Telstra hit with $1.5 million fine after customers made vulnerable to scams and mobile fraud

Kat Wong
AAP
Telstra's non-compliance with identification requirements put consumers at risk of real harm.
Telstra's non-compliance with identification requirements put consumers at risk of real harm. Credit: AAP

Telstra has been slapped with a $1.5 million penalty for putting customers at risk of being scammed and falling victim to fraud.

Telcos are required to protect customers by verifying identities through multi-factor ID authentication before allowing them to proceed with transactions that could compromise their accounts, like password resets or requests for a replacement SIM card.

However, the communications watchdog found Telstra failed to require ID authentication for more than 168,000 high-risk customer interactions between August 2022 and April 2023.

Sign up to The Nightly's newsletters.

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

Email Us
By continuing you agree to our Terms and Privacy Policy.

More than 7000 interactions included customers in vulnerable circumstances.

The non-compliance put consumers at risk of real harm as mobile fraud victims lose $28,000 on average, Australian Communications and Media Authority (ACMA) member Samantha Yorke said.

SIM-swap scams - where bad actors take control of a person’s number and use it to steal money from the original SIM owner - can be particularly devastating as victims can lose personal information and, in the worst case scenario, their life savings.

“While there is no direct evidence anyone suffered losses because of these breaches, customers need to be able to trust that their telcos are protecting their accounts from fraud,” Ms Yorke said.

“It is unacceptable that Telstra did not have proper systems in place when the rules came into force.”

Telstra has committed to having an independent consultant review its compliance with customer ID rules and make improvements where needed.

According to a Telstra spokesman, the non-compliance occurred when updates to 2022 security obligations meant the telco had to design and deploy multi-factor authentication processes across all channels while maintaining its ability to service customer requests.

“We needed to take the time to get the implementation right for our customers, and while we made the changes as quickly as possible, we were not able to meet the initial commencement date for some aspects of the new rules,” it said in a statement.

“We kept the ACMA informed, took measures to minimise the risk to customers and the ACMA investigation did not uncover any evidence of losses throughout our phased implementation.

“We have a strong track record in investing to keep our customers’ data and transactions safe and secure, and the delay was largely due to the care we took to ensure there were no poor outcomes for our customers through the changes.”

Comments

Latest Edition

The Nightly cover for 03-12-2024

Latest Edition

Edition Edition 3 December 20243 December 2024

Faith in Albanese’s Government is now on par with the final flailing days of Morrison’s term.