With the rapid development of network and user-terminal capability, more and more telecom operators provide various services based on their network resources to the users. These services are called value-added services, which add additional value to basic telecommunication services (e.g., voice call, SMS, MMS and data access). Typical value-added services are including Mobile Office Automation, e-Reading, e-Commerce, etc. In many cases, the value-added services will involve sensitive operations or critical dada, which will be the target of the malicious attackers. Malicious users may utilize the service vulnerabilities to get benefits or do harm to the service and other users. This Recommendation provides secure protection guidelines for value-added services provided by telecommunication operators. In addition to analysing typical service scenarios, security threats and attack methods, this Recommendation provides technical measures to counter threats and attacks. This will help the operators to assure the security of the value-added service, and will also protect the users' benefits.