Tag: consumer protection

New laws to protect consumers from cyber criminals come into force

From today, regulations enforcing consumer protections against hacking and cyber-attacks will take effect, mandating that internet-connected smart devices meet minimum-security standards by law.

  • World-first laws protecting UK consumers and businesses from hacking and cyber-attacks take effect today   
  • manufacturers of products such as phones, TVs and smart doorbells are now required to implement minimum security standards against cyber threats   
  • consumers will benefit from banning of easily guessable default passwords, marking a significant leap in protecting individuals, society and the economy from cyber criminals 

Consumer protections against hacking and cyber-attacks will come into force today, as all internet connected smart devices will be required by law to meet minimum-security standards. 

Manufacturers will be legally required to protect consumers from hackers and cyber criminals from accessing devices with internet or network connectivity – from smartphones to games consoles and connected fridges – as the UK becomes the first country in the world to introduce these laws.  

Under the new regime, manufacturers will be banned from having weak, easily guessable default passwords like ‘admin’ or ‘12345’ and if there is a common password the user will be promoted to change it on start-up.

This will help prevent threats like the damaging Mirai attack in 2016 which saw 300,000 smart products compromised due to weak security features and used to attack major internet platforms and services, leaving much of the US East Coast without internet. Since then, similar attacks have occurred on UK banks including Lloyds and RBS leading to disruption to customers. 

The move marks a significant step towards boosting the UK’s resilience towards cyber-crime, as recent figures show 99% of UK adults own at least one smart device and UK households own an average of nine connected devices. The new regime will also help give customers confidence in buying and using products, which will in turn help grow businesses and the economy.  

An investigation conducted by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.   

 Minister for Cyber, Viscount Camrose said:   “As every-day life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater. 

“From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world first laws that will make sure their personal privacy, data and finances are safe.   

“We are committed to making the UK the safest place in the world to be online and these new regulations mark a significant leap towards a more secure digital world.”

Data and Digital Infrastructure Minister, Julia Lopez, said: “Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected.

“Our pledge to establish the UK as the global standard for online safety takes a big step forward with these regulations, moving us closer to our goal of a digitally secure future.”

OPSS Chief Executive, Graham Russell said: “The use and ownership of consumer products that can connect to the internet or a network is growing rapidly. UK consumers should be able to trust that these products are designed and built with security in mind, protecting them from the increasing cyber threats to connectable devices.    

“As the UK’s product regulator, OPSS will be ensuring consumers can have that confidence by working with the industry to encourage innovation and compliance with these new laws.”

NCSC Deputy Director for Economy and Society, Sarah Lyons said:  “Smart devices have become an important part of our daily lives, improving our connectivity at home and at work; however, we know this dependency also presents an opportunity for cyber criminals.  

“Businesses have a major role to play in protecting the public by ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyber-attacks and this landmark Act will help consumers to make informed decisions about the security of products they buy. 

“I encourage all businesses and consumers to read the NCSC’s point of sale leaflet, which explains how the new Product Security and Telecommunications Infrastructure (PSTI) regulation affects them and how smart devices can be used securely.”

With 57% of households owning a smart TV, 53% owning a voice assistant and 49% owning a smart watch or fitness wristband, this new regime reinforces the government’s commitments to addressing these threats to society and the economy head on.  

The laws are coming into force as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.    

The new measures will also introduce a series of improved security protections to tackle the threat of cyber-crime:  

  • Common or easily guessable passwords like ‘admin’ or ‘12345’ will be banned to prevent vulnerabilities and hacking  
  • Manufacturers will have to publish contact details so bugs and issues can be reported and dealt with  
  • Manufacturers and retailers will have to be open with consumers on the minimum time they can expect to receive important security updates  

Rocio Concha, Which? Director of Policy and Advocacy, said: “Which? has been instrumental in pushing for these new laws which will give consumers using smart products vital protections against cyber criminals looking to launch hacking attacks and steal their personal information. 

“The OPSS must provide industry with clear guidance and be prepared to take strong enforcement action against manufacturers if they flout the law, but we also expect smart device brands to do right by their customers from day one and ensure shoppers can easily find information on how long their devices will be supported and make informed purchases.

David Rogers, CEO of Copper Horse, said: “We started this work many years ago so that people would not have to understand lots about the security of connected product in order to be secure. Getting rid of things like default passwords that are set to ‘admin’ or ‘12345’ are fundamental basics.

“Manufacturers should not be providing anyone with products like webcams that are so weak and insecure that they are trivial to hack into and takeover. This stops now and people can have greater confidence that the internet connected products that they buy have better security measures built-in to protect them.”

