The Australian Communications and Media Authority has issued formal warnings to Telstra, Optus and Medion Mobile after they failed to verify people's identities before transferring their mobile numbers to other telcos, a process known as porting.
ACMA introduced new rules early last year that tightened up customer verification processes to prevent porting being abused for fraudulent purposes.
The new rules asked telcos to take further steps to make sure that people are who they say the are, such as multi-factor authentication, or in-person identification.
New rules notwithstanding, ACMA found that in mid 2020, Telstra did not adequately verify customer identities on 52 occasions.
Medion Mobile failed to do so on 53 occasions, and Optus once last year.
Hijacking mobile phone numbers could be used to commit identify fraud, and ACMA said that on average, victims lost more than A$10,000.
Victims can also find it hard to regain control over their identities for long periods of time, ACMA said.
“We are cracking down on telcos that don’t follow the rules and leave customers vulnerable to identity theft,” ACMA chair Nerida O'Loughlin said.
O'Loughlin said that the new rules have led to some telcos reporting that porting fraud has stopped completely, and others seen it drop by more than 90 per cent.
A Telstra spokesperson told iTNews that the telco had made some slip-ups with porting leading to a small number of customers being defrauded.
“We’re big supporters of the new rules the ACMA put in place last year,” the spokesperson said.
“Unfortunately when these rules first came into effect, we didn’t have all our processes in place to implement some of the changes as quickly as we should have.
“That meant in a small number of cases we let customers down, and we apologise to anyone affected.
“Since then we have put these new processes in place and seen a dramatic reduction in fraudulent port-ins.”
Breaching the ACMA anti-porting fraud rules could lead to penalties of up to A$250,000 for telcos.