You should make some limits of payments by SMS.
On kasteria.pl we received around 2000 euro from one mobile phone number in one day. This guy said that he will not pay for that phone anyway and operator will take that 2k euro back in 2-3 months.
I though it was just one accident, but after start of xavato.eu I get request from that OTS owner. He asked for script to limit payments per phone number, because he received 100-150 euro everyday from one number.
Right now I'm waiting for cashbill.pl (sms operator) to change 'xavato' account permissions and add 'clientNumber' to API calls, so I can use it in script.
SMS SYSTEMS ARE NOT SAFE! USER CAN CHARGEBACK MONEY UP TO 120 DAYS AFTER SMS PAYMENT!