The UK government has collaborated with industry leaders to introduce this raft of transformative protections, which also include manufacturers having to publish information on how to report security issues to increase the speed at which they can address these problems.

In addition, consumers and cyber security experts can play an active role in protecting themselves and society from cyber criminals by reporting any products which don’t comply to the Office for Product Safety and Standards (OPSS).   

The government is beginning the legislative process for certain automotive vehicles to be exempt from the product security regulatory regime, as they will be covered by alternative legislation.   

This new regime intends to increase consumer confidence in the security of the products they buy and use, delivering on one of the government’s five priorities to grow the economy.

The new laws are part of the government’s £2.6 billion National Cyber Strategy to protect and promote the UK online.

Ofcom proposes ban on inflation-linked mid-contract price rises

Ofcom also reveals that take-up of social tariffs more than doubled in the last year, but millions of eligible customers remain unaware of them

Telecoms customers must be told upfront in pounds and pence about any price rises their provider includes in their contract, under new consumer protection plans set out today by Ofcom.

With most major phone, broadband and pay TV companies now including mid-contract price rises linked to uncertain future inflation, we are concerned that customers’ contracts do not provide sufficient certainty about the prices they will pay.

So Ofcom are proposing to introduce tougher protections for customers by banning this practice.

Confusing price rise terms risk undermining competitive market

Competition helps keep prices down. Although some broadband prices have increased this year, over the last five years, average prices for broadband and mobile services in the UK have fallen in real terms. At the same time, companies have been investing in upgrading their networks, while average speeds and data use have increased.[1]

However, for competition to work, consumers must be able to shop around with confidence.

In recent years, pricing practices where providers impose an annual rise linked to unpredictable future inflation, plus an additional percentage of typically 3.9%, have become significantly more widespread, undermining customers’ understanding of what they will pay.

Timeline: Introduction of inflation-linked price variation terms including an additonal fixed percentage

What we have found

Our analysis of providers’ data shows that as of April 2023 four in ten (11 million) broadband customers and over half of mobile customers (36 million) were on contracts subject to inflation-linked price rises. We estimate that these numbers may grow further, to around six in ten of both broadband and mobile customers, as Three and Virgin Media apply inflation-linked in-contract price rise terms to more of their customers’ contracts during 2023/24.

However, awareness and understanding of these terms is very low.  More than half (55%) of broadband customers and pay monthly mobile customers (58%) do not know what inflation rates such as CPI and RPI measure. And of those who are with providers that use inflation-linked price rises, very few broadband (16%) and mobile customers (12%) were both aware of the price rise and able to identify that it was inflation-linked with an additional percentage.[2]

We also found that even when people do consider future inflation-linked price rises when choosing a contract, they often do not understand them fully and find it difficult to estimate what the impact could be on their payments.

Between January and October 2023, Ofcom received over 800 complaints related to price rises – almost double the volume of complaints received during the same period in 2021 – many of which highlighted uncertainty created by inflation-linked price rises.

Our conclusions

We have provisionally concluded that inflation-linked mid-contract price rise terms can cause substantial amounts of consumer harm by complicating the process of shopping for a deal, limiting consumer engagement, and making competition less effective as a result.

These terms also require customers to unfairly assume the risk and burden of financial uncertainty from inflation, with tangible impacts on their ability to manage costs at a time when household budgets are already stretched to the limit.

Toughening our rules

To tackle this problem, we propose to introduce a new rule requiring that any price written into a customer’s contract would need to be set out in pounds and pence, prominently and transparently, at the point of sale. That includes being clear about when any changes to prices will occur.

This would prevent providers from including inflation-linked, or percentage-based, price rise terms in all new contracts.

Example of how the £/p requirement would apply

Before and after diagram

Dame Melanie Dawes, Ofcom’s Chief Executive, said: “At a time when household finances are under serious strain, customers need prices to be crystal clear. But most people are left confused by the sheer complexity and unpredictability of inflation-linked price rise terms written into their contract, which undermines customers’ ability to shop around.

“Our tougher protections would ban this practice once and for all, giving customers the clarity and certainty they need to secure the best deal for their needs and budget.”

Next steps

We are consulting on this proposed new requirement until 13 February 2024, and plan to publish our final decision in spring 2024.

Subject to responses, we intend for the new rule to come into effect four months after the publication of our final decision. This period reflects our concern about the scale of consumer harm balanced against the need to give providers sufficient time to make the necessary changes to their processes and business plans.

Enforcement action

Separately, Ofcom have been investigating whether phone and broadband companies complied with our previous rules between March 2021 and June 2022. We have found that a small number of providers may not have given some customers clear information about price rises at the right time, creating a potential compliance concern.

