Vodafone failed to verify the identity of 1028 customers

They resulted from changes to Vodafone's IT systems that allowed customers to self-select online that their identity had been verified in store, without any further check that this had actually occurred.

After having been made aware of ACMA's investigation, Vodafone identified 19,697 active services belonging to customers who had activated their prepaid mobile carriage services using the ID-checked in store option.

ACMA acting chair, James Cameron, warned telco's must check that changes to their IT systems don't run the risk of contravening legal requirements.

This follows an ACMA investigation that found the company failed to verify the identity of at least 1,028 customers before activating their prepaid mobile services.

It confirmed the identity of 13,314 of those services, and suspended 6383 where it was unable to confirm the identity of the customer.

"Verifying the identity of prepaid mobile customers helps law enforcement and national security agencies obtain accurate information about the identity of customers for the purposes of their investigations", he said.

The undertaking states that Vodafone accepts that there were "material weaknesses" in its compliance control framework that led to breaches of the determination.

"We can assure our customers that our systems and processes are robust, and we are continually working to ensure we act in accordance with the law", the spokesperson said.

A court-enforceable undertaking accepted by ACMA means Vodafone will have to conduct compliance audits every six months and a risk assessment of its current practices.

"During an upgrade to our prepaid customer activation systems over a period in 2015-2016, the system allowed a small number of customers to activate their Vodafone pre-paid services online without proper ID verification", a spokesperson for the telco said.