The Phone-paid Services Authority, the PSA, is the UK regulator for content, goods and services charged to a phone bill. This encompasses the goods and services that can be bought by charging the cost to the phone bill or pre-pay account and typically include
charity donations by text, music streaming, broadcast competitions, directory enquiries, voting on TV talent shows and in-app purchases. Monumental uptake of digital services has been intensified by the pandemic, and regulators have been forced to
rethink their traditional approach accordingly.
While these phone-paid services, or ‘premium rate services’ (PRS) are nothing new, the environment in which they are provided is evolving rapidly. Naturally, this significant contextual shift means that the regulator recognises the need to evolve and adapt
to changing market dynamics.
The PSA is acting on this evolution with the design and adoption of a new Code of Practice, Code 15.
Code 15’s
consultation document outlines this change in market conditions and consumer expectations, explaining that the market it now regulates is fundamentally different from what it was ten years ago.
The document reads: “when we first introduced outcomes-based regulation under Code 12, mobile-based services accounted for roughly 40% of market revenues. Consumers spent over £200 million on Directory Enquiries services and smartphone penetration was less
than 50% of the population. Mobile-based revenues have now accounted for more than 80% of revenues for the past three years in a row.”
As of August 2020, the phone-paid services market had grown to £646.1 million, with more than half (52%) of UK adults using at least one phone-paid service in FY2019/20.
Providing background to the decision to update the Code, Jonathan Levack, code implementation lead at the PSA, states that the PSA’s “current regulatory approach is creaking. The market that we regulate has changed significantly since the last major Code
review and we also need to meet the changing demands of consumers.”
This shift, Levack furthers, is driven in part by experiences with the wealth of new digital payment options in addition to changes to consumer legislation such as the right to refund straight to a bill. The PSA closely examined the approach being taken
by other regulators in similar sectors like the FCA, the PSR and Ofcom to get a sense of how the new Code could adopt certain aspects or insights already implemented elsewhere.
“If phone payment wants to compete, we need to meet these consumer expectations.”
Evolving from a reactive to a proactive Code of Practice
Recognition of the need to shift the fundamental structure and objective of the PSA’s current code is seen in the departure from an ‘outcomes-based’ approach.
Gavin Daykin, the PSA’s programme director for code review (on secondment from Ofcom), explains that one of the tensions the PSA has seen in recent years is that the ‘outcomes-based approach’ lends itself to varied interpretations by providers – insofar
as how they intend to meet the Code’s outcomes.
“The way providers interpret the Code isn't always in the consumer’s best interests, it has needed to be fixed by us as the regulator. This would be done either through changing the policy, specifically introducing new special conditions which set out requirements
that we expect providers to meet, or, through investigation and enforcement actions.”
By moving to a standards-based approach, Daykin believes the expectations will be much clearer around what the PSA demands from providers.
“Linked to the point around code simplification is the effort to bring-in dispersed regulation which sits in the code, in guidance, or in special conditions, which over the years has led to quite a complex regulatory system. Through Code 15 I think we see
an opportunity to make regulation much simpler so that compliance becomes easier for providers enforcement becomes easier for us. It's a real opportunity to simplify and consolidate, as well as making interpretations much clearer to the industry.”
Consumer protection is at the heart of Code 15
Daykin believes consumer protection is very much the forefront of what the PSA trying to achieve with Code 15.
In its 2020 Annual Report, PSA chairman David Edmonds, noted that with the emergence of Covid-19 and dramatic pause on face-to-face interactions enforced almost overnight, UK adults spent more time online than ever before. It therefore became even more essential
that consumers can trust that the purchases they are making online and those charged to their phone bill are secure and reliable.
“We exist to serve consumers by setting the standards that the industry must adhere to and ensure that only legitimate players operate in the market.”
The regulator boasts an improving consumer satisfaction record, and assessed complaints it received dropped from nearly 1,400 per month at the start of the 2020 financial year to under 500 per month by the end, yet, there continues to be pockets in the marketplace
where poor, or bad practice occurs.
Daykin notes that the PSA continues to see complaints around recurring payment subscriptions, despite efforts from the regulator to combat this.
