Vodafone Australia will ‘significantly improve’ its processes for verifying the identity of pre-paid mobile subscribers under an enforceable undertaking accepted by the Australian Communications and Media Authority (ACMA). Announcing the development, the ACMA said the undertaking had been submitted following an investigation it had carried out in which it found the cellco had failed to verify the identity of at least 1,028 customers before activating their pre-paid mobile service. The breaches reportedly occurred between 6 January 2015 and 6 January 2016, and were said to have resulted from changes to Vodafone’s IT systems that allowed customers to self-select online that their identity had been verified in store, without any further check that this had actually occurred. Under the court-enforceable undertaking Vodafone has committed to conducting a review and risk assessment of any future proposed changes to its systems and processes, while it will also instigate training programs, conduct compliance audits every six months and report to the ACMA.
As per the Telecommunications (Service Provider – Identity Checks for Prepaid Mobile Carriage Services) Determination 2017 (the Determination) all of Australia’s mobile network operators (MNOs) are required to verify the identity of pay-as-you-go customers before activating a service. Commenting on the matter, ACMA acting chairperson James Cameron said: ‘Verifying the identity of pre-paid mobile customers helps law enforcement and national security agencies obtain accurate information about the identity of customers for the purposes of their investigations … Telcos must check that changes to their IT systems don’t run the risk of contravening legal requirements.’