"It has been discovered that some people have been accidentally donating money to a different charity than they intended by using the wrong SMS keyword. In the last few days, a lot of donations have been made to the Cancer Research UK charity, however some have accidentally been made to Unicef instead where mobile users sent a text with the message "DONATE" instead of "BEAT" to a specific shortcode.
Unicef has said, "We contacted Cancer Research [UK] as soon as we became aware of what was happening. Unicef and Cancer Research [UK] have agreed that these donations will be received in full by Cancer Research [UK]."
Even knowing which word to use didn't help some people as their smartphone auto-corrected "BEAT" to "BEAR", and they were subsequently sent information about adopting a polar bear from the WWF."
Typo-squatting was a real way to scam people and/or steal information until companies realized it was happening, and then they wised up and started owning likely typos themselves.
Same deal here. You need two typo-capable pieces of info - a short code and a text string. It's totally easy to squat on one or the other. Heck, other charities are doing it BY ACCIDENT ("Beat" vs. "Bear"). Of course scammers will get into this game.
I get the desire for immediacy, but donating via short code seems inherently prone to this sort of abuse. Too few codes, too much overlap, not enough user confirmation. It's a bad design, and if it's broken for well meaning folks, who can doubt scammers are on there.
That said, there are a few obvious practices to make this work better. Never, ever let anyone own the word "DONATE" on a shared code (similarly "PURCHASE" or "BUY" or any other non-usage-specific string). Require a certain number of characters to donate (POLAR BEAR, not just BEAR). Sorry, dumb phone crowd. Require distance - no one's code is one letter away from another working code.
But really, a way to deliver real money via SMS is and always has been a terrible idea. Don't use your cell phone bill as a mobile wallet.
I agree, sending money this way is a terrible idea. Cell phone service providers should do only that: provide a cellular network interface connection and route the data. They shouldn't be acting as a payment processor for third parties, and should probably be legally barred from doing so.
Cell phone and internet providers are utilities. They should be heavily regulated as such.
You may not be aware of this, but in many African countries the mobile phone providers allow both transfer and withdrawal of pre-pay credit. In so doing they have effectively become a bank, but one that is accessible to everyone (with a cellphone). They are used all the time for transfers of small amounts of money (like send the wife 50c for the bus fare - you transfer the credit to her number and she withdraws it from the same places you can top-up). They provide an service that is absolutely vital in allowing economic growth among the poorer members of society by easing the transfer of money and allowing smaller enterprises to function. In many ways filling the niche that Internet banking and debit cards do in developed countries.
So this small amount of payment processing is just minuscule compared international norms....