We have discussed these concerns with the relevant providers and secured refunds for some affected customers. We will continue to discuss our remaining concerns with these providers, escalating to separate, targeted enforcement action if necessary.

Social tariff take-up doubles in a year

Ofcom has also today published its annual Pricing Trends report, which this year includes the latest take-up and awareness figures for social tariffs.

Social tariffs are cheaper broadband and phone packages for people claiming Universal Credit, Pension Credit and some other benefits. Some providers call them ‘essential’ or ‘basic’ broadband.

Take-up of social tariffs increased to 380,000 in September 2023, up from 147,000 a year earlier, meaning more customers are benefitting from the savings the tariffs offer. However, awareness among eligible customers remains a challenge. Just over half (55%) of eligible households remain unaware of social tariffs; and while take-up is improving, it remains low as a proportion of all eligible households (8.3%).

For the first time, we have published take-up figures for each of the largest providers of broadband social tariffs.

Social tariff take-up: February 2022 to September 2023 (000s)



Bar chart showing take up of social tariff from February 2022 to September 2023“No data” indicates that we did not collect social tariff take-up figures in a particular month: these values are estimated and do not represent actual take-up.

BT has the largest share of broadband customers taking a social tariff (72%), followed by Sky (13%), Virgin Media (6%), Vodafone (4%), KCOM (1%) and Shell Energy (0.3%).

These proportions are partly a reflection of the length of time over which different social tariff products have been available. TalkTalk is the only major broadband provider not to offer a social tariff.

New rules to crack down on illegal ads and protect children online

  • Crack down on fake celebrity endorsements and illegal weapons adverts as new Government rules safeguard consumers and protect children
  • Ministers will convene a new taskforce to drive industry-led action
  • Proposed rules will strike a balance between internet safety and supporting innovation

Social media platforms, websites and services like advertising display networks will have to take tougher action to stop children seeing age-restricted adverts for products like alcohol or gambling.

Fake celebrity scams and pop-up malware from hackers will also be clamped down on as part of new rules to make advertising regulation fit for the digital age.

The plans are published today by the government in response to its Online Advertising Programme.

Online advertising includes the banners or displays which appear around the content of a website, results prioritised at the top of search engines, and pop-ups on a user’s screen. It helps businesses grow by reaching targeted audiences and can be cheaper and quicker than traditional advertising formats. Last year it accounted for three quarters (£26.1 billion) of the £34.8 billion spent on advertising in the UK.

Its rapid development, combined with changes in technology and complex supply chains between marketers and platforms, make it difficult to stop illegal ads appearing.

People frequently encounter fraudulent celebrity endorsements for financial scams, legitimate-looking pop-ups containing hidden malware, and promotions for products prohibited under UK law – such as weapons, drugs, counterfeit fashion and fake ticketing.

Children can be exposed to ads for age-restricted products such as alcohol, gambling and adult-rated films and games.

Creative Industries Minister Sir John Whittingdale said: “Advertising is a huge industry in which Britain is a world leader. However, as online advertising has taken a steadily bigger share, the rules governing it have not kept pace and so we intend to strengthen them to ensure consumers are properly protected.

“Our plans will shut down the scammers using online adverts to con people out of their cash and will stop damaging and inappropriate products being targeted at children.

“We will make sure that our proposed regulation helps keep people safe while supporting and enhancing the legitimate advertising industry so it can maximise its innovation and potential.”

There is currently a self-regulatory system for the content and placement of online adverts in the UK, overseen by the Advertising Standards Authority (ASA). The ASA has a strong record of delivering consistent, effective results and holding legitimate advertisers accountable. However regulators are not empowered to act to address illegal harms in the same way as harmful advertising by legitimate businesses.

The government intends to introduce new rules to tackle illegal paid-for online adverts and increase protections for children. A range of targeted legislative and non-legislative measures will address the most serious risks linked to online advertising. This approach complements the Online Safety Bill, which is targeted at user generated content, and will build on measures tackling fraudulent advertising in that legislation.

The new statutory regulation will put more responsibilities on major players across the online advertising supply chain. As well as online publishers, apps and websites serving ads, ‘adtech’ intermediary services which facilitate the placement and distribution of online adverts will be in scope. Promotional posts by social media influencers where they receive payment or free products will also be covered.

Social media firms, search engines and other websites will be required by law to have proportionate systems and processes to stop people being served illegal adverts, and prevent under-18s seeing adverts for products and services illegal to be sold to them. This will improve safety, transparency and consumer trust by introducing more effective action while supporting industry growth.

