Telstra Penalized for Neglecting Customer Identity Verification Measures
Telstra Fined AUD 1.55 Million for Mobile Fraud Lapses
The Australian Communications and Media Authority (ACMA) has issued a AUD 1.55 million fine to Telstra for failing to comply with customer ID authentication processes, potentially putting thousands of Australians at risk of SIM-swap scams and other types of mobile fraud.
In a statement, ACMA Chair, Samantha Yorke, expressed concern about the potential vulnerability of Australians to these fraudulent activities. Yorke mentioned that while there is no direct evidence of losses, customers need to trust that their telcos are protecting their accounts from fraud.
The investigation, which covered customer interactions between August 2022 and April 2023, found that Telstra did not use the required ID authentication processes for 168,000 high-risk customer interactions. These high-risk interactions included SIM-swap requests and password resets.
Yorke stated that victims of mobile fraud lose an average of $28,000, and these scams can result in victims losing life savings, control of their phone number, and other personal information. The investigation also found that over 7,000 of these interactions were for customers identified as being in vulnerable circumstances.
In response to the findings, Telstra will appoint Deloitte as the independent consultant to review its compliance with customer identification rules. The undertaking also requires Telstra to make improvements where needed in relation to the customer ID rules.
Samantha Yorke, from the ACMA, stated that the customer ID authentication rules introduced in 2022 have been effective in reducing SIM-swap fraud. Yorke expressed dissatisfaction that Telstra did not have proper systems in place when the customer ID rules came into force.
The court-enforceable undertaking is for a duration of two years. Telstra has accepted the undertaking, which requires it to appoint an independent consultant to review its compliance with the customer ID rules.
The customer ID authentication rules require telcos to use multi-factor ID authentication, such as verification of one-time codes sent to consumers. The ACMA has stated that these measures are crucial in protecting customers from mobile fraud.
In a statement, Telstra acknowledged the shortcomings in its processes and expressed its commitment to improving its systems to prevent such incidents in the future. The company also assured its customers that it takes the security of their accounts seriously and is taking steps to ensure the safety of their personal information.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Is Maruti's reign over the SUV market being challenged by Mahindra's aggressive move to snatch the top spot?
- Social Security Administration Abandons Plan for Electronic Payments: Important Information for Recipients of Benefits
- Increased energy demand counters Trump's pro-fossil fuel strategies, according to APG's infrastructure team.
