Phone porting clampdown wins thumbs up – but is it enough?

Proposed new identification measures, designed to reduce mobile number fraud are continuing to win favour in the industry – but there’s a caveat, with one vendor calling on Australia to go even further.

The new telco regulations, announced by the Federal Government earlier this week, are aimed at preventing the hijacking of mobile numbers which can then be used to access personal and financial information.

In announcing the plans, Paul Fletcher, Minister for Communications, said fraudulent number porting affects thousands of consumers each year with average losses of more than $10,000.

The new measures include the mandatory use of two-factor authentication before mobile numbers can be transfered between providers.

The Australian Communications and Media Authority, which has been directed to make the new rules mandating stronger identify verification processes, hailed the move earlier this week.

Now the Telecommunications Industry Ombudsman too, has applauded the announcement, noting it has received complaints about consumers having their bank accounts drained and email inboxes accessed through mobile number theft.

Ombudsman Judi Jones says the announcement is a positive step toward safeguarding mobile consumers from fraudsters.

“A lot of work has been done over the past year by the telco industry to address the security risks associated with mobile phone number theft, and I welcome the industry’s continued work towards consistently robust identity verification procedures. It is important to ensure these procedures keep up with evolving technological risks.”

Also giving a thumbs up – albeit a guarded one – is Robert Schwarz, managing director of software vendor Nuance Communications which says the move is ‘a step in the right direction’ – but one which can be improved on.

Schwarz says Nuance research shows fraud is a ‘massive’ issue impacting nearly a quarter of Australian consumers every year to the tune of $3,300 per person.

“As an organisation operating in fraud prevention and security, we still see too many cases where traditional knowledge based security methods like password are the industry norm,” Schwarz says.

“Cracking passwords has really become a routine for hackers, and I’m not surprised to see an average of 250 data breaches reported every six months in the context of the notifiable data breach scheme.”

He’s calling for the regulations to be extended to all industries handling consumer or business data, rather than just niche scenarios like telco rules.

“Another concern is that MFA and 2FA are only going to be viable for a limited amount of time. Hackers are learning fast and already discovering ways to bypass them.

“Even though they are still very secure, it is a patchy approach that fraudsters will force us to revisit in just a few years.”

He notes that just a few weeks ago, the FBI released a notification stressing out the insecurities of MFA, and urging organisations to start planning beyond with biometrics security.

New telco rules take aim at poor sales practices, financial overcommitment

The Australian telco industry regulator has signed off on the latest revision of the Telecommunications Consumer Protections (TCP) Code, with new rules aimed at protecting consumers from poor sales practices and over-committing financially.

The revised TCP Code, which was developed by industry body the Communications Alliance, compels telcos to assess customers’ ability to pay for the services they purchase and to clearly explain key terms and conditions, allowing customers to make more informed decisions.

Among the new rules is a requirement for telcos to obtain information from new customers on total contracts exceeding A$1,000 (roughly A$45 per month) about how they expect to be able to pay their bills.

Moreover, the new rules call for an external credit check from a credit reporting body, with these additional provisions also applying to pre-paid customers moving to post-paid accounts. The Code has also been expanded to provide protections to more small businesses.

According to ACMA Chair Nerida O’Loughlin, the regulator has seen evidence of customers being encouraged to sign up to multiple plans which not only do not meet their needs, but are also excessive or beyond their financial capacity.

“The impact of this is serious, particularly for those in vulnerable circumstances, leading to financial hardship and denial of access to critical services,” O’Loughlin said.

“The new TCP Code puts the onus on telcos to ensure customers understand what they are buying. We will be subjecting telcos to close scrutiny as to how well their practices conform with the new Code,” she said.

The ACMA said it will monitor and investigate non-compliance and test the effectiveness of the new rules, which are enforceable by the regulator.

The Communications Alliance, which developed the revised Code with input from government, industry and consumers, hopes that the new rules will help to provide greater transparency about the comparative customer service performance of the major service providers in the local market.

According to the industry body, this will be achieved, at least in part, via an expanded ‘Complaints in Context’ index, which is published quarterly.

The ‘Complaints in Context’ report typically provides the number of new Telecommunications Industry Ombudsman (TIO) complaints lodged against each participating service provider as a proportion of the telecommunications services that provider has in operation.

For Communications Alliance CEO John Stanton, the latest revision of the TCP Code comes at an important time for both the telco industry and consumers.

“As telecommunications become more central to everyday life and consumer expectations evolve, we are also seeing rapid change within the industry, with more providers joining the marketplace and evolution in product offerings and in the service delivery chain,” Stanton said.

“It is vital to… ensure consumer protections keep up with the pace of change, in pursuit of ongoing and positive improvements in consumer experience,” he said.

Suppliers will have one month from 1 July to become compliant with most of the changes in the new revised Code.