A telco operating in Australia has been forced to pay a fine for breaches to anti-scam laws that directly led to customers’ details being leaked to scammers.
The Australian Communication and Media Authority (ACMA) issued a $199,800 infringement notice to Singapore-based telecommunications operator Circles Australia (which trades as Circles.Life).
The company is also offering more than $100,000 in compensation payments to those affected.
The fine comes as part of ACMA’s crackdown on phone scams. ACMA says Circles failed to conduct required customer identity checks, directly leading to 42 customers’ bank details and email accounts being fraudulently accessed.
The victims in this case are not Circles.Life customers, but rather customers of other telcos who had their number transferred to Circles without their knowledge.
ACMA’s investigation found 1787 contraventions of industry rules for phone number transfers using Circle.Life SIM cards purchased between August and December 2021.
Essentially, Circles.Life should have been undertaking multi-factor identification when speaking with customers. But these checks didn’t happen, which led to user data being compromised.
ACMA chair Nerida O’Loughlin says multi-factor identification rules were introduced specifically to combat this type of fraud.
“Since the rules were introduced by ACMA in 2020, there has been a significant drop in mobile fraud reported to banks and government agencies,” Ms O’Loughlin says.
“It is deeply concerning that Circles.Life did not have proper processes in place for such a long period and that so many people were affected or put at risk of identity theft and fraud.”
Circles.Life Australia CEO Nicholas Demos told the Herald Sun his company had a one-time password verification process for online port-ins, but not for number ports performed through retail channels.
“While other verifications and security measures were in place, it represented a vulnerability in our process and breach of the industry standard,” he said, adding 42 customers were impacted when their numbers were ported – although this has been rectified.
“All 42 numbers were returned to their rightful owners some time ago and new processes and policies have been implemented to ensure that this never happens again.
“In fact, within two weeks of becoming aware of the situation we had designed, tested and deployed a fix which closed the vulnerability permanently.”
ACMA has listed combating SMS and identity theft phone scams as one of its compliance priorities for the 2022-23 financial year.
“Phone scams have severe financial and social impacts on Australians,” ACMA says.
“We’ll be enforcing new rules that require telcos to use stronger ID checks for transactions targeted by scammers, including SIM swap requests. We’ll also be establishing and enforcing new rules to reduce SMS scams.”
Have you ever been the victim of an SMS or other phone scam? Do you think the fine amount was sufficient in this case? Let us know in the comments section below.
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.