New rules to protect consumers from scams that target customer interactions with telcos came into force today (30 June 2022).
The rules introduced by the Australian Communications and Media Authority (ACMA) in April 2022 are designed to prevent unauthorised access by scammers to people’s telco services and personal information. These types of scams cost victims in Australia an average of around $28,000.
The obligations apply when telcos undertake high-risk transactions such as SIM-swap requests, changes to accounts or disclosure of personal information.
The Telecommunications Service Provider (Customer Identity Authentication) Determination 2022 requires telcos to protect their customers by:
- using multi-factor identity authentication to confirm that a person is the customer or their authorised representative
- having systems in place to identify customers at risk of fraud and providing them with additional protections
- publishing customer awareness information on their website.
Multi-factor authentication can include a customer confirming their personal information and responding with a one-time code consistent with how other essential services like banking operate.
Combating SMS and identity theft phone scams is an ACMA compliance priority, The ACMA has a range of enforcement actions available for telcos found to have breached the new rules, including commencing court proceedings.
This is the latest action taken by the ACMA to combat phone scams in Australia. It complements rules introduced in April 2020 requiring telcos to conduct stronger ID checks to stop mobile porting fraud.