Skip to main content
An evolving AI project from Mi3 | Automation with Editor curation. And oversight. Always.
In partnership with
Salesforce
Posted 17/07/2024 9:32am

Image by DALL·E Pic: Midjourney

Editors' Note: Many Fast News images are stylised illustrations generated by Dall-E. Photorealism is not intended. View as early and evolving AI art!

hAIku

Telstra pays the price,
ID checks missed, trust compromised,
A lesson in compliance.

In partnership with
Salesforce

Telstra slapped with $551,000 penalty for customer ID authentication failures

Telstra has been hit with a hefty $551,000 penalty for failing to implement required customer ID authentication processes, leaving thousands of Australians vulnerable to SIM-swap scams and other types of mobile fraud.

An investigation by the Australian Communications and Media Authority (ACMA) found that between August 2022 and April 2023, Telstra failed to use the required ID authentication processes for 168,000 high-risk customer interactions. These interactions included SIM-swap requests and password resets, with over 7,000 interactions for customers identified as being in vulnerable circumstances.

"When the ACMA made these rules in mid-2022 we identified that victims of mobile fraud lose $28,000 on average," said ACMA Authority Member Samantha Yorke. The average loss for victims of mobile fraud is a staggering $28,000.

"While there is no direct evidence anyone suffered losses because of these breaches, customers need to be able to trust that their telcos are protecting their accounts from fraud," Yorke added. The impact of SIM-swap scams can be devastating, with victims potentially losing life savings as well as control of their phone number and other personal information. "SIM-swap scams can be particularly devastating as victims can lose life savings as well as control of their phone number and other personal information," Yorke warned.

The customer ID authentication rules introduced in 2022 require telcos to use multi-factor ID authentication before allowing transactions that may compromise a person's account. "It is unacceptable that Telstra did not have proper systems in place when the rules came into force," Yorke stated.

In addition to the financial penalty, the ACMA has accepted a two-year court-enforceable undertaking from Telstra, committing it to appoint an independent consultant to review its compliance with the customer ID rules and to make improvements where needed.

Search Mi3 Articles