 10 didn’t think they should have to pay any of the costs arising from fraudulent use.

You don’t have to pay for the fraudulent charges made on stolen credit cards, so why should you have to with your mobile?

There’s another problem with the new agreement. You’re only going to be protected by the £100 cap if you report your phone lost or stolen within 24 hours. You usually have to do this over the phone…

Losing trust in mobile operators

This voluntary agreement is just another example of why people are fast losing trust in mobile operators. Add to this that three quarters of people are on the wrong mobile contract, and it’s a good thing Ofcom’s reviewing the mobile phone market.

Not only should it be easier to report a phone theft, we don’t think you should have to pay anything for fraudulent activity on your phone if you report it lost or stolen within 48 hours. We also think there should be an industry-wide plan to protect people from shock bills.

Has your mobile phone ever been lost or stolen? What type of response did you get from your mobile provider?

Keith Turner says:
23 March 2015

Not being a great user I converted to Pay as You Go years ago & I intend to stay that way totally limits unauthorised use! How are you supposed to inform them if you lose the phone? Does anybody remember their number if calling from a borrowed or friends phone? same problem with banks if you lose the card number is on the back of it.

Mobileman says:
23 March 2015

All mobile users should have a secret code that they can send to their stolen phone to ;
A) Disable the phone.
B) Delete all content including phonebook and pictures.
C) Locate the phone.
Some phones already have some of these features and the phone companies could introduce them across the board if they chose to. This would make phone theft a bit pointless and all of the stress caused to decent folk would not happen! Which should start a campaign to achieve this!


How does this prevent a thief from using a stolen SIM card? It’s the stolen SIM card that’s the issue here, not the stolen phone.


The emphasis should be on stolen SIM cards, not on stolen phones. The theft of a phone is irrelevant to the ability of thieves to use the SIM card. If the media reported the problem properly, i.e. that the theft of the SIM card is the problem, then consumers might understand better what they need to do to protect themselves.

I think that mobile networks should be liable for all usage on stolen SIM cards that they originally issued without the PIN enabled by default. In other countries, networks issue all SIM cards with the PIN enabled, often with a random PIN printed on the outer card containing the SIM card, and the problem of stolen SIM cards consequently has a much lower impact than in the UK. Note that this is completely separate from any PIN used to protect the data in the phone.

Imagine if debit and credit cards were similarly issued without any PIN protection until the customer enabled it. As a result of such a negligent practice, debit and credit card issuers would be held liable for all fraudulent usage in the event of loss or theft. Therefore when mobile networks issue SIM cards without any PIN protection enabled, why aren’t they similarly liable for all losses? As usual, Ofcom has done nothing to implement the obvious solution to this problem.

According to this Sky News article, “Kip Meek, of EE, said: We advise customers to protect their phone as they would their wallet and make full use of the security features, including SIM lock“. If EE advises customers to make full use of the security features, including the SIM lock, why doesn’t it enable the SIM lock by default? EE’s failure to do so is negligent, as are all other UK networks’ failure to do so.

The proposed £100 liability limit is only tackling the symptom and is not tackling the cause. Can Which please campaign to have SIM locks enabled by default?


NFH – Thank you for shedding much light on the problem. Without your posting I would be unaware that it is the SIM card that is the relevant area of concern.

I hope and indeed trust that the factory set SIM is not defeatable by programs such as this:
at dekart.com/products/card_management/sim_manager/

I know little of mobile phones and even less of smart phones as I barely use them. I am conscious of computer hacking and frauds and therefore have little trust in security/companies/regulation.

I do have a devious mind and it seems to me that allowing the phone to be found with an old blocked SIM inside whilst you use the recently knicked SIM card would mean you probably would be able to use it longer. The mobile handed in to the police should allay suspicions and perhaps nullify any suspicions being phoned to the issuing company.


I believe that we should be able to decide what value cap we want on phone charges. We should also be able to choose a smaller credit limit on credit cards and whether or not we want a contactless debit or credit card.

Let us put the consumer in charge, even if we have to fight for our rights.


As I understand it you can ask for your own limit on a credit card.

I use PAYG so unauthorised use not a problem as I rarely have more than £10 in credit. You are responsible for looking after your own phone of course, but putting an upper limit on call charges will depend upon how much you use yor phone, won’t it? Putting on a limit may prevent you using your phone for the remainder of a month if you have higher usage than expected without it being stolen.

My broadband provider has a limit on my monthly landline phone calls before it advises me. Never used the limit but seems sensible.


Given the choice I would set my cap at £10 to limit the charge if my phone was stolen. That would enable me to call a costly number in emergency. Other calls are covered by the tariff. I certainly don’t relish paying £100 for calls if my phone was stolen.

When I got a couple of credit cards over 40 years ago, I set a low limit for one of them, which is the card that I use routinely. It means that if anything goes wrong, my maximum loss is limited, notwithstanding whatever legal protection I may have.