An important topic of discussion within the industry is how technology continues to develop at a fas... Read the full story
2019-08-20 09:09 PM
I'm really worried about all the fraudulent porting that people with Optus numbers are complaining about and having to go through much to ensure security of their other personal phone number attached accounts.
I use 2F Google authenticator for important accounts but I'd also like to know that my phone number of years can't just be ported easily without my consent. I've heard that people just need your phone number and date of birth to port your number which are unfortunately not the most securely kept personal details hence easy for anyone with malicious intent to access.
What can I do or put in place with my current Optus account to prevent this increasingly common fraud occurring to me?
2019-08-20 09:39 PM
There is not really anything you can do.
Stuck behind outdated Gov & Industry rules.
Was a recent ABC article about this - was abotu Telstra but applies int his case to any telco.
2019-08-21 08:55 AM - edited 2019-08-21 09:00 AM
As @Paddylee says, there is really very little protection. Even 2FA like Google provides has fall back options to getting a SMS sent instead. Suggest you ensure all Google Recovery options are setup (definitely stick with the Google Authenticator App and not SMS). Also ensure your bank uses an App for 2FA verification and not SMS. Not bullet proof but pretty effective.
I disagree with Paddylee that the legislation is holding back the Telcos from providing a responsible service. The key clause does indeed say only a DOB and phone number are needed and that no delay can be made. This is purely the minimum amount of info needed to perform the port however it seems all Telcos believe it is also a sufficient ID protocol (clearly it isn't).
Part two of the clause requires the Telco to acertain your identity before proceeding. To my knowledge no Telco does. Perhaps a law suit or regulator intervention one day will force them to up their game (however I'm not holding my breath). At the very least an SMS could be sent to the number being ported at the start of the process, not the end.
2019-08-21 09:05 AM
@petergdownload the same set of user data e. G. Dob is a sgared requirement with ALL telcos, this is what the backend porting system uses.
I dont know who controls that side but its linked with every telco.
As far as I am aware - Optus now sends a sms when port out begins - cant stop it at this stage unless the personal info is incorrect and the automated system fails.
The uk system has your telco contact you - too bad if you lost/phone is damaged and your wanting to port to a new provider with their device.
What could they do to confirm your id in this case?
The whole system is flawed, has not kept up with the times and id theft is rampant as people click links on sites and emails and happily give away all their info.
Aus post now have their digital id system, perhaps it needs to be linked to that? Need to port - go down to your local post office of it still exists.
2019-08-21 09:25 AM - edited 2019-08-21 09:25 AM
Good to here that SMS is sent first now (that should help people get ahead of the issue if not prevent it).
I agree the system is badly implimented. It was obviously written with onw focus in mind (to speed up porting) but the lack of safe guards is a massive oversight given how phones have now become a security hub for many people.
Thinking about, it the following could be a solution: Telcos should break any port request into two stages. The initial one is the request that provides the number involved. Then the Telco sends a confirmation SMS to the number doing the requesting. It asks for the DOB to be sent back in a reply DDMMYYYY. Then the port proceeds. This complies with the legislation and is much more secure. Those that don't have their phone would need to get to a Telco store (amd store) to provide full ID.
Unfortuanately it would require every Telco to adopt the approach and the Telcos don't seem to do that much.