Get all your news in one place.
100’s of premium titles.
One app.
Start reading
AAP
AAP
Kat Wong

Telstra fined $1.5 million after customers put at risk

Telstra's non-compliance with identification requirements put consumers at risk of real harm. (Joel Carrett/AAP PHOTOS)

Telstra has been slapped with a $1.5 million penalty for putting customers at risk of being scammed and falling victim to fraud.

Telcos are required to protect customers by verifying identities through multi-factor ID authentication before allowing them to proceed with transactions that could compromise their accounts, like password resets or requests for a replacement SIM card.

However, the communications watchdog found Telstra failed to require ID authentication for more than 168,000 high-risk customer interactions between August 2022 and April 2023.

More than 7000 interactions included customers in vulnerable circumstances.

The non-compliance put consumers at risk of real harm as mobile fraud victims lose $28,000 on average, Australian Communications and Media Authority (ACMA) member Samantha Yorke said.

SIM-swap scams - where bad actors take control of a person's number and use it to steal money from the original SIM owner - can be particularly devastating as victims can lose personal information and, in the worst case scenario, their life savings.

"While there is no direct evidence anyone suffered losses because of these breaches, customers need to be able to trust that their telcos are protecting their accounts from fraud," Ms Yorke said.

"It is unacceptable that Telstra did not have proper systems in place when the rules came into force."

Telstra has committed to having an independent consultant review its compliance with customer ID rules and make improvements where needed.

According to a Telstra spokesman, the non-compliance occurred when updates to 2022 security obligations meant the telco had to design and deploy multi-factor authentication processes across all channels, while maintaining its ability to service customer requests.

"We needed to take the time to get the implementation right for our customers, and while we made the changes as quickly as possible, we were not able to meet the initial commencement date for some aspects of the new rules," it said in a statement.

"We kept the ACMA informed, took measures to minimise the risk to customers and the ACMA investigation did not uncover any evidence of losses throughout our phased implementation.

"We have a strong track record in investing to keep our customers' data and transactions safe and secure, and the delay was largely due to the care we took to ensure there were no poor outcomes for our customers through the changes."

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.