Telcos to cop $250k fines for slack mobile number theft controls

Phone scammers trying to steal control of mobile phone numbers and the services they enable, like mobile banking and payments will have their lives made that little bit harder after Australia’s communications watchdog hit carriers with new rules and fines to frustrate the scams.

The Australian Communications and Media Authority on Friday said carriers must by April 30 comply with new rules mandating that telcos impose additional identity verification steps when porting someone’s number or face penalties of up $250,000 for failures.

Dubbed the (Mobile Number Pre-porting Additional Identify Verification) Industry Standard 2020, the move has been welcomed by Telecommunications Industry Ombudsman who said it would help safeguard people from having their bank accounts “drained”.

“We are pleased to see our systemic investigation work informing this regulatory action. The telecommunications industry has worked hard over the last year to address the security risks associated with mobile number theft,” Ombudsman Judi Jones said.

Phone porting has grown substantially as a scam of choice for fraudsters looking to steal money and value held in accounts as traditional online card fraud is reined in by chips and card number virtualisation for some kinds of payments.

But with so many payments and transactions now made through mobile apps, control of mobiles has become the big prize, usually executed by duping carriers into switching account control.

“Victims in Australia lose on average more than ten thousand dollars,” ACMA Authority member Fiona Cameron said. 

“Mobile phones contain a lot of personal information so once a scammer has control of your number, they can hijack a lot of personal services, like online banking.”

The main feature of the new rules is that they will require telcos to use multi-factor authentication prior to verify a customer’s identity before allowing a switch.

Banks have been especially keen on the extra security factors because they often initially wear the cost of identity fraud, especially when services like cash withdrawals from ATMs or funds transfers take place.

The move to thump in porting scams follows moves by ACMA in November 2019 to put new obligations on carriers to share scam call data between each other to stop crooks from moving from one carrier to the next.

From the second quarter of 2020 telcos will be required to share scam call data and to commit to a series of actions designed to “verify, trace and block scam calls”.

Telcos are also required “implement and update SMS filtering technology” and to stay on top of “broader technological development and international initiatives for potential implementation”.