Regulator Warns Telco for Failing to Investigate Spam

The Australian Communications and Media Authority (ACMA) named and shamed Symbio for failing to investigate suspected spam calls in a statement released yesterday. Per the ACMA’s announcement, they found…

…Symbio failed to investigate suspected scam calls it had been notified of by another telco in November 2021. Symbio investigated only 9 of the 777,268 calling line identifications provided to it.

Symbio also failed to investigate and trace the origin of other alleged scam calls as soon as possible, after it was notified of them in October 2021. Symbio only undertook traceback actions approximately 4 months after the notification.

Formal warnings were issued to two companies within Symbio Group: one to Symbio Wholesale Pty Limited and the other to Symbio Networks Pty Limited. The ACMA’s investigation report clarified that Symbio handles compliance obligations like these at a group level, so the separate warnings reflect a common weakness.

Symbio were incapable of satisfying their obligations because they lacked automated tools of a kind necessary to review more than a few calls at a time. They were tasked to investigate three CDR files that collectively included 1,916,041 CDRs which used 777,268 distinct CLIs for the apparent A-number. Symbio selected just nine CLIs for investigation by uploading the files into Excel then sorting the CDRs to identify the three most common CLIs from each file.

This is the first time a telco has been found to have breached Australia’s code for reducing scam calls, which was introduced in December 2020. The code requires telcos to identify and block scam calls, as well as share data with other telcos and conduct traceback activities to help determine the source of scam calls.

The Australian strategy for reducing spam calls is based on common sense. Some regulators expend too much effort on issuing fines when the monetary value of these fines rarely has much impact on a telco’s bottom line. More can be achieved by enabling peer pressure, especially from telcos that want to protect their customers from scams. Drawing attention to the telco’s failings also sends a signal to executives of other telcos with similar weaknesses. Elaborate and expensive industry-wide schemes to tackle spam and fraud will deliver poor returns if there are some telcos that still cannot execute the most basic checks and controls. It is better to consistently push for incremental piecemeal improvements by highlighting those telcos that lead the way, and shaming the telcos that lag behind.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.