)
A failure by Telstra to implement customer ID authentication processes to protect customers from SIM-swap scams has cost the Australian telco a $1.55 million penalty from the industry regulator.
The Australian Communications and Media Authority (ACMA) found that between August 2022 and April 2023 Telstra neglected to use the required ID authentication measures for 168,000 high-risk customer interactions, including SIM-swap requests and password resets.
The regulator found that this oversight by the telco giant affected more than 7,000 interactions involving customers identified as being in “vulnerable circumstances”.
"When the ACMA established these rules in mid-2022, we identified that victims of mobile fraud typically lose $28,000 on average," says ACMA member Samantha.
"While there is no direct evidence of financial losses due to these breaches, customers must trust that their telcos are safeguarding their accounts from fraud."
ACMA says that SIM-swap scams can have devastating consequences leading to victims potentially losing their life savings and control over their phone numbers and personal information.
These scams typically occur when someone requests a replacement SIM card or eSIM from their telco due to a lost or damaged SIM.
Yorke says the customer ID authentication rules introduced in 2022 have been highly effective in reducing SIM-swap fraud, with the mandating telcos to use multi-factor authentication, such as verifying one-time codes sent to consumers, before allowing transactions that could compromise an account.
"It is unacceptable that Telstra did not have proper systems in place when the rules came into force," she says.
On top of the $1.55 million fine, ACMA has secured a two-year court-enforceable undertaking from Telstra that requires the appointment of an independent consultant to review Telstra's compliance with customer ID rules and to recommend necessary improvements.
ACMA says the breach “underscores the importance of rigorous ID verification processes to protect consumers from the growing threat of mobile fraud”.
“As Australia's leading telecommunications provider, Telstra's compliance with these standards is critical to maintaining customer trust and security in an increasingly digital world,” says the authority.
)
