Vodafone IT error let prepaid users avoid ID checks

By on
Vodafone IT error let prepaid users avoid ID checks

Investigation revealed.

Vodafone will be forced to improve its processes for verifying the identity of prepaid SIM customers after an IT error let some purchasers through without checks.

The telco has agreed to an enforceable undertaking with the Australian Communications and Media Authority (ACMA), which investigated the case.

“The breaches ... resulted from changes to Vodafone’s IT systems that allowed customers to self-select online that their identity had been verified in store, without any further check that this had actually occurred,” the ACMA said.

ACMA found that Vodafone had “failed to verify the identity of at least 1028 customers before activating their prepaid mobile services.”

The actual number is likely to be much higher as the 1028 occurred on just three days in a the year-long period that the loophole in the SIM purchase process existed.

Investigation notes [.docx] show that Vodafone actually suspended 6383 prepaid services after the ACMA asked questions.

These 6383 users were suspended because Vodafone “was unable to verify the identity of the customer as part of [its] process of contacting those customers who remained active users of prepaid mobile carriage services and who had used the ID-checked in store option to activate their services.”

The ACMA said that ‘it seems highly likely that similar multiple contraventions occurred over the course of the remaining days of the investigation period which were not the subject of the ACMA’s detailed investigation.”

However, the regulator said it “makes no finding regarding any other possible contraventions beyond the 1028 contraventions” it pinged Vodafone for.

All telcos are required to verify the identity of customers of prepaid mobile services before activating their services.

The data is particularly useful for law enforcement purposes, the ACMA said.

A court-enforceable undertaking now commits Vodafone “to conduct a review and risk assessment of any future proposed changes to its systems and processes, instigate training programs, conduct compliance audits every six months and report to the ACMA.”

The ACMA’s acting chair James Cameron said that telcos “must check that changes to their IT systems don’t run the risk of contravening legal requirements.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acma check identity mobile prepaid sim telco telco/isp vodafone

Sponsored Whitepapers

Encryption: Protect your most critical data
Encryption: Protect your most critical data
Overcoming data security challenges in a hybrid, multicloud world
Overcoming data security challenges in a hybrid, multicloud world
Move beyond passwords
Move beyond passwords
The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training

Events

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move
CBA becomes first 'Big 4' data recipient under CDR

CBA becomes first 'Big 4' data recipient under CDR
Infosys scores another $40m for Centrelink payments engine build

Infosys scores another $40m for Centrelink payments engine build
NSW Police green-lights Mark43 for $1bn COPS overhaul

NSW Police green-lights Mark43 for $1bn COPS overhaul
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?