Vodafone IT error let prepaid users avoid ID checks

By on
Vodafone IT error let prepaid users avoid ID checks

Investigation revealed.

Vodafone will be forced to improve its processes for verifying the identity of prepaid SIM customers after an IT error let some purchasers through without checks.

The telco has agreed to an enforceable undertaking with the Australian Communications and Media Authority (ACMA), which investigated the case.

“The breaches ... resulted from changes to Vodafone’s IT systems that allowed customers to self-select online that their identity had been verified in store, without any further check that this had actually occurred,” the ACMA said.

ACMA found that Vodafone had “failed to verify the identity of at least 1028 customers before activating their prepaid mobile services.”

The actual number is likely to be much higher as the 1028 occurred on just three days in a the year-long period that the loophole in the SIM purchase process existed.

Investigation notes [.docx] show that Vodafone actually suspended 6383 prepaid services after the ACMA asked questions.

These 6383 users were suspended because Vodafone “was unable to verify the identity of the customer as part of [its] process of contacting those customers who remained active users of prepaid mobile carriage services and who had used the ID-checked in store option to activate their services.”

The ACMA said that ‘it seems highly likely that similar multiple contraventions occurred over the course of the remaining days of the investigation period which were not the subject of the ACMA’s detailed investigation.”

However, the regulator said it “makes no finding regarding any other possible contraventions beyond the 1028 contraventions” it pinged Vodafone for.

All telcos are required to verify the identity of customers of prepaid mobile services before activating their services.

The data is particularly useful for law enforcement purposes, the ACMA said.

A court-enforceable undertaking now commits Vodafone “to conduct a review and risk assessment of any future proposed changes to its systems and processes, instigate training programs, conduct compliance audits every six months and report to the ACMA.”

The ACMA’s acting chair James Cameron said that telcos “must check that changes to their IT systems don’t run the risk of contravening legal requirements.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acma check identity mobile prepaid sim telco telco/isp vodafone

Most Read Articles

Westpac CIO Curran warns ‘Big Tech’ is out of step

Westpac CIO Curran warns ‘Big Tech’ is out of step
Telstra says it could buy NBN when sold

Telstra says it could buy NBN when sold
US military weapons systems found to have vulnerabilities

US military weapons systems found to have vulnerabilities
Telstra CEO demands $20 a month NBN price cut

Telstra CEO demands $20 a month NBN price cut
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018

Events

Log In

Username / Email:
Password:
  |  Forgot your password?