Telstra's 'unacceptable' $1.6 million mistake exposes risks to its users
- Replies 0
In today's digital age, protecting personal information has never been more critical.
With identity theft and fraud on the rise, Australians increasingly rely on their service providers to ensure the security of their data.
However, a recent incident involving Telstra has raised concerns about the safety of customer information and the importance of robust identity verification processes.
Telstra has been fined a hefty $1.6 million for failing to comply with identification rules, a lapse that the Australian Communications and Media Authority (ACMA) has deemed 'unacceptable'.
Between August 2022 and April 2023, Telstra reportedly failed to follow the rules 168,000 times, potentially exposing customers to the dangers of SIM-swap scams and other forms of fraud.
For the uninitiated, SIM-swap scams occur when a fraudster convinces a mobile provider to switch a victim's phone number to a SIM card in their possession.
Once they control the phone number, they can intercept text messages, bypass security measures, and access the victim's personal and financial accounts.
The consequences can be devastating, with victims losing an average of $28,000 to mobile fraud.
In response to the growing threat, new rules were introduced in 2022 requiring multi-factor ID authentication, such as a one-time code, to combat the risk of unauthorised account access.
Despite these regulations, Telstra's non-compliance put thousands of its customers at risk, including over 7,000 interactions involving individuals in vulnerable circumstances.
ACMA member Samantha Yorke highlighted the gravity of the situation, stating customers' trust in their telcos to protect their accounts from fraud is paramount.
‘When the ACMA made these rules in mid-2022, we identified that victims of mobile fraud lose $28,000 on average,’ she said.
‘While there is no direct evidence anyone suffered losses because of these breaches, customers need to be able to trust that their telcos are protecting their accounts from fraud.’
‘SIM-swap scams can be particularly devastating as victims can lose life savings and control of their phone number and other personal information.’
Telstra's failure to implement proper systems when the rules came into force has led to the ACMA mandating that the company appoint an independent consultant to review its compliance with customer ID rules and make necessary changes.
‘It is unacceptable that Telstra did not have proper systems in place when the rules came into force,’ Yorke continued.
A spokesperson for Telstra acknowledged the fine and the reasons behind it, explaining that the delay in meeting the new requirements was due to the company's efforts to 'get the implementation right' for their customers.
‘We are very supportive of the regulatory focus to increase customer security, which is a key priority for our business,’ the spokesperson said.
‘The scope of changes driven by the new obligations were significant. We had to design and deploy multi-factor authentication processes across all our channels, while also maintaining our ability to service customer requests, including those customers who could not complete multi-factor authentication.’
‘We needed to take the time to get the implementation right for our customers, and while we made the changes as quickly as possible, we were not able to meet the initial commencement date for some aspects of the new rules.’
‘We kept the ACMA informed, took measures to minimise the risk to customers, and the ACMA investigation did not uncover any evidence of losses throughout our phased implementation.’
‘We acknowledge the ACMA's findings and we have agreed to an enforceable undertaking. We have a strong track record in investing to keep our customers data and transaction safe and secure and the delay was largely due to the care we took to ensure there were no poor outcomes for our customers through the changes.’
In related news, Telstra will refund $21 million to customers overcharged for inactive internet services spanning 11 years.
The Australian Communications and Media Authority (ACMA) also fined Telstra $3 million for violating customer billing accuracy regulations. More details are available here.
Have you ever been a victim of a SIM-swap scam or identity theft? What measures do you take to protect your personal information? Share your stories and tips in the comments below.
With identity theft and fraud on the rise, Australians increasingly rely on their service providers to ensure the security of their data.
However, a recent incident involving Telstra has raised concerns about the safety of customer information and the importance of robust identity verification processes.
Telstra has been fined a hefty $1.6 million for failing to comply with identification rules, a lapse that the Australian Communications and Media Authority (ACMA) has deemed 'unacceptable'.
Between August 2022 and April 2023, Telstra reportedly failed to follow the rules 168,000 times, potentially exposing customers to the dangers of SIM-swap scams and other forms of fraud.
For the uninitiated, SIM-swap scams occur when a fraudster convinces a mobile provider to switch a victim's phone number to a SIM card in their possession.
Telstra fined $1.6 million for ID rule breaches by Australian Communications and Media Authority. Credit: Shutterstock
Once they control the phone number, they can intercept text messages, bypass security measures, and access the victim's personal and financial accounts.
The consequences can be devastating, with victims losing an average of $28,000 to mobile fraud.
In response to the growing threat, new rules were introduced in 2022 requiring multi-factor ID authentication, such as a one-time code, to combat the risk of unauthorised account access.
Despite these regulations, Telstra's non-compliance put thousands of its customers at risk, including over 7,000 interactions involving individuals in vulnerable circumstances.
ACMA member Samantha Yorke highlighted the gravity of the situation, stating customers' trust in their telcos to protect their accounts from fraud is paramount.
‘When the ACMA made these rules in mid-2022, we identified that victims of mobile fraud lose $28,000 on average,’ she said.
‘While there is no direct evidence anyone suffered losses because of these breaches, customers need to be able to trust that their telcos are protecting their accounts from fraud.’
‘SIM-swap scams can be particularly devastating as victims can lose life savings and control of their phone number and other personal information.’
Telstra's failure to implement proper systems when the rules came into force has led to the ACMA mandating that the company appoint an independent consultant to review its compliance with customer ID rules and make necessary changes.
‘It is unacceptable that Telstra did not have proper systems in place when the rules came into force,’ Yorke continued.
A spokesperson for Telstra acknowledged the fine and the reasons behind it, explaining that the delay in meeting the new requirements was due to the company's efforts to 'get the implementation right' for their customers.
‘We are very supportive of the regulatory focus to increase customer security, which is a key priority for our business,’ the spokesperson said.
‘The scope of changes driven by the new obligations were significant. We had to design and deploy multi-factor authentication processes across all our channels, while also maintaining our ability to service customer requests, including those customers who could not complete multi-factor authentication.’
‘We needed to take the time to get the implementation right for our customers, and while we made the changes as quickly as possible, we were not able to meet the initial commencement date for some aspects of the new rules.’
‘We kept the ACMA informed, took measures to minimise the risk to customers, and the ACMA investigation did not uncover any evidence of losses throughout our phased implementation.’
‘We acknowledge the ACMA's findings and we have agreed to an enforceable undertaking. We have a strong track record in investing to keep our customers data and transaction safe and secure and the delay was largely due to the care we took to ensure there were no poor outcomes for our customers through the changes.’
In related news, Telstra will refund $21 million to customers overcharged for inactive internet services spanning 11 years.
The Australian Communications and Media Authority (ACMA) also fined Telstra $3 million for violating customer billing accuracy regulations. More details are available here.
Have you ever been a victim of a SIM-swap scam or identity theft? What measures do you take to protect your personal information? Share your stories and tips in the comments below.
