#Fail: Telus Customer Loses Phone… Then Gets A Massive Bill

Yesterday, CBC reported that a Canadian Telus customer was hit with $24K cell phone bill after someone used his phone fraudulently.  Jesse Janssen, from Vancouver, knew he had lost his phone, however was shocked to receive a bill for roaming charges of $24,225.80, instead of his monthly charge of $67.

He knew he had not authorized these charges and was shocked when Telus informed him that it had received permission, via his cell phone, to run up this huge bill. Janssen soon learned that anyone with access to a phone with a Telus cellular plan can give consent by simply replying “yes” to a text message sent by the company.

#Fail

Lisa Baergen, director at award-winning biometrics company,  NuData Security had this to say which I think sums up this situation: 

“This story points to a much needed paradigm shift in how we think about authentication, whereby identity isn’t tested with a single factor such as a simple ‘yes’ via text message, password, physical biometric or any other single data point. Instead, the verification should be based on multiple factors that are combined and analyzed to give a more complete risk assessment of the user – even if legitimate credentials are presented by the fraudster. The test should also be based on dynamically generated information that isn’t stored and therefore isn’t subject to theft, mimicry or spoofing. There are tools, such as passive biometrics, on the market now that base their verification test on dynamic data, not solely single-factor data such as a password or 2FA. These multi-factor methods are the only way we are going to move beyond much of this identity fraud in the future.”

One has to wonder if Telus among other carriers will look at this and improve their processes to stop this sort of thing from happening in the future. Telus, Rogers, Bell, the ball is in your court.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: