Telstra has been slapped with a $1.6 million fine by the Australian Communications and Media Authority (ACMA) for failing to comply with ID verification rules designed to combat fraud. From August 2022 to April 2023, Telstra failed to perform proper ID checks 168,000 times, exposing customers to potential SIM-swap scams and other fraudulent activities.
The regulations, established in 2022, mandate multi-factor authentication, such as using a one-time code, to protect customer accounts from unauthorized access. Despite no direct evidence of financial losses resulting from these breaches, ACMA authority Samantha Yorke highlighted the risks, especially for over 7,000 interactions involving vulnerable customers, noting that victims of mobile fraud can lose an average of $28,000.
SIM-swap scams can result in severe financial and personal data losses, making robust authentication processes critical.
The fine underscores the importance of telcos safeguarding customer accounts from fraud.
In response, Telstra acknowledged the oversight, attributing the delay in compliance to the complexity of implementing new authentication processes across their services. A Telstra spokesperson stated that the company prioritized customer security and worked closely with ACMA to minimize risks during the rollout. They emphasized the importance of getting the implementation right, despite missing the initial deadline. Telstra has agreed to appoint an independent consultant to review and improve their ID verification procedures.
The company reiterated its commitment to protecting customer data and transactions, stressing that the delays were due to ensuring no adverse effects on their customers. Telstra is now focused on enhancing its security measures to prevent future non-compliance.
Become an Oz ScamWatcher
