Identities not verified adequately before moving from other telcos.
The Australian Communications and Media Authority (ACMA) has issued formal warnings to Telstra, Optus and Medion Mobile (operating as Aldi Mobile) for failing to protect customers against identity theft.
The agency said the telcos failed to adequately verify customer identities before transferring their mobile phone numbers from other telcos.
An investigation by ACMA found that Telstra breached identity verification rules at least 52 times last year, while Aldi Mobile was found to have breached the rules 53 times. Optus was found to have breached the rules on one occasion.
The identity verification rules, or the Telecommunications (Mobile Number Pre-Porting Additional Identity Verification) Industry Standard 2020, requires telcos to have more rigorous customer verification processes in place, such as multifactor or in-person identification.
“Historically it has been too easy to transfer phone numbers from one telco to another. All a scammer needed to hijack a mobile number and access personal information like bank details was a name, address and date of birth,” ACMA chair Nerida O’Loughlin said.
“These new rules help prevent scammers from taking control of people’s identities to commit serious financial crimes.
“We are cracking down on telcos that don’t follow the rules and leave customers vulnerable to identity theft.”
ACMA said identity theft victims lose more than $10,000 on average from mobile number fraud and can be left struggling to regain control of their identities for long periods of time.
The agency added the new rules have helped drop the total number of reports of fraud “dramatically”.
“Some telcos are finding that fraudulent porting has stopped completely, and others report a drop of more than 90 per cent,” O’Loughlin said.
“It is important that telcos remain vigilant about protecting their customers through these verification processes.”
Updated 21 May 2021 11am: A Telstra spokesperson provided the following statement:
“Our customers’ privacy is incredibly important and we work hard to protect it.
“We’re big supporters of the new rules the ACMA put in place in last year. Unfortunately when these rules first came into effect, we didn’t have all our processes in place to implement some of the changes as quickly as we should have. That meant in a small number of cases we let customers down, and we apologise to anyone affected.
“Since then we have put these new processes in place and seen a dramatic reduction in fraudulent port-ins.”