AAISP’s Novel Solution to SLAMMING in New UK Broadband Switching System
Broadband ISP Andrews & Arnold (AAISP) has come up with an interestingly quirky way of addressing concerns that Ofcom’s new, and much delayed, One Touch Switch (OTS) system, which aims to make it quicker and easier for consumers to switch internet providers, might make SLAMMING easier (i.e. being switched without your consent).
The new OTS approach is really just a more sophisticated messaging systems between ISPs, which expands the existing Gaining Provider Led (GPL) migration system to work across alternative networks (the old system was mostly only focused on Openreach based providers) and to action switches within just 1 day instead of 10 days “where technically possible“.
One concern with this approach is that such rapid switches could make it harder to stop SLAMMING, which is a mis-selling tactic that can occur when naughty people or ISPs trigger a switch (migration) of your service to another provider, albeit without you ever having given confirmed consent. The regulator’s existing migration rules are designed to protect against such abuse, but they’re far from perfect and so cases do still occur.
Advertisement
Under the current system, it tends to take around a week or more to migrate between providers on the same Openreach based network, which allows time for both providers to issue notices to customers and also affords customers the ability to request that the switch be stopped. But that’s much harder to achieve via a one-day process and, under OTS, a customer can no longer request that the switch be stopped.
Ofcom claims that the new OTS approach is designed to “safeguard against slamming“. Such safeguards include the requirement for the gaining ISP to take all reasonable steps to ensure that it does not switch customers without their consent, and in particular, that it does not engage in slamming, and that any customer who is requesting a switch is authorised to do so.
In addition, in OTS, the losing provider will be required to inform the customer of the identity of the gaining provider, which the regulator claims “should act as an additional safeguard against slamming.” But plenty of ISPs we speak with remain concerned that OTS could make the practice harder to tackle.
A Different Approach
According to the boss of Andrews & Arnold, Adrian Kennard, Ofcom’s new OTS solution “seems to also stop most ‘anti-slamming’ measures – not allowing a losing ISP to cancel a migration now!” This is arguably a bigger issue for AAISP as, under the old system, the provider could offer customers an option to pre-request that a block against switching be placed on their account to help protect against the risk of unauthorised switches.
Advertisement
The good news is that Adrian believes they’ve found another way of achieving this, which is based on the fact that the new system must match your surname between the losing and gaining providers. The approach is best explained by a new notice on the provider’s website.
Switching Notice
For a long time we have operated an anti-slamming option where you tell us in advance that you do not wish your broadband to be migrated to a new provider. You could then change that at any time.
However, the new One Touch Switching system works differently. We will no longer be able to reject switching. However, to start switching the new provider needs an address and surname to match. They can start a switch process in BT without, but this is less likely as the normal process for consumers, and probably most businesses, will be One Touch Switching.
Because the surname has to match, we now allow you to edit the contact name on each line you have with us. Your name is what you want it to be, so picking any name for any circumstance is your right, and we have to respect that and allow you to change your name under GDPR, even if only on that very specific part of our system – the contact name for a broadband service.
If you change your surname, even if it is to PSJKHGJGEXC, then that is your choice. And any One Touch Switching match request would fail unless using the surname PSJKHGJGEXC.
Obviously this is meant to be for your surname not really as a pseudo password, but, well, it is up to you.
Naturally, customers of AAISP who do this would probably need to adjust that field back to the correct surname if they did intend to switch, but this does seem like an interesting solution to the issue.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« Vodafone Connects UK to 2Africa – World’s Largest Subsea Fibre Cable
5G Has Stopped Working for Some Lyca Mobile UK Customers »
And now that it’s been publicised, OFCOM will tweak the rules to require CPs to ensure that data provided for OTS is correct.
Why not have it so the losing provider auto texts the customer on their saved mobile number to say please confirm you are leaving us by replying Y or to reject replying N. Shouldn’t be that hard to implement, that’s how it gets done for new contact renewals whereby a link to the CIS is sent out under OFCOM rules to saved number.
The losing ISP has to respond within 60 seconds of a request, so unlikely to work with a customer needing to approve or deny the request.
Sounds like an innovative solution by AAISP. Clearly the OTS system needs to be revised to make it harder for slamming, not easier.
Couldn’t the system just involve some kind of relatively fast confirmation, e.g. text or phone, before it’s allowed to proceed?
