Proposed new identification measures, designed to reduce mobile number fraud are continuing to win favour in the industry – but there’s a caveat, with one vendor calling on Australia to go even further.
The new telco regulations, announced by the Federal Government earlier this week, are aimed at preventing the hijacking of mobile numbers which can then be used to access personal and financial information.
In announcing the plans, Paul Fletcher, Minister for Communications, said fraudulent number porting affects thousands of consumers each year with average losses of more than $10,000.
The new measures include the mandatory use of two-factor authentication before mobile numbers can be transfered between providers.
The Australian Communications and Media Authority, which has been directed to make the new rules mandating stronger identify verification processes, hailed the move earlier this week.
Now the Telecommunications Industry Ombudsman too, has applauded the announcement, noting it has received complaints about consumers having their bank accounts drained and email inboxes accessed through mobile number theft.
Ombudsman Judi Jones says the announcement is a positive step toward safeguarding mobile consumers from fraudsters.
“A lot of work has been done over the past year by the telco industry to address the security risks associated with mobile phone number theft, and I welcome the industry’s continued work towards consistently robust identity verification procedures. It is important to ensure these procedures keep up with evolving technological risks.”
Also giving a thumbs up – albeit a guarded one – is Robert Schwarz, managing director of software vendor Nuance Communications which says the move is ‘a step in the right direction’ – but one which can be improved on.
Schwarz says Nuance research shows fraud is a ‘massive’ issue impacting nearly a quarter of Australian consumers every year to the tune of $3,300 per person.
“As an organisation operating in fraud prevention and security, we still see too many cases where traditional knowledge based security methods like password are the industry norm,” Schwarz says.
“Cracking passwords has really become a routine for hackers, and I’m not surprised to see an average of 250 data breaches reported every six months in the context of the notifiable data breach scheme.”
He’s calling for the regulations to be extended to all industries handling consumer or business data, rather than just niche scenarios like telco rules.
“Another concern is that MFA and 2FA are only going to be viable for a limited amount of time. Hackers are learning fast and already discovering ways to bypass them.
“Even though they are still very secure, it is a patchy approach that fraudsters will force us to revisit in just a few years.”
He notes that just a few weeks ago, the FBI released a notification stressing out the insecurities of MFA, and urging organisations to start planning beyond with biometrics security.