Australia’s major mobile carriers are getting close to using multi-factor authentication for SIM-related activities, ahead of new ACMA mobile customer verification rules that come into force at the end of this month.
The ACMA is introducing new customer verification rules to try and tackle “SIM swap” frauds, in which customers lose control of their devices to scammers.
Optus has updated its support page to alert customers to the upcoming implementation of multi-factor authentication.
“We’re going the extra mile to make sure your Optus account is more secure than ever before. That’s why we’re introducing multi-factor authentication, so you can continue to enjoy the same peace of mind you can always expect from us when it comes to the safety of your personal information,” it said.
The carrier alerted customers to the coming change in an email sent on June 1, saying the new verification rules come into effect June 27.
An Optus spokesperson told iTnews it is part of a strategy to “expand our multi-factor authentication protections to a wider range of transaction types.”
In some cases, the spokesperson said, identity verification may require in-store visits or other kinds of escalation, even though “many customers feel this is burdensome”.
Telstra also confirmed to iTnews its customer verification will be enhanced.
“We are making some changes to how customers can get assistance to reset their passwords,” a Telstra spokesperson said.
“We are also expanding two-step verification across more of our channels and transactions to ensure we’re talking only to our customers.”
While Telstra did not offer any implementation details, founder of Money Magazine Paul Clitheroe recently documented his own experience of being caught in a SIM swap scam.
Clitheroe lost control of his SIM twice in the space of days because of failures in Telstra’s processes, for which the carrier has apologised.
He said Telstra advised him that an account lock is being introduced, and that Telstra “is also bringing in a digital ID scanning product, which I presume will allow facial recognition.”
A Vodafone spokesperson told iTnews it’s not ready to announce details of its implementations, but they are “still being worked through”.
Not everybody is happy, however. One provider, who declined to be identified, told iTnews the federal government needs to provide better support for businesses wanting authorisation to use “biometric authentication in the form of driver’s licenses, passports, and so on”.
Business access to the federal government’s Facial Verification Service project “will assist in fraud reduction”, the carrier said, but at this stage companies cannot rely on it for their business functions.
The ACMA has been warning carriers for some time that telcos need to better protect customers against SIM swaps.
It announced the coming regime of enforceable rules in April.
An ACMA spokesperson told iTnews: “The rules will apply to ‘high-risk’ transactions where there is the potential for harm caused to customers when access to their personal information, business information or telecommunications service is targeted by unauthorised persons or entities (including, but not limited to, SIM swap requests, and changes to customer account information).”
Compliance with the rules will be monitored, with penalties as high as $250,000 per contravention.