Due diligence risk assessment control is another area where the regulator sees significant issues. When network or upstream providers contract with third parties for services, there is a requirement to carry out proper checks and ensure that the people they’re
contracting and operating with - allowing to use their platforms – are legitimate companies. While some providers are very reliable and carry out these checks effectively, across the industry performance has been quite poor.
This ties-in to the PSA’s shift toward proactive regulation and preventing harm by putting more discipline in place at the market entry level.
“What we've seen over recent years is ‘fly by night merchants’ with no interest in good consumer outcomes entering the marketplace, causing havoc, taking consumer money and disappearing,” explains Daykin. Unfortunately, by the time the PSA typically steps
in, the bad actors have disappeared and there's no way to get the money back for fines and for consumer refunds.
The PSA is also increasing its focus on supporting vulnerable consumers. As is also the case in digital payments, improving digital consent processes is a core component in reducing fraudulent behaviour to protect the consumer.
Learning good practice from the online payments sector
While multi-factor authentication is commonplace for online payments, it has taken a different route to adoption within the phone-paid services sector.
Currently the PSA
requires multi-factor authentication for subscription services, online competition services, online adult services society lotteries and recurring donations through special conditions, and notes that it has been highly effective for dealing with consent
to change issues. With Code 15, the PSA is proposing that this requirement for multi-factor authentication to be extended to all services which are access fully or in part via an online gateway.
Under the EU authorisations directive, the PSA is unable to move toward an authorisation or licensing-based regime for multi-factor authentication which is seen elsewhere in the payments space.
Daykin adds that the PSA “would love to adopt this kind of approach, but the statutory powers don’t allow us to. There is no licensing regime for us to be able to authenticate companies or to stop companies entering the marketplace. This might be something
we lobby government to think about in the future.”
In the absence of this, the PSA is building out its registration system to enhance the information it collects from companies entering the marketplace. This, Daykin adds, is aimed at improving the quantity and quality of information from across the value
chain and will be used to strengthen the regulator’s oversight.
When asked why the distinction around authentication exists between the phone-paid services and online payments industry – given these both typically take place on the same type of devices, Daykin notes that the phone-paid industry is quite a distinct marketplace
with a complex value chain.
“There are networks at the top end, intermediaries in the middle (who provide platform services and the ability for merchants to provide their services), and of course, at the far end are the merchants. The merchants are the people who actually provide the
services and need to contract with other parties in order to enter the marketplace.”
He elaborates that the PSA tried through Codes 13 and 14 to try and define the marketplace and articulate where responsibilities lie, but this has proven to be quite a challenge. As a result, it had to be overly reliant on enforcement – taking action
after things went wrong rather than taking a proactive approach and getting involved at the outset of the process.
“Other sectors like Ofcom and the FCA have a strong supervision regime, and I think to say that our regulatory model is creaking is a little generous.”
There is a strong desire to ensure that Code 15 will bring regulation up to date and up to speed so that the PSA can regulate in a far more efficient, effective way.
“This will be good for the industry because it means we won’t constantly be having to lurch into having to do investigations, it's good for consumers because it stops the harm happening in the first place, and it's good for us as regulators because we're
able to focus our resources in a more effective way in stopping the harm.”
Levack argues that there are fundamental differences between the phone-paid services and payments market – namely that the former was not necessarily a payment market in the first place.
“The genesis of the market is telephone calls, for instance when calling an 09 number or 118 number, and you would have that charged your phone bill. It was a very well-known service dedicated to your phone, it was really easily understood.”
“Then, as smartphones came in, you could get internet content and could start paying for that using your phone bill, this is where the nature of the market started to change. It then merged into a more payment like world, and we're playing catch up to that
payment world. So that's why I think we are introducing the standards and expectations that we’ve seen elsewhere, because the market has evolved.”
Levack notes that all of these objectives within the new Code centre on “trying to get all of the market to meet the standards of good practice that digital payments demonstrates. It's about raising the standard across the board.”
Daykin concludes that the process has been lengthy, including extensive stakeholder engagement, , with work on the new Code having commenced in early 2020, and the final Code 15 scheduled to come into force in April 2022.
“It’s about being a more productive regulator with better standards, improved prevention of harm, simplifying the regulation, and making enforcement easier. These are big undertakings; it isn’t something we would conduct on a two or three yearly basis. We
only do it when there is a need.”