MultiChoice has dominated the news on many issues, including demanding its competitor Netflix and other streaming services be regulated, pay tax and be black economic empowerment compliant. It has been losing revenue because of dwindling numbers of premium and mid-market packages. Subscribers have also voiced their unhappiness about stale content against the backdrop of increasing prices.
I am a loyal customer who experienced poor service, data breach and/or fraud at MultiChoice.
On 2 June 2022, I received an SMS saying I was in arrears and that my services were suspended. Because I always maintain a positive balance and my services were not suspended, I regarded the SMS as sent in error until the following morning, when I woke up to no service. Reaching out to the DStv App, I was shocked to discover a negative balance in excess of R2 000 and two premium decoders on my account. I phoned MultiChoice.
The consultant informed me that “I” had phoned and added those two decoders on 8 May 2022, which caused my account to be in arrears. I asked if he could locate the decoders, and he said they were unable to do so. I then asked him to remove the two decoders because I did not add them to my account and I demanded reactivation of my services.
I was informed that this would only happen if I paid R1 650, which would be refunded once the issue was resolved, and the turnaround time was 72 hours. MultiChoice restored my services upon payment of this amount. The consultant logged a query on my behalf and the two decoders disappeared from my account when I checked on the DStv App, but only temporarily — they were back on after three days.
On 5 June 2022, I received a response from the email that I sent previously in which I questioned MultiChoice’s data protection, security systems, case management and communication with customers. The response simply requested my number and none of these pertinent issues was addressed. I provided my number and I got a call from a second consultant, who then said that they listened to the recording on my account and found that “my husband”, Andile, had phoned several times, demanding addition of the two premium decoders. I have no such husband.
He did not provide any of my personal details, but MultiChoice assisted him. As I was preparing to write this piece, I sent an email with a view to get the responses I was given telephonically in writing, and the version changed. I was told in an email that Andile added the decoders on self-service. Why would he have called MultiChoice wanting the decoders to be added if he could do it on self-service?
It gets even better. The person had also asked that my cell phone number be changed to the one he provided, ending with 700. You probably are asking yourself whether at this point MultiChoice could not realise that this was a fraudulent activity.
Smoke and mirrors
Consultant number two wrote in an email that she could not contact me on my number ending with 700, supposedly Andile’s number, and I responded to that email, giving her my number. How did MultiChoice send me an SMS to my correct number on 2 June threatening termination of my services if indeed Andile had changed my number on 8 May?
Poor case management
After the first consultant “logged a query on my behalf” I had to ask him to give me a reference number, because nothing to that effect was forthcoming. Usually when one logs a query, a system will generate a reference number or some form of query identifier, which the complainant can use to follow up on a matter. I thought it was strange that no query identifier came through. It showed poor case management, because if I had not asked for a reference number, I would not have received one. Anyhow, it did not seem like there was any query logged in the first place, because when the second consultant responded to the email I sent on Friday, she sent me a different reference number.
Poor account management and lack of control
When “Andile” added two decoders on my account, I did not get an SMS or an email informing me of the changes to my account. In an effort to curb fraud, financial service providers such as banks, insurances, and telecommunication companies usually send a customer an SMS and/or email whenever there is any transaction or movement on an account — except MultiChoice, in this instance. I receive numerous marketing emails from MultiChoice but none on my account information. Account notifications are the basics for preventing fraud.
Violation of the Protection of Personal Information Act?
The POPI Act imposes certain conditions for data protection, and one of those is condition 7, dealing with security safeguards. Specifically, it requires a “responsible party [to] secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent … loss of, or damage to or unauthorised destruction of personal information and unlawful processing of personal information”.
It does not seem as if there are any technological safeguards at MultiChoice, because no notification came through to me about the movement on my account.
Consultant number two informed me “Andile” updated my contact information, which resulted in the loss of my data and cell phone number and substituted it with his. This is in direct conflict with the POPI Act. Service providers require some sort of documentary proof whenever changes to personal information are requested.
Inability to trace (fraudulent) decoders
What shocked me most in this whole debacle was when consultant number one indicated that they were not able to locate the decoders that were fraudulently added to my account. Their competitor, Netflix, sends me emails whenever I stream from a location that is different from my usual location. How difficult can it be for the company that offers satellite services to locate infringing decoders?
I am still waiting for a refund. Whenever I try to follow up, MultiChoice says it has a backlog or that their system is offline. The fraudulent decoders have still not been removed. “Andile” is still enjoying premium channels at my expense or MultiChoice’s expense, 21 days after I notified them of the fraudulent activity.
For the sake of many South Africans whose data is under the control of MultiChoice, I can only hope that it will improve its technical and organisational measures to be POPI compliant. My experience shows laxity on its measures to protect customer data, which is a breeding ground for effortless fraud. Seemingly, one does not need to be a cyber or technological guru to defraud MultiChoice and its customers; a mere phone call is enough to watch premium channels on someone else’s account and expense. This is extremely poor service delivery. I am also worried about what other personal details MultiChoice may have given to “Andile”?
The Mail & Guardian sent an email to [email protected] on Tuesday 28 June requesting comment from the company’s media officer. No response had been received by the time of publication. If MultiChoice does respond, its comments will be added to this article.
Professor Malebakeng Forere is with the School of Law at the University of the Witwatersrand. She writes in her personal capacity.