Vodafone IT error let prepaid users avoid ID checks

By on
Vodafone IT error let prepaid users avoid ID checks

Investigation revealed.

Vodafone will be forced to improve its processes for verifying the identity of prepaid SIM customers after an IT error let some purchasers through without checks.

The telco has agreed to an enforceable undertaking with the Australian Communications and Media Authority (ACMA), which investigated the case.

“The breaches ... resulted from changes to Vodafone’s IT systems that allowed customers to self-select online that their identity had been verified in store, without any further check that this had actually occurred,” the ACMA said.

ACMA found that Vodafone had “failed to verify the identity of at least 1028 customers before activating their prepaid mobile services.”

The actual number is likely to be much higher as the 1028 occurred on just three days in a the year-long period that the loophole in the SIM purchase process existed.

Investigation notes [.docx] show that Vodafone actually suspended 6383 prepaid services after the ACMA asked questions.

These 6383 users were suspended because Vodafone “was unable to verify the identity of the customer as part of [its] process of contacting those customers who remained active users of prepaid mobile carriage services and who had used the ID-checked in store option to activate their services.”

The ACMA said that ‘it seems highly likely that similar multiple contraventions occurred over the course of the remaining days of the investigation period which were not the subject of the ACMA’s detailed investigation.”

However, the regulator said it “makes no finding regarding any other possible contraventions beyond the 1028 contraventions” it pinged Vodafone for.

All telcos are required to verify the identity of customers of prepaid mobile services before activating their services.

The data is particularly useful for law enforcement purposes, the ACMA said.

A court-enforceable undertaking now commits Vodafone “to conduct a review and risk assessment of any future proposed changes to its systems and processes, instigate training programs, conduct compliance audits every six months and report to the ACMA.”

The ACMA’s acting chair James Cameron said that telcos “must check that changes to their IT systems don’t run the risk of contravening legal requirements.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acma check identity mobile prepaid sim telco telco/isp vodafone

Sponsored Whitepapers

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Future of work: Support your distributed HR workforce with digital document processes
Future of work: Support your distributed HR workforce with digital document processes
Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights

Events

Most Read Articles

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac replaces branch phone systems with iPhones, Teams Calling
Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics
NBN Co to charge free fibre recipients that don't stick with higher speed plans

NBN Co to charge free fibre recipients that don't stick with higher speed plans
CBA to rebrand its internal IT organisation

CBA to rebrand its internal IT organisation

Log In

Email:
Password:
  |  Forgot your password?