SPRINTSCAN 001 VODAFONE 000301 BRW PHOTOGRAPH BY GABRIELE CHAROTTE GENERIC VODAFONE***afrphotos南京夜网***Vodafone Hutchison Australia has been pinged by the regulator after failing to verify the identity of thousands of people buying pre-paid mobile phones.
An IT system update from Vodafone had allowed customers to self-select online that their identities had been verified when they were in a store. It did not require a check to ensure that this had happened.
The company has entered into an enforceable undertaking with Australian Communications and Media Authority (ACMA) to ensure identity checks are up to date.
Identity checking laws require telecommunications companies to verify IDs of buyers of pre-paid phones to assist law enforcement and national security agencies.
ACMA acting chair James Cameron said telcos “must check that changes to their IT systems don’t run the risk of contravening legal requirements”.
“Verifying the identity of pre-paid mobile customers helps law enforcement and national security agencies obtain accurate information about the identity of customers for the purposes of their investigations,” Mr Cameron said.
Details from the investigation found 19,697 services belonged to customers who activated their pre-paid mobiles using the “ID checked in store” option online.
It confirmed the identity of 13,314 of those services, and suspended 6383 where it was unable to confirm the identity of the customer.
In October 2016, ACMA requested information from Vodafone about three sample days in 2015 and 2016. Over these days, 1569 had checked the ID in store option.
Of those customers, 1028 did not have their ID checked.
A Vodafone spokeswoman said the upgrade to its pre-paid customer activation systems “allowed a small number of customers” to activate their services without property identification verification.
“Vodafone has since taken steps to confirm the identity of those customers or cancel services in cases where this verification wasn’t possible, and resolve the underlying issue,” she said.
“We can assure our customers that our systems and processes are robust, and we are continually working to ensure we act in accordance with the law.”
She said the company had worked closely with ACMA to ensure ongoing compliance and was committed to the undertaking.
In the enforceable undertaking, Vodafone accepted there were “material weaknesses” in its compliance control framework that had allowed the activations to take place.
Since the investigation began, it had reviewed affected customers, changed its verification method, implemented processes to ensure identity verification and undertaken audits of its customer base to ensure identity verification was occurring.
The undertaking is effective for 24 months and requires Vodafone to keep written details about the description of the arrangements it has in place, to ensure identity checks are kept up to date and to keep records of related checks and inquiries.
Before it makes any change to its pre-paid identity verification systems, it is required to conduct a review of proposed changes and keep records of the review, conduct a risk assessment and a post-risk assessment, and audit its pre-paid ID records every six months during the undertaking.
This story Administrator ready to work first appeared on Nanjing Night Net.