CHOICE membership

Mobile Phone Number Porting Fraud/Identity Theft

An article regarding how easy it is for scammers to fraudulently port a consumer’s mobile phone number and the failure of telcos and banks to improve security.


Some agencies and institutions place a phone number as secure ID, and many consumers use it. It’s a bit odd that telcos can just port it based on a call, not even a visit some where with personal contact and photo ID.


Maybe porting a number is not too difficult, even though they have to know my surname, postcode, date of birth, phone number (And possibly my PIN number?)

But I would think changing my Bank password would not be so easy, as they would have to know the security questions before being able to change it… and my bank informs me immediately by email of any changes made…


They start with getting the number, they use that as most people use the number as their backup for email accounts to change the password on the email account. Then they have access to a whole lot more such as your name, date of birth etc.


When we add a new account to transfer or BPay money to, the CBA texts a 6 digit code to enter on their website to complete setting up the new payee, and then again when the first payment is made.

If someone managed to port our numbers, there would be nothing to stop them if they had the logon details for the bank account.


It looks like they get personal details from social media to be able to know so much?
Unless they knew you well wouldn’t it be a bit difficult to guess so much about you ?


My logon details involve a Customer number and a Password ( Forgot your
Password involves security questions
only I know)
I don’t doubt it can be done and that there are genuine victims to this type of fraud,
but I don’t believe it’s an easy thing to do.
One of the conditions for On Line banking is that we protect our passwords etc.,
So why would people tell so much about themselves on Social media? I think they could be considered to have contributed to the thefts.


It can be as simple as using anything that requires your real name and address eg posted mail to your mail box. Rubbish in your bin that has name and address on, a misdirected email, a failure of an online site to secure your details (lots of those have happened). The list is pretty big where they can harvest just enough to get your number ported, they don’t have to reside here either.

It is required in some cases to use the facilities that you provide a level of detail. If the site is hacked the data control (if it really ever did exist) is lost through no fault of the user. Medicare among other entities lost control of user data, the same has happened for other health records and so on.

As an example of how big the problem is:

Some advice from MoneySmart:

The reality is that if it was hard and cumbersome it probably wouldn’t happen so much, as the people who seek to use these means really are after the easy pickings. It isn’t that hard so the result is huge amounts of fraud that happen here and all over the World. You can take steps to reduce the risk but you can’t eliminate it.

From 2018:


Wouldn’t an easy way to prevent fraudulent porting would be for the Telco to call the requester back on the number requesting to be ported. If the number is not answered or the person answering the call doesn’t consent the porting, then it shouldn’t be done.

There is a risk that porting may occur with a stolen mobile phone…the person stealing the phone requests the porting to a new provider (usually takes 24-48 hours) and actions any fraud before it is reported as stolen. These risks are low unless one is not a everyday user of one’s phone and doesn’t know it was stolen.


What if they say they have lost the phone or the SIM and so can’t be called back on that number. There are ways of tightening up the system for sure but nothing in this area is perfect. We even have properties sold from under the owners without their knowledge, why doesn’t that cease to happen. We have imperfect systems we expect to produce perfect outcomes. While humans are in charge then human error will occur, but thankfully we have humans because machines/computers/automated systems may see us as the problem and remove us from the equation entirely.

1 Like

There are always for exceptions…but if there is a claim that the phone has been stolen, then an additional checking should occur.

It does also beg the question why someone would be reporting a stolen phone and also porting at the same time…one would assume that a stolen phone would have been reported separately…and later the number ported should a different carrier be required for any replacement phone.


Without a detailed report for each and every instance, who knows for sure? Do we even know how often errors in porting occur.

There is no need to repeat the details of our prior experience. 2012 is long past. Optus issued a replacement sim for an existing account to a customer who was in a different state with totally different identity, upon which the new users phone functioned as the genuine account owner.

It’s a long way between Alice Springs and Melbourne. The replacement sim was issued with the same number as the original account holder!

Optus advised there had been an error made by one of their staff, possibly through an in store transaction. That makes it even more dubious. It appears procedures still need to be improved across the industry.


Porting your mobile phone number requires you to quote your account number with the carrier, in addition to all the other information such as phone number and personal details, including residential address and billing address. This should make it extremely difficult for anyone but the account holder, or a very close family member, to initiate the mobile number port to another carrier.
Any phone company operator should know the basics of the process at the very least, and never give out such details to any enquirer without positively identifying them as the owner of the account.
Looks like yet another Telstra OOPS!


Never had to quote my account number with Optus, Telstra, Voda or ALDIMobile. I guess it is the operator you get who decides what proof they need.


Not even a call. By the sounds of the article it was an online text chat. Scary when you try to keep your digital hygiene up only for the telecoms and banks to let you down

1 Like

OH! This is NOT good! When I worked in this area (about 15 years ago now) these details were required to ensure both the identity and privacy of the customer requesting the MNP (Mobile Number Porting) which had only recently been introduced. It looks like the rules have been watered down since to make it simpler for the providers, without regard to the potential for fraud. Sigh! If customers understood the need to protect their own interests, then perhaps they wouldn’t complain about the degree of identity protection (that used to be) offered.


Have any of the Telcos initiated procedures to prevent porting of customers numbers ?

1 Like

I learned a few years ago that my phone service provider could require a password before I made any changes to the account. Set up the feature, and it turns out that ‘require’ is a little strong when most of their staff don’t even know about the password ‘feature’ and are not prompted to request it.


Typically when porting many of us are not talking with our current service provider. We are talking with our new prospective service provider (Telco). The latter really wants to make coming to them as simple and as attractive as possible. This includes taking care of the porting from your exisiting provider for you.

It all comes down to convincing your new provider of who you really are. Re my soon to be old provider, I don’t recall needing anything more than the phone number of the service to be ported. The rest depended on the two Telcos agreeing to the details of the requested transfer of number. Optus one on one previously indictated they rely on matching the customer identification details. Eg Name, service address, dob, DL no, etc.

Most customers probably still expect porting to be a near instant process or same day worse instance. Brand new $2,000 phone in hand and $120 monthly plan attached with a new 5G provider. How long would most of us wait today before we could use the new service?

Perhaps the really big question that needs to be asked is:
What actions have the Telcos taken to ensure the customer they are serving is the genuine customer?

Once upon a time Telcos made porting as difficult as possible. Not to prevent fraud. Simply a ploy to trap their customers. The ACCC stepped in. The rest is history.


When number portability commenced in the 1990’s, Optus was bitterly opposed to it and dragged their heels on providing their users with the ability to change carriers long after both Telstra and Vodafone had enabled it

Of course, as they full expected, long suffering Optus users deserted their third rate network in droves so as to get real coverage with Telstra.