Australia’s media watchdog has issued a warning to Telstra, Optus and Medion Mobile for failing to check customers’ identities during number porting.
The Australian Communications and Media Authority (ACMA) found that in mid-2020 the three telecommunications companies did not adequately verify people’s identities prior to transferring their mobile phone numbers from other telcos.
Telstra breached identity verification rules on at least 52 occasions and Medion Mobile on 53 occasions, while Optus only did so on one occasion.
Any further breaches could see the telcos face civil penalties of up to $250,000.
“Historically it has been too easy to transfer phone numbers from one telco to another. All a scammer needed to hijack a mobile number and access personal information like bank details was a name, address and date of birth,” the ACMA chair Nerida O’Loughlin said.
“These new rules help prevent scammers from taking control of people’s identities to commit serious financial crimes. We are cracking down on telcos that don’t follow the rules and leave customers vulnerable to identity theft.”
According to the watchdog, customers lose on average more than $10,000 through identity theft from mobile number fraud and can be left struggling to regain control of their identities for long periods of time.
However, under new rules introduced in early 2020, telcos must have more rigorous customer verification processes in place, such as multifactor or in-person identification.
Since the new rules came into effect, reports of fraud have dropped dramatically, the ACMA claimed. Some telcos found that fraudulent porting has stopped completely, while others reported a drop of more than 90 per cent, it added.
“It is important that telcos remain vigilant about protecting their customers through these verification processes,” O’Loughlin said.
“Our customers’ privacy is incredibly important and we work hard to protect it," a Telstra spokesman said.
“We’re big supporters of the new rules the ACMA put in place last year. Unfortunately, when these rules first came into effect, we didn’t have all our processes in place to implement some of the changes as quickly as we should have. That meant in a small number of cases we let customers down, and we apologise to anyone affected.
“Since then we have put these new processes in place and seen a dramatic reduction in fraudulent port-ins.”