Medion Australia Pty Ltd, a telecommunications company, has been fined $259,440 for failing to comply with customer identification rules, leading to a number of individuals falling victim to SIM-swap scams. An investigation by the Australian Communications and Media Authority (ACMA) revealed that Medion failed to complete a required customer verification check for over 1,600 SIM-swap requests and one password reset request. These compliance failures resulted in nine known cases of people having their SIMs swapped illegally, five of whom suffered financial losses totalling over $160,000.

"SIM-swap fraud can cause significant harm as scammers may then be able to gain access to your online banking accounts and other personal information. In this case, criminals have taken advantage of Medion's compliance failures," said ACMA Chair Nerida O'Loughlin.

In addition to the financial penalty, the ACMA has accepted a comprehensive two-year court-enforceable undertaking from Medion, committing the company to appoint an independent consultant to review its compliance with the customer ID rules and to make improvements where needed. Medion must also report regularly to the ACMA on its progress.

"The rules have now been in place for well over 12 months, so telcos have had more than enough time to ensure they have robust verification processes," O'Loughlin added.

The Australian government is currently consulting on its Scams Code Framework, which proposes new, mandatory industry codes for the private sector, including banks, telcos and digital platforms.