In due course, the government will launch a further consultation on the details of potential legislation – including its preferred choice for a regulator to oversee the new illegal paid-for advertising rules. New legislation would not affect the ASA’s remit for the content and placement of legitimate paid-for advertising online.

Ministers will this week convene a new taskforce to gather more evidence around illegal advertising and build on industry initiatives to tackle harms and increase protections for children before the legislation is introduced.

The taskforce will be chaired by Creative Industries Minister John Whittingdale and Mark Lund, the chair of the Advertising Standards Board of Finance and former president of McCann UK and Europe.

The group will include representatives from across the advertising industry, including the ASA, as well as tech trade bodies, consumer groups and the government’s Anti-Fraud Champion, Anthony Browne.

Mark Lund, chair of The Advertising Standards Board of Finance and deputy chair of the Online Advertising Taskforce, said: “UK advertising is a dynamic engine for the UK economy because it’s creative and trusted.

“So, I’m delighted to be helping lead in the task force’s role in strengthening industry’s response to illegal harms advertising and the protection of children online,  building on the long-term success of the ASA and the self-regulation system in keeping both trust and creativity at world leading levels.”

Anti-Fraud Champion Anthony Browne said: “We remain absolutely committed to fighting fraud and this is another example of the government delivering on a pledge from its pioneering Fraud Strategy.

“Eighty percent of fraud is cyber enabled and it often starts with fraudulent posts and adverts on social media. I am therefore pleased to see new measures being introduced to tackle these.

“The government will continue to work with industry, and law enforcement, to prevent fraud from happening and ensure better support is given to the public.”

New regulations for Buy-Now-Pay-Later lenders set to protect 10 million consumers

  • New regulations are to clamp down on unregulated Buy-Now Pay-Later creditors and ensure consumer protection
  • Andrew Griffith, City Minister will work with the financial services sector to ensure affordable credit is available to people who struggle to access it
  • At the “Financial Inclusion Policy Forum” in Birmingham the minister will meet debt advisors who will help deliver free debt advice to more than 1.5 million people in England over the next three years.

NEW regulations for Buy-Now Pay-Later consumers are set to help protect an estimated 10 million customers from unconstrained borrowing while still ensuring those who need it have access to interest-free credit.

With more people taking out these credit agreements and the potential risks of consumers being exposed to financial harm; the UK Government is setting out proposed new regulations.

It will mean Buy-Now Pay-Later credit products are set to be regulated by the FCA and consumers will have the new right to take complaints to the Financial Ombudsman Service.

Under new rules providers will have to give consumers key information about their loans and issue credit that is genuinely affordable.

Economic Secretary to the Treasury, Andrew Griffith said: “People should be able to access affordable credit, but with clear protections in place. That is why these proposed regulations are so important.

“Today’s summit will also help regulators and banks better understand the best ways to support people who feel boxed in by debt and open up the financial system to people who find it more difficult to access.”

A summit of banks and debt charities will also be convened today by the City Minister who will urge the group to work together to improve financial education, ensure affordable credit is available to people who struggle to access it and remove the barriers which people with disabilities, like sight loss, can face when accessing financial services.

The latest “Financial Inclusion Policy Forum” will take place at the Money Advice Trust in Birmingham, bringing together the leading lights from the financial services sector, charities, consumer groups and regulators.

They will discuss the best ways to ensure access to affordable credit and remove barriers which people with disabilities, like sight loss, can face when accessing financial services.

Buy-Now Pay-Later can be a quick, easy, and helpful way for people to manage their finances, allowing them to spread the cost of a full purchase over time without paying interest.

However, because many of the agreements aren’t currently regulated and rely on minimal credit checks, lenders are not required to give key information to borrowers, and some people may end up borrowing more than they can affordably repay.

For those who are facing financial difficulty, new contracts awarded by the Money and Pensions Service this year are expected to provide free debt advice to more than 1.5 million people in England over the next three years.

During the forum the City Minister will also discuss the most effective ways to help those in financial difficulty.

Safety Alert: Dangerous toys widely available on online marketplaces, Which? warns

Parents are being warned about the risk of buying cheap, unbranded toys online after a new Which? investigation found more than 40 per cent of toys it bought from online marketplaces failed safety tests.

The consumer champion tested 28 toys bought from four popular online marketplaces – Amazon Marketplace, AliExpress, eBay and Wish – and found 12 posed a safety risk after failing one or more tests.

Each product was tested against British safety standards and checked for small objects that could pose a choking risk, sharp edges and points, cords or fabrics that could pose a strangulation risk and magnets and batteries that could be easily accessed as well as warning notices.

