Telstra fined $1.6 million for 'unacceptable' ID rules failure

The telecommunications giant failed to follow the rules 168,000 times from August 2022 to April 2023, according to the Australian Communications and Media Authority, potentially opening up customers to so-called SIM-swap scams and other fraud.

Phone users can request a SIM swap if they lose or damage their existing one but the process can be dangerous if an unknown person tries to do it on your behalf.

New rules introduced in 2022 required multi-factor ID authentication, such as a one-time code, to combat the risk for moves with the potential to compromise a customer’s account.

Authority member Samantha Yorke said the non-compliance put thousands of its customers – including more than 7000 interactions by those in “vulnerable circumstances” – at risk of real harm. 

“When the ACMA made these rules in mid-2022 we identified that victims of mobile fraud lose $28,000 on average,” she said.

“While there is no direct evidence anyone suffered losses because of these breaches, customers need to be able to trust that their telcos are protecting their accounts from fraud.

“SIM-swap scams can be particularly devastating as victims can lose life savings as well as control of their phone number and other personal information.”

Telstra must also appoint an independent consultant to review customer ID rules compliance and make any necessary changes.

“It is unacceptable that Telstra did not have proper systems in place when the rules came into force,” Yorke said.