The Australian Communications and Media Authority (ACMA) has moved to make telcos seek further approval from customers before a mobile number can be ported from one mobile provider to another.
Communications Minister Paul Fletcher said the process would include multifactor authentication, without detailing the exact steps involved, nor what factors would be used.
Telcos will have to comply with the new Telecommunications (Mobile Number Pre-porting Additional Identify Verification) Industry Standard 2020 from April 2020.
“The ACMA will actively monitor compliance with the industry standard and has enforcement powers to issue formal warnings or civil penalties of up to AU$250,000 to non-compliant mobile providers. The ACMA will have my full support in pursuing non-compliant mobile providers to ensure Australians are kept safe from scammers,” Fletcher said.
“I thank the mobile providers that have already put these measures in place and I make it very clear that I expect the others to comply with the standard by the end of April.”
The Australian Communications Consumer Action Network (ACCAN) pointed out that if a scammer is able to gain the personal information of customers, such as date of birth, it is possible to port a number and thereafter cause damage via access to bank accounts.
ACCAN backed the new standard, but wanted it to go further.
“Requiring all telcos to use multifactor authentication before they port a mobile number is a good idea, however, it’s important that this two-step process is secure. SMS messages aren’t secure enough to prevent fraudulent mobile number porting,” ACCAN CEO Teresa Corbin said.
“We’d like to see the ACMA require telcos to use highly secure forms of verification such as hardware or software authentication tokens which are generated with a mobile app. We’ve already seen some government services adopt this approach through the development of the myGov Code Generator app.”
Last year, ACMA introduced a revised Telecommunications Consumer Protections Code.