Telstra: Difference between revisions

Line 22:

==Controversy's==

===Putting customers under risk of being scammed/defrauded===

In 2024 Telstra was found by the ACMA to have not authenticating customer IDs between August 2022 and April 2023 during 168,000 high-risk interactions such as password resets or SIM card swaps and has been fined $1.5 Million.<ref>ABC - ACMA found Telstra didn't have MFA for high-risk customer activities such as changing password after new rules were implemented in 2022 - https://www.abc.net.au/news/2024-07-17/telstra-fined-1-5m-for-leaving-customers-vulnerable-to-scams/104107146</ref>

Under ACMA rules that were introduced in 2022 required that all telcos in Australia to have implemented Multi-Factor ID authentication such as OTP to email/current phone number on file for high-risk changes to accounts.

The investigation found Telstra was not compliant with the new regulations and it identified about 7,000 instances involving customers in vulnerable circumstances.

A Telstra spokesperson at the time says they were "very supportive" of regulations focused on customer security, but said the 2022 regulations were significant in scope, "We had to design and deploy multi-factor authentication processes across all our channels," they continued, arguing the company missed the start date for the new regulations because it was making sure the processes worked properly.

ACMA did not find any direct evidence of losses from the breaches.

Telstra had agreed to a two-year undertaking with ACMA to take action on the breaches for future transactions, which is court enforceable if not followed.

===Locking purchased content behind new Fetch hardware===

@@ Line 22: / Line 22: @@
 ==Controversy's==
+===Putting customers under risk of being scammed/defrauded===
+In 2024 Telstra was found by the ACMA to have not authenticating customer IDs between August 2022 and April 2023 during 168,000 high-risk interactions such as password resets or SIM card swaps and has been fined $1.5 Million.<ref>ABC - ACMA found Telstra didn't have MFA for high-risk customer activities such as changing password after new rules were implemented in 2022 - https://www.abc.net.au/news/2024-07-17/telstra-fined-1-5m-for-leaving-customers-vulnerable-to-scams/104107146</ref>
+Under ACMA rules that were introduced in 2022 required that all telcos in Australia to have implemented Multi-Factor ID authentication such as OTP to email/current phone number on file for high-risk changes to accounts.
+The investigation found Telstra was not compliant with the new regulations and it identified about 7,000 instances involving customers in vulnerable circumstances.
+A Telstra spokesperson at the time says they were "very supportive" of regulations focused on customer security, but said the 2022 regulations were significant in scope, "We had to design and deploy multi-factor authentication processes across all our channels," they continued, arguing the company missed the start date for the new regulations because it was making sure the processes worked properly.
+ACMA did not find any direct evidence of losses from the breaches.
+Telstra had agreed to a two-year undertaking with ACMA to take action on the breaches for future transactions, which is court enforceable if not followed.
 ===Locking purchased content behind new Fetch hardware===