Direct Carrier Billing (DCB) Compliance Guidance

Different countries and territories have different direct carrier billing (DCB) compliance regulations and for marketing mVAS services. However, regardless of where you sell digital services there are general rules and guidelines that will help you stay on the right side of the regulator. 

Below we share DCB compliance guidance that is best practice wherever your market. If you need country-specific information please get in touch and we can provide you with more insights.

DCB Compliance Best Practice in Any Market

Mobile Carrier Rules and Code of Conduct

You must comply with mobile carrier rules / code of conduct in each market. These may include:

  • Some carriers restrict the use of header-enriched flows (preventing pre-population of the consumer’s MSISDN), and/or MSISDN pass through.
  • Some carriers may restrict online payment to only using direct carrier billing, rather than PSMS.
  • Most carriers require Double Opt-in for Consent to Charge, with many requiring PIN-verification.
  • Where PINs are required, these generally need to be randomised and unique to the user, and they should expire ifthey are entered incorrectly or if they are not unused within a period of c.15 minutes (it is generally not permitted to pre-populate the PIN for the user).

General Compliance Regulations

Increasingly, the following compliance regulations are becoming standard across different markets:

  • Further proof of Consent to Charge a consumer may be required by utilising an auditable third-party PIN provider. Consent is usually evidenced by capturing the key terms presented to the consumer and their opt-in to purchase.  
  • Utilising the services of a fraud-blocking provider is also mandated in a growing number of markets.

Content Specific Regulations

Countries often have content specific regulations; most commonly: 

  • Gambling services require registration and additional controls or may be banned completely.
  • Competition services are often restricted (an element of skill, such as a general knowledge question, may be necessary to separate competitions from Gambling.)
  • Adult services (pornography) are banned in many markets, particularly the Middle East, this often includes restrictions on the placement of adverts for other genres of service within adult sites, or utilising any adult images within the ad banners.
  • In countries where adult services are permitted the rating of content may be restricted, X-rated content may be banned, and only less explicit glamour style content allowed.
  • Fortune telling and horoscope services are often restricted. Where permitted they should avoid advice on topics of health and finance.

Advertising Compliance Regulations

Advertising should not be misleading either deliberately or with the omission of key information, this includes:

  • False or exaggerated claims: Ads that make false or exaggerated claims about the features, benefits, or pricing.  
  • Hidden charges or fees: Ads that do not clearly disclose all the charges or fees associated with the service, leading users to believe that a product or service is free or low-cost.  
  • Misrepresentation of products or services: Ads that misrepresent the nature, quality or functionality of the service. For example, an ad may depict a VAS service as a legitimate mobile app when it is actually a scam or malware.  
  • False endorsements or testimonials: Ads that use fake endorsements, testimonials or reviews, misleading users into thinking that a product or service is endorsed by reputable sources or has positive feedback when it does not.  
  • Confusing or unclear information: Ads that present information in a confusing or unclear manner, making it difficult for users to understand the terms, conditions or implications of a purchase or subscription.

Other things to watch…

  • Promotions directed at minors are generally discouraged. Whilst not always enforced, EU countries are subject to blanket restrictions on subscription services being directly advertised to children.
  • The context of the banner placement may also present an issue, for example placing “Download Now” style banners on a site next to an unrelated video or music content could result in breaches for misleading advertising.

NOTE

If using marketing Affiliates to generate traffic, you should be vigilant to what claims are being made on your behalf. Spot-checking promotions using ad-scanning technology is recommended.

Affiliate activity on social media platforms has been particularly prone to fraudulent claims being made with the consumers being promised non-existent incentives such as free phones or allocations of virtual credits, prior to reaching the service sign-up page. This fuels complaints to the Networks and Regulators.

Landing Pages and Payment Pages

Landing pages and payment pages need to achieve informed consent to charge. This includes:

  • Providing clear and transparent information about the charges, including the amount, frequency, and duration of the service. 
  • The price should be prominent and proximate to the call to action; this is often a very subjective area of regulations with a large degree of interpretation depending on country and operator. It is recommended to present key terms in clear contrast and font sizes proportionate to the size of the call to action and other prominent promotional screen elements.
  • Button wording should use payment terms.
  • You should give customers the ability to cancel their subscription at any time and the opt-out instructions must be presented on payment screens and receipts.
  • Functioning customer service contact information should be provided and easily accessible. Country-specific standards apply, but generally a standard rate or toll-free number should be provided. In many countries this must be staffed during business hours, or if a voicemail is permitted messages are responded to promptly within 24-48 hours max. Email customer care may be permitted as an optional route of contact.   
  • Customer data must be protected from unauthorised access or disclosure. Within Europe, the General Data Protection Regulations (GDPR) applies. 

DCB Compliance and mVAS Requirements

Here are some specific requirements for DCB compliance and mVAS: 

  • Direct carrier billing providers must obtain prior consent from the customer before charging them for any services. 
  • Direct carrier billing providers must provide clear and transparent information about the charges, including the amount, frequency, and duration of the service. 
  • Direct carrier billing providers must give customers the ability to cancel their subscription at any time. 
  • Direct carrier billing providers must protect customer data from unauthorised access or disclosure. 
  • Direct carrier billing providers must comply with all applicable laws and regulations, including the Telecommunications Act, the Consumer Protection Act and specific country Data Protection Laws 

It is important to note that these are just some of the key DCB compliance requirements and for marketing mVAS services. If you are considering offering these services, it is important to consult with a legal advisor or compliance specialist to ensure that you are adhering to all applicable laws and regulations. 

Country-specific regulations will also apply, and within each market there will be content or industry-specific regulations, such as for gambling, adult content, competitions and other areas. 

These regulations may vary from country to country and may be subject to change over time. For example, in some countries, gambling may currently be prohibited but there are plans to legalise some types in the future. 

It is vital that if you operate in these markets, you are fully aware of the relevant regulations that affect your business to ensure DCB compliance. While partners in the DCB value chain may assure you that their activities are compliant; if your business is open to fines and regulatory scrutiny it is incumbent on you to protect your customers and brand.

To find out more about how you can do this, download our whitepaper on DDRC below.

related posts

Building a Secure and Trustworthy Mobile Payments Ecosystem

Following a recent MEF webinar discussing fraud in the mVAS/DCB space, here we share why collaboration is the key to protecting customers and the value chain.

Telecoms World Middle East 2024

Book a meeting with MCP Insight at 8.1 LIVE to explore how we can protect your mVAS/DCB business and grow revenue.

Cookie Consent Pop-ups on mVAS Advertising Flows

Cookie consent pop-ups are appearing on mVAS advertising flows after several EU data protection supervisory authorities issues new guidance. Here we explore how to minimise any negative impact and ensure compliance.