Telstra, Optus, Vodafone ready multi-factor authentication

Gear up to meet new customer verification rules.

If any of you have need to call one of Australia’s major mobile carriers in recent weeks, you will have noticed that before your enquiry can be discussed, the agent will ask you a series of identity authentication questions to confirm your identity.

This process using multi-factor authentication for all account related activities, is a new ACMA mobile customer verification mandate that came into force recently

The ACMA is introducing new customer verification rules to try and tackle “SIM swap” frauds, in which customers lose control of their devices to scammers.

Optus has updated its support page to alert customers to the upcoming implementation of multi-factor authentication. 

“We’re going the extra mile to make sure your Optus account is more secure than ever before. That’s why we’re introducing multi-factor authentication, so you can continue to enjoy the same peace of mind you can always expect from us when it comes to the safety of your personal information,” it said.

The carrier alerted customers to the coming change in an email sent on June 1, saying the new verification rules come into effect June 27.

An Optus spokesperson said it is part of a strategy to “expand our multi-factor authentication protections to a wider range of transaction types.”

In some cases, the spokesperson said, identity verification may require in-store visits or other kinds of escalation, even though “many customers feel this is burdensome”.

Telstra also confirmed its customer verification will be enhanced.

“We are making some changes to how customers can get assistance to reset their passwords,” a Telstra spokesperson said.

“We are also expanding two-step verification across more of our channels and transactions to ensure we’re talking only to our customers.”

While Telstra did not offer any implementation details, founder of Money Magazine Paul Clitheroe recently documented his own experience of being caught in a SIM swap scam.

Clitheroe lost control of his SIM twice in the space of days because of failures in Telstra’s processes, for which the carrier has apologised.

He said Telstra advised him that an account lock is being introduced, and that Telstra “is also bringing in a digital ID scanning product, which I presume will allow facial recognition.”

A Vodafone spokesperson told it’s not ready to announce details of its implementations, but they are “still being worked through”.

Not everybody is happy, however, with one provider, lobbying the federal government to provide better support for businesses wanting authorisation to use “biometric authentication in the form of driver’s licenses, passports, and so on”.

Business access to the federal government’s Facial Verification Service project “will assist in fraud reduction”, the carrier said, but at this stage companies cannot rely on it for their business functions.

The ACMA has been warning carriers for some time that telcos need to better protect customers against SIM swaps.

It announced the coming regime of enforceable rules in April.

An ACMA spokesperson stated that: “The rules will apply to ‘high-risk’ transactions where there is the potential for harm caused to customers when access to their personal information, business information or telecommunications service is targeted by unauthorised persons or entities (including, but not limited to, SIM swap requests, and changes to customer account information).”

Compliance with the rules will be monitored, with penalties as high as $250,000 per contravention.

There are ways to make the process of identification more streamlined but you need to set up the correct structure up front with your provider and have alternative authorities on your accounts called TPA’s (Third Party authorities). These can be either Full TPA which basically means you can make any changes on the account or Limited TPA which allows you to make enquiries but not change any details on the account 

So in the event that you are NOT the name on the Account holder bill but you are a TPA, you will be able to make enquiries.

Connect My Tech can help you set up the right structure with your ISP so that any future calls into the call centres will be quicker and less frustrating 

 

Patrick Larobina.