Yesterday, CBC reported that a Canadian Telus customer was hit with $24K cell phone bill after someone used his phone fraudulently. Jesse Janssen, from Vancouver, knew he had lost his phone, however was shocked to receive a bill for roaming charges of $24,225.80, instead of his monthly charge of $67.
He knew he had not authorized these charges and was shocked when Telus informed him that it had received permission, via his cell phone, to run up this huge bill. Janssen soon learned that anyone with access to a phone with a Telus cellular plan can give consent by simply replying “yes” to a text message sent by the company.
#Fail
Lisa Baergen, director at award-winning biometrics company, NuData Security had this to say which I think sums up this situation:
“This story points to a much needed paradigm shift in how we think about authentication, whereby identity isn’t tested with a single factor such as a simple ‘yes’ via text message, password, physical biometric or any other single data point. Instead, the verification should be based on multiple factors that are combined and analyzed to give a more complete risk assessment of the user – even if legitimate credentials are presented by the fraudster. The test should also be based on dynamically generated information that isn’t stored and therefore isn’t subject to theft, mimicry or spoofing. There are tools, such as passive biometrics, on the market now that base their verification test on dynamic data, not solely single-factor data such as a password or 2FA. These multi-factor methods are the only way we are going to move beyond much of this identity fraud in the future.”
One has to wonder if Telus among other carriers will look at this and improve their processes to stop this sort of thing from happening in the future. Telus, Rogers, Bell, the ball is in your court.
Like this:
Like Loading...
Related
This entry was posted on February 8, 2017 at 8:29 pm and is filed under Commentary with tags Telus. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
#Fail: Telus Customer Loses Phone… Then Gets A Massive Bill
Yesterday, CBC reported that a Canadian Telus customer was hit with $24K cell phone bill after someone used his phone fraudulently. Jesse Janssen, from Vancouver, knew he had lost his phone, however was shocked to receive a bill for roaming charges of $24,225.80, instead of his monthly charge of $67.
He knew he had not authorized these charges and was shocked when Telus informed him that it had received permission, via his cell phone, to run up this huge bill. Janssen soon learned that anyone with access to a phone with a Telus cellular plan can give consent by simply replying “yes” to a text message sent by the company.
#Fail
Lisa Baergen, director at award-winning biometrics company, NuData Security had this to say which I think sums up this situation:
“This story points to a much needed paradigm shift in how we think about authentication, whereby identity isn’t tested with a single factor such as a simple ‘yes’ via text message, password, physical biometric or any other single data point. Instead, the verification should be based on multiple factors that are combined and analyzed to give a more complete risk assessment of the user – even if legitimate credentials are presented by the fraudster. The test should also be based on dynamically generated information that isn’t stored and therefore isn’t subject to theft, mimicry or spoofing. There are tools, such as passive biometrics, on the market now that base their verification test on dynamic data, not solely single-factor data such as a password or 2FA. These multi-factor methods are the only way we are going to move beyond much of this identity fraud in the future.”
One has to wonder if Telus among other carriers will look at this and improve their processes to stop this sort of thing from happening in the future. Telus, Rogers, Bell, the ball is in your court.
Share this:
Like this:
Related
This entry was posted on February 8, 2017 at 8:29 pm and is filed under Commentary with tags Telus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.