Vodafone IT error let prepaid users avoid ID checks

By on
Vodafone IT error let prepaid users avoid ID checks

Investigation revealed.

Vodafone will be forced to improve its processes for verifying the identity of prepaid SIM customers after an IT error let some purchasers through without checks.

The telco has agreed to an enforceable undertaking with the Australian Communications and Media Authority (ACMA), which investigated the case.

“The breaches ... resulted from changes to Vodafone’s IT systems that allowed customers to self-select online that their identity had been verified in store, without any further check that this had actually occurred,” the ACMA said.

ACMA found that Vodafone had “failed to verify the identity of at least 1028 customers before activating their prepaid mobile services.”

The actual number is likely to be much higher as the 1028 occurred on just three days in a the year-long period that the loophole in the SIM purchase process existed.

Investigation notes [.docx] show that Vodafone actually suspended 6383 prepaid services after the ACMA asked questions.

These 6383 users were suspended because Vodafone “was unable to verify the identity of the customer as part of [its] process of contacting those customers who remained active users of prepaid mobile carriage services and who had used the ID-checked in store option to activate their services.”

The ACMA said that ‘it seems highly likely that similar multiple contraventions occurred over the course of the remaining days of the investigation period which were not the subject of the ACMA’s detailed investigation.”

However, the regulator said it “makes no finding regarding any other possible contraventions beyond the 1028 contraventions” it pinged Vodafone for.

All telcos are required to verify the identity of customers of prepaid mobile services before activating their services.

The data is particularly useful for law enforcement purposes, the ACMA said.

A court-enforceable undertaking now commits Vodafone “to conduct a review and risk assessment of any future proposed changes to its systems and processes, instigate training programs, conduct compliance audits every six months and report to the ACMA.”

The ACMA’s acting chair James Cameron said that telcos “must check that changes to their IT systems don’t run the risk of contravening legal requirements.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acma check identity mobile prepaid sim telco telco/isp vodafone

Most Read Articles

Researchers say not to use myGovID until login flaw is fixed

Researchers say not to use myGovID until login flaw is fixed
Aussie Broadband boss says NBN Co could change price construct in months, if it wanted to

Aussie Broadband boss says NBN Co could change price construct in months, if it wanted to
'Zerologon' Windows domain admin bypass exploit released

'Zerologon' Windows domain admin bypass exploit released
Optus, Vocus score first deals in ATO telco carve-up

Optus, Vocus score first deals in ATO telco carve-up
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

A Migration Guide For Businesses Switching Mobile Device Management Solutions
A Migration Guide For Businesses Switching Mobile Device Management Solutions
Plan your post-COVID security strategy
Plan your post-COVID security strategy
The Executive's Guide To The Future Of Work
The Executive's Guide To The Future Of Work
Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency

Events

Log In

Username / Email:
Password:
  |  Forgot your password?