Create a free account, or log in

Telco slapped with $260,000 fine over customer ID rules breach

Australians who lost tens of thousands to SIM card fraud now have retribution after their telco was fined over compliance failures that led to the scam.
January 17, 2024
microsoft crowdstrike scam right to disconnect
Source: Unsplash/ Priscilla Du Preez

Australians who lost tens of thousands to SIM card fraud now have retribution after their telco was fined over compliance failures that led to the scam.

The Australian Communications and Media Authority (ACMA) revealed Medion has been forced to pay a $260,000 fine after the watchdog found the telco had not complied with customer ID rules.

As a result, nine customers had SIM cards illegally swapped and five of them together lost more than $160,000.

According to the ACMA, a process known as SIM-swapping allowed bad actors to take control of the customers’ phone numbers by using their personal details to request a new SIM card.

ACMA chair Nerida O’Loughlin said this could cause significant harm to users.

“Scammers may then be able to gain access to your online banking accounts and other personal information — in this case, criminals have taken advantage of Medion’s compliance failures,” she said.

Speaking about Australians broadly falling victim to hackers, Anthony Albanese on Wednesday described the issue as a “scourge”.

“So many vulnerable people being ripped off who’ve acted in absolutely good faith,” the prime minister told 5AA.

“We need to make sure that they are protected.”

Albanese said the government was considering measures, including a legislative framework, to ensure victims got their money back.

New rules introduced in 2022 require telcos to conduct multi-factor identity authentication checks before high-risk requests like SIM swaps, disclosure of personal information, and account changes.

But ACMA’s investigation found Medion had breached these regulations by failing to verify more than 1600 SIM-swap requests and one password change request.

“The rules have now been in place for well over 12 months, so telcos have had more than enough time to ensure they have robust verification processes,” O’Loughlin said.

The company has since paid the $260,000 fine and appointed an independent consultant to review its compliance with customer ID rules.

Medion must report to ACMA on its progress as part of a two-year court-enforceable agreement.

The same telco also entered a court-enforceable undertaking in 2014 after the consumer watchdog found that its “unlimited” ALDI mobile pack placed significant usage restrictions on customers.

This article was first published by AAP.