SINGAPORE: A StarHub mobile user claimed that her account was used without her permission to make online purchases worth S$1,504, and she has not been able to get the extra charges waived.

In her post on the Complaint Singapore Facebook page on Sunday, Eng WinWin claimed her account was hacked between September and October 2021, and it was used to buy game items from YoungJoy Technology Limited, which produces games such as Mobile Legends: Bang Bang, from the Google Play Store.

She contacted StarHub, Google, the police and the Consumers Association of Singapore (Case) to reverse those transactions, but in vain.

The process took about a year, after which she received a lawyer’s letter from StarHub in November 2022 requesting a payment of S$1,536.20 – which was inclusive of an administrative fee – within seven days from date of issuance, she said in the Facebook post.

It was not known if Eng made the payment eventually. The Straits Times has contacted Eng to find out more.

StarHub said in response to ST’s query that it has investigated the matter and found that Eng had the Direct Carrier Billing (DCB) service on her mobile line, which allowed her to buy third-party mobile content – such as in-app purchases – by charging the payments to her mobile bill.

To prevent her account from making further unauthorised transactions, StarHub activated the Premium Rate Services (PRS) Barring Service following her complaint, which blocked further DCB charging to her mobile bills.

StarHub added that it had billed Eng on behalf of Google through DCB and advised her to clarify the matter with Google, including the possibility of reversing the charges, as the telco “did not have visibility of the transactions” between them.

When contacted, Google said it was looking into the matter.

It added that Google Play users can prevent accidental purchases on their devices from apps and games outside its Family section by turning on the authentication function.

While apps and games in Google Play’s Family section would automatically require a user to authenticate, or to authorise, any purchases, this does not apply to other content outside that section, including in-app purchases, unless a user switches on the authentication function.

Google added that users should report any unrecognised charges to their accounts.

Case confirmed that a consumer had lodged a complaint against StarHub over charges for unauthorised transactions.

It negotiated the matter with StarHub and other parties involved in the bill, but the matter was not resolved.

Case later advised Eng on other available recourse options, which Case did not elaborate on.

The police confirmed that a report has been filed.

Tips to avoid unauthorised third-party transactions via telco bills

– Do not click on any links sent via text messages from unknown sources;

– Do not key in personal mobile numbers into any dubious or unknown websites;

– Check your bills regularly for any unauthorised transactions, and inform the telco service provider immediately of any suspicious or unauthorised transactions. – The Straits Times (Singapore)/Asia News Network