TIO wants telcos to have 24-hour fraud hotline

In an effort to reduce the amount of time fraudsters can control a SIM for, the TIO has called for extended fraud hotline hours.

red-rotary-phone

The Telecommunications Industry Ombudsman (TIO) has called for telcos to have a 24-hour hotline, or at a minimum extend current hotline hours, to allow consumers to report cases of fraud, especially involving SIM swapping.

In its report on systemic investigations into fraud enabled through phone and internet accounts, the TIO pointed out that fraudsters have exploited slow responses from telcos to create security breaches. This included a customer being kept on hold when trying to report fraud, failure of customers being able to contact telcos outside of business hours, staff not blocking fraudulent activity, staff not knowing how to deal with fraud, and attackers maintaining access to accounts after telcos were notified.

Typically, attackers were interested in ordering handsets and additional services once they controlled an account, or using control of a SIM to access other information including bank and government accounts.

"This can expose affected customers to considering financial and non-financial loss," the TIO said.

"Where a breach of privacy has occurred, providers may have to pay significant amounts of compensation to settle a consumer's complaint -- a cost that could have been avoided had the provider acted more quickly."

Other issues highlighted by the report included fraudsters getting access to accounts because telcos did not conduct proper identity checks, with one telco agreeing to use a government database for verification during the investigation, or incorrect advice being given to consumers about how to secure accounts.

"One provider gave consumers the option of using robust multi-factor authentication, such as one-time passwords or an authenticator app," the report said.

"However, this provider also offered other security measures which were not supported by its systems, such as passwords and PINs. This meant staff did not always ask for the password or PIN when someone wanted to access the account.

"A consumer may believe their account is secure when it is not."

The Communications Alliance said combating fraud was a challenge to all parties.

"Telcos are continually improving their practices to keep up with the ever-changing tactics of fraudsters," CEO John Stanton said.

"It is important that we do not become complacent and remind our customers to protect their personal information, offline as much as online."

In its most recent Complaints in Context report released a fortnight ago, the Comms Alliance said TIO complaints per 10,000 services in operation continued to trend down, being reported at 4.8 for the July to September quarter. Many telcos recorded the lowest complaint level since the report adopted its current format in 2019.

Related Coverage