If someone is in a position to abuse this, chances are you have worst things to deal with anyway.
Concept was the ISP would abuse it;
Are you sure your want to move? Half price for the next 6 months if you stay! Press 1 to confirm or 2 to cancel
@anon
So just ban the practice as part of this? If anyone is found abusing it fine them and allow any affected customer out of any contract penalty free.
Or do allow the practice but it has to be worded in a specific way. I had a family member who switched mobile networks recently get annoyed when their old provider gave them an offer which they would have accepted, but they only received after switching.
So that is why that new surname field suddenly showed up in the control panel about a week ago! I naively completed it with my actual details.
Having been a victim of slamming, I know how important this is and it astounds me that the new OTS process does not protect against it in any meaningful manner.
It also concerns me that a business could have a complicated setup involving multiple carriers and WAN IPs that they could suddenly lose over night in a targeted attack.
I will be changing my surname to a random string now
I’d guess if you’re a company that contacts a gaining CP to inform them that the order is slamming and they don’t intervene then you would have quite a good case if you wanted to take it as far as a court room.
The onus needs to be on the gaining provider to not allow themselves to be used for slamming or place slamming orders themselves, maybe some punitive fines would help. £1000 each time you disconnect someone because you weren’t validating the order properly (with FTTP this could be as simple as checking the ONT serial) would give them an incentive to solve the problem.
You can submit an anti slamming request via the control panel anyway. I did years ago to make sure.
@Not Alex.. the Anti Slamming request is no longer applicable under OTS. That’s why they’ve invented this new workaround.
AA’s approach is a glorious hack but a switching password is a good idea. It seems like it would completely solve the problem. Did Ofcom consider this as part of the system design and why was it rejected?
Informally a lot of this stuff was discussed. Fundamentally ofcom were very opposed to anything ‘complicated’ and wanted to focus on making the user not have to ‘do anything’ like supply account numbers or provide a switching passcode. PAC codes are perfectly sensible and would of been smart to being something similar over to this ISP world to be honest. One mooted idea was to require the old ISP to pass on a ‘please confirm xyz’ text but that was seen as open to abuse and additional complexity. Ofcom see a small amount of accidental slamming as a sacrifice in the name of the greater good; easy ‘even an actual certified idiot can do’ one touch switching.
Informally a lot of this stuff was discussed. Fundamentally ofcom were very opposed to anything ‘complicated’ and wanted to focus on making the user not have to ‘do anything’ like supply account numbers or provide a switching passcode. PAC codes are perfectly sensible and would of been smart to being something similar over to this ISP world to be honest. One mooted idea was to require the old ISP to pass on a ‘please confirm xyz’ text but that was seen as open to abuse and additional complexity. Ofcom see a small amount of accidental slamming as a sacrifice in the name of the greater good; easy ‘even an actual certified idiot can do’ one touch switching.
Why not have a second field with Account transfer phase, and use the system AAISP has suggested, as this would help not only internet switches but also mobile phones too
pac plus account transfer phase ..
Madness. Criminals will still be criminals no matter how nicely you ask them not to be!
The minimum time should be 48 hours and the current provider should be able to cancel it. Or have an account option that by default is set to block migrations and you have to log in and toggle it to disable the block when you want to migrate.
I don’t understand how a regulator can screw this up so much. What’s wrong with the gaining provider being required to supply the account number from the existing connection? Sending this to the current provider would act as a means of authentication, immediately ending accidental transfers, (usually because some wazzock has got the address wrong), and also ending the vast majority of malicious ones. This is also an interesting idea, though. Well done AAISP.
This ^
Perhaps supplying the CBUK* or BBEU as security.
*oh that’s how it used to work.
“I don’t understand how a regulator can screw this up so much.”
Looking at the chaos overseen by OFWAT in the water sector, OFGEM in the energy sector, and ORR in the rail sector, there does appear to be a strong trend of big “arms length” regulators mis-diagnosing the problem, ignoring consumer interests, and imposing poor regulatory “solutions” that cause more problems than they fix. Maybe one touch switching is Ofcom’s attempt maintain its status in the big league of ineffective regulators.
