In 2008, an international group of mobile operators joined forces to create the GSMA Mobile Alliance Against Child Sexual Abuse Content. This group committed to working collectively on their shared objective of ensuring individuals or organisations wishing to consume, share or profit from child sexual abuse content (child pornography) are not easily able to do so in the mobile environment.
The Mobile Alliance recently conducted additional research into levels of misuse of mobile payments services by criminal websites selling access to images and videos showing child sexual abuse. Understandably, with the growing success of the mobile payments industry, many stakeholders believed that mobile payment services could be a risk factor on these sorts of commercial child sexual abuse content (CSAC) sites.
However, our research confirmed that these assumptions are largely unfounded and that mobile payments options are still rarely seen on commercial CSAC sites. Both internet hotlines (for reporting illegal content) and international law enforcement were in agreement that whilst premium SMS is occasionally seen as a payment option on commercial CSAC sites, it represents a small minority of cases. For example, the US hotline, run by the National Center for Missing and Exploited Children, reports that between January 2012 and October 2013, of the 835 reports received relating to commercial sites containing “apparent child pornography” only nine (1%) offered SMS as a payment option; of the 2,587 reports of commercial CSAC websites handled by the UK hotline, IWF, in 2012, 78 (9%) offered premium SMS.
In addition, we were informed that commercial CSAC websites offering premium SMS payments are typically limited to a small number of geographical regions, that the payments have separate short codes for each country so are not working cross-border, and that premium SMS is almost always seen as one payment option amongst a longer list including traditional payments services (i.e. credit and debit cards), stored value accounts (SVAs) and digital currencies.
Mobile payments services are largely protected from misuse by underlying commercial and regulatory considerations, in particular by the fact that, in comparison to other mainstream payment services, there is an extended time period for provisioning of services and deferred payouts (operators are typically required to withhold payout on premium services for a minimum of 30 days to cover potential fines, versus weekly or daily payouts for the banking sector and ‘instant’ for stored value accounts). This makes mobile payments services naturally hostile to illicit businesses wishing to make quick money and a quick exit.
However, there is broad consensus that the efforts by the traditional payments industry to prevent misuse of their services are proving successful, and although traditional payment mechanisms are still misused to pay for commercial CSAC, the European Financial Coalition reports that “proactive approaches by payment processors, including the engagement of third parties to conduct monitoring and test purchasing exercises, appear to have been effective in reducing the number of sites able to take payments”.
Internationally, there are numerous mobile operators and mobile payment aggregators who similarly place due diligence, vetting and monitoring activities at the core of their service provisioning processes. And in order to ensure that mobile networks and services remain hostile to those wishing to profit from the sexual exploitation of children, as well as in anticipation of the continued evolution of the mobile payments market, members of the GSMA Mobile Alliance have developed good practice guidelines on processes for combating misuse through robust vetting and monitoring processes.
The GSMA Mobile Alliance also continues to liaise closely with informed sources from hotlines and law enforcement in order to be prepared for any new developments impacting mobile services.
The full report – including the research, risk analysis and good practice guidelines – can be found here.