Get all your news in one place.
100’s of premium titles.
One app.
Start reading
AAP
AAP
Kat Wong and Tess Ikonomou

Customers lose thousands in scams due to telco failures

Telcos are required to conduct multi-factor ID authentication checks before high-risk requests. (Mick Tsikas/AAP PHOTOS)

Australians who lost tens of thousands to SIM card fraud now have retribution after their telco was fined over compliance failures that led to the scam.

The Australian Communications and Media Authority (ACMA) revealed Medion has been forced to pay a $260,000 fine after the watchdog found the telco had not complied with customer ID rules.

As a result, nine customers had SIM cards illegally swapped and five of them together lost more than $160,000.

According to the ACMA, a process known as SIM-swapping allowed bad actors to take control of the customers' phone numbers by using their personal details to request a new SIM card.

ACMA chair Nerida O'Loughlin said this could cause significant harm to users.

Australian Communications and Media Authority Chair Nerida O'Loughlin
Nerida O'Loughlin says telcos must ensure they have robust verification processes in place. (Mick Tsikas/AAP PHOTOS)

"Scammers may then be able to gain access to your online banking accounts and other personal information - in this case, criminals have taken advantage of Medion's compliance failures," she said.

Speaking about Australians broadly falling victim to hackers, Anthony Albanese on Wednesday described the issue as a "scourge".

"So many vulnerable people being ripped off who've acted in absolutely good faith," the prime minister told 5AA.

"We need to make sure that they are protected."

Mr Albanese said the government was considering measures, including a legislative framework, to ensure victims got their money back.

New rules introduced in 2022 require telcos to conduct multi-factor identity authentication checks before high-risk requests like SIM-swaps, disclosure of personal information and account changes.

But ACMA's investigation found Medion had breached these regulations by failing to verify more than 1600 SIM-swap requests and one password change request.

"The rules have now been in place for well over 12 months, so telcos have had more than enough time to ensure they have robust verification processes," Ms O'Loughlin said.

The company has since paid the $260,000 fine and appointed an independent consultant to review its compliance with customer ID rules.

Medion must report to ACMA on its progress as part of a two-year court-enforceable agreement.

The same telco also entered a court-enforceable undertaking in 2014 after the consumer watchdog found that its "unlimited" ALDI mobile pack placed significant usage restrictions on customers.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.