Australia: Issued ruling in ACMA investigation into Telstra for allegedly failing to perform customer ID authentication processes

On 24 June 2024, the Australian Communications and Media Authority (ACMA) issued a ruling regarding its investigation into Telstra for allegedly failing to perform customer ID authentication processes. ACMA's investigation determined that Telstra did not comply with the Telecommunications Act, which mandates that a carriage service provider such as Telstra must use identity authentication processes to verify that the person requesting a high-risk customer transaction is indeed the customer. This failure left consumers vulnerable to SIM-swap scams and other types of mobile fraud. Consequently, ACMA imposed a financial penalty of 1.5 million AUD on Telstra and mandated a comprehensive two-year court-enforceable undertaking. This undertaking requires Telstra to appoint an independent consultant to review its compliance with customer ID rules and make necessary improvements.