It is important to understand that regulators are intending to meet government policy goals – these bodies are accountable to parliament, unfortunately the policy goals aren’t about getting good value for consumers, they’re about “promoting competition” as an outcome in itself. As a result, regulators in competitive markets think that high levels of switching represent a success. Worked well in the energy markets, not. The regulators don’t control those policy goals, which are set by ministers – but they do control how they seek to achieve them, and the risks and tradeoffs they choose to permit, and this is where Ofcom have made a hash of things.
If Ofcom understood consumer needs and how the telecoms market actually functions, they’d have seen that the biggest restriction on broadband competition is where big telcos lock customers into 18 month or two year deals with onerous and totally unjustified early termination charges, as well as putting their prices up during the fixed term. Those three things are what needed fixing, not one day switching. As much as anything, even when out of a fixed term contract, every consumer has to give 30 days notice to their supplier, so there’s almost zero consumer value in one day switching. Almost as though Ofcom operate from some distant planet, and have no experience or awareness of how UK consumer contracts operate.
When it comes to the lack of safeguards in OTS, it’s also noteworthy that the whole project is years late and has been poorly project managed and ineffectually regulated from the start. As a result, Ofcom are in a shipwreck hurry to get OTS implemented, and any ideas that might cause delay (like doing a proper job) will have been ignored.
Ofcom and the other arms length regulators’ poor performance can be summed up by paraphrasing Ernest Benn: Regulation is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong remedies.
@At says…I’m not familiar with that system, but if they had something that already worked it makes you wonder why they didn’t stick with it.
@Andrew G…Agreed.
Indeed that is quite an interesting and intuitive solution
What are the rules for active line takeovers? Such as when a previous householder hasn’t cancelled their services and a new home owner moves in. Would this have a minimum timeframes that is longer than the one day? Would this default to 1 or 2 weeks, similar to what we have now with GPL switches?
Ofcom’s surname requirement is a good idea. A lot of slamming, in my experience, comes from people putting their address in wrong when placing an order.
Hmm. I wonder if gaining providers would be happy to take on John PSJKHGJGEXC if their name was actually John Smith. I assume they would fail credit checking as the agencies wouldn’t recognise the surname…
@Ben
What this stops is slamming.
When the AAISP customer wants to switch away, all they do is log into the AAISP control panel and change the name to the correct legal name. Then they start a switch which will work without issues,
This is not rocket science and has been solved for years on mobile phones where you request your PAC code that has to be issued automatically by your provider and give it to the new provider. Why on earth didn’t OTS copy this system?!
Because as anon states above, Ofcom wanted to reduce the friction to the minimum possible, and in the case of PACs specifically wanted to stop the “deal behind a ‘retention’ department” behaviour that operators have adopted.
We solved that problem with text to switch. Perhaps we need a similar system for broadband – customers email a special address which triggers a code sent to the account holder’s registered email address?
There is already an option that OFCOM could have copied….it could even have had a fancy name…Migration Authorisation Code (lets call it a MAC for short).
evey connected device has it’s own MAC
not the same thing as you described, but some ppl could get confused with the same acronym used.
The current system of texting a mobile provider for a PAC codes works. This already bypasses Customer Service and retentions as automated response sent with code. A PAC code for Broadband should be used in a similar way.
In 2024 we really should be able to leave an ISP the same way you leave a mobile network.
Text PAC to some number, get a code, give that code to new ISP.
They could keep the current system but just make the consequences for SLAMMING considerably higher.
If someone changes their contact name to PSJKHGJGEXC does that show on A&A bills?
If so, such bills could be used for identity fraud purposes
> If someone changes their contact name to PSJKHGJGEXC does that show on A&A bills?
No.
This approach breaches at least 2, maybe more OFCOM regulations.
1. The process is gaining provider led, any attempt to make the customer contact their current CP to switch is not permitted.
2. Matching on name is not a required part of the process, the customer can match solely on their account number and address if needed, so if the matching has been implemented to require a name to match it is not in accordance with the OTS industry process, and that is regulated as a requirement by OFCOM.
Slamming protection is not singular concern of any individual CP, it is the responsibility of OFCOM and TOTSCO as the caretakers of the OTS process.
Also, all switching statistics are being collated for OFCOM, and any CP’s with abnormally high rejection rates again will likely become a focus for scrutiny. Again, any attempts to make it difficult to switch will likely be seen as in breach of the process and therefore the regulations.
It is true that far more secure switching approaches were considered, but OFCOM deemed the current to meet their requirements and that is what the industry is required to conform to.
Just set my OTS password haha.