Telecommunications company Circles.Life has been fined nearly $200,000 for failing to undertake customer identity checks, which led to a number of scammed customers, and has paid an extra $100,000 in compensation.
According to an investigation by the Australian Communications and Media Authority (ACMA), Circles.Life allegedly contravened 1,787 industry rules for phone number transfers using Circles.Life SIMs purchased between August and December 2021.
The ACMA investigation claimed Circles.Life did not use any identity verification checks for customers porting numbers to its systems from October 2020 to December 2021 through its retail channel, which can take the form of verification code messages sent by SMS or email, as well as verifying by mobile and biometric data.
These checks however were in place for online customers.
Regardless, this led to 42 consumers experiencing fraud-related issues, like compromised email accounts and loss of access to banking accounts, with seven of these experiencing financial losses.
“It is deeply concerning that Circles.Life did not have proper processes in place for such a long period and that so many people were affected or put at risk of identity theft and fraud,” ACMA Chair Nerida O’Loughlin said.
“Combatting these types of scams requires concerted action by all telcos and one weak link exposes all consumers to harm.
“It is the customers of other telcos who have fallen victim in this case by having their number transferred to Circles.Life without their knowledge.”
While O’Loughlin stated that the alleged breaches should not have taken place, Circles.Life responded quickly to the issue at hand through instating the necessary identity checks, assigning regulatory staff to oversee its activities and providing recompense to the 42 affected customers.
“Some of the victims have experienced significant stress due to Circles.Life’s failure and we are pleased to see the company is providing recompense to acknowledge the profound emotional toll and disruption often caused by these scams,” she added.
Nicholas Demos, CEO at Circles.Life Australia, admitted that the lack of verification checks in-store "represented a vulnerability in our process and breach of the Industry Standard".
"All 42 numbers were returned to their rightful owners some time ago and new processes and policies have been implemented to ensure that this never happens again," Demos said.
"In fact, within 2 weeks of becoming aware of the situation we had designed, tested and deployed a fix which closed the vulnerability permanently. This is a first for us and we are deeply sorry to our customers and the industry, as we know this represents a loss of trust.
"We have an enviable record and have established telco operations in five very different countries around the world and successfully navigated five unique regulatory landscapes with their own rules, processes and legislation. We have never made an error like this before and we’re committed to ensuring it never happens again.”
Its sole director, Nicholas Kontaxis, was also fined $115,125. In court proceedings, he said he thought he could overturn the decisions made by the Telecommunications Industry Ombudsman about the payments.