In total, Which? found 50 safety failures among the 12 toys that failed tests, with 10 toys presenting a choking risk and two posing a strangulation risk for children.

While 16 of the 28 toys Which? tested passed safety tests, five of the products that failed tests were sold on Wish, making it the worst offender. Three were sold on eBay and AliExpress respectively and only one was available on Amazon Marketplace.

The most dangerous product Which? found was a 51-piece doctor’s playset – described as a toy for a baby or toddler – sold on Wish, which was filled with unsafe toys and had at least 20 choking hazards.

Most of the toys in the set broke into small and dangerous parts far too easily, including play scissors and a notepad which revealed sharp points.

It also contained toy plasters and pills which were far too small for young children to play with safely and presented a choking risk.

A similar doctor’s set sold on AliExpress was also filled with dangerous toys and failed tests. Which? identified 10 potential choking hazards and also found the long cord on the doctor’s coat could present a strangulation hazard.

A set of magnetic building blocks aimed at children aged three years old and above and sold on Amazon Marketplace also failed safety tests. It did not withstand the impact test and broke open to reveal tiny magnets that were almost four times as powerful as they were permitted to be under current standards, which could pose a choking risk.

Magnets can also cause serious harm to children if swallowed, as they could attract each other in the gut and create blockages, compression of the gut and perforation which would need surgery to fix.

Which? also found a toy tablet sold on Wish that posed a serious risk as the battery cover could be easily removed to reveal a button battery. Similar to magnets, button batteries can be a choking hazard and cause serious injuries or chemical burns if swallowed.

In recent years, organisations such as the Healthcare Safety Investigation Branch (HSIB) have issued warnings about button batteries after fatal incidents involving children swallowing them. It is recommended that children’s toys have a secure battery cover that needs a screwdriver or two simultaneous movements to remove.

Which? shared its investigation with the four online marketplaces and all 12 products that failed have since been removed from sale.

Unlike UK retailers, online marketplaces have limited responsibility for ensuring the products sold on their platform meet legal safety requirements, repeatedly allowing unsafe toys and products to make it onto their sites.

The UK’s product safety regulator, the Office for Product Safety and Standards, is currently reviewing the product safety system, including regulation of online sales.

Which? believes that online marketplaces must be given greater legal responsibility for the safety of products sold on their sites so that consumers are far better protected from dangerous and illegal items.

Sue Davies, Which? Head of Consumer Protection Policy, said: “Many parents will be appalled by our research which has revealed that some toys bought from online marketplaces are failing to meet safety standards and could pose a serious safety risk to children playing with them.

“Consumers should be able to trust that products sold in the UK are safe and meet the standards required, yet a woeful lack of checks and monitoring by online marketplaces means dangerous toys are entering people’s homes.

“It is absolutely crucial that online marketplaces are urgently given greater legal responsibility for the safety of products sold on their sites so that consumers are far better protected from dangerous and illegal items.”

A consumer agenda for government

Ahead of the 2019 General Election, Which? has published its agenda for the next government, which sets out the commitments that we want all political parties to make to deliver positive, tangible improvements for individuals across the UK.

The next government should commit to a forward-looking agenda that will make UK consumers’ lives simpler, fairer and safer. It must ensure that consumers can act with confidence, are protected when things go wrong, and have high levels of trust in the institutions and businesses that serve them. We are calling for:

1. Better connectivity – set out an ambitious, joined-up strategy to deliver an improved digital infrastructure that meets the needs of people to be connected at home, at work and on the move.

2. An enforcement system fit for purpose – create a stronger Consumer and Competition Authority to proactively lead on the enforcement of consumer rights and fair trading law, make the Office for Product Safety and Standards (OPSS) an independent arm’s length product safety regulator, and reform our alternative dispute resolution (ADR) system.

3. Greater protection from online harms and insecure products – place more responsibility on online platforms and marketplaces to prevent scams, fake reviews and the sale of unsafe products, and ensure that security is built into the design of connected devices.

4. Banking services that work for everyone – guarantee access to cash for as long as it is needed, and ensure all people are protected from Authorised Push Payment (APP) fraud.

5. Fair and transparent pensions – enable everyone to understand their entire pensions savings through comprehensive dashboards, address the pensions gender gap, and ensure that all retirement income products are value for money.

6. A future trade policy and food strategy that delivers for consumers – pursue a trade policy underpinned by world-leading consumer standards, consumer rights and enhanced choice, and deliver a national food strategy that maintains the UK’s high food

Read full report here:

Which Election Manifesto 2019 WEB FINAL