20.5k unique visitors in the last 3 days

Woman Sues Telco over SIM Swap Theft of Bitcoin Now Worth $1.3mn

A key part of the legal fight related to whether telcos can use contract clauses to mandate the use of arbitration when there is a dispute over compensation.

Should the legal system force telcos to defend themselves from claims of negligence in open court, even if a contract with a customer says disputes will be settled through arbitration? That is one of the arguments being tested in Canada by a lawsuit that asserts mobile operator Rogers and store manager Match Transact negligently allowed a SIM swap fraud which cost the victim CAD534,000 (USD391,000) in bitcoin stolen during 2021. That amount would be worth CAD1.8mn (USD1.3mn) at bitcoin’s current valuation.

The suit brought by Raelene Vandenbosch of British Columbia (B.C.) highlights how the province’s law has since changed to prevent telcos imposing binding arbitration agreements on customers. It also presents a public interest argument for transparently examining business practices when flaws may also affect other customers, per the detailed reporting of local news provider Sooke News Mirror.

Vandenbosch’s central argument for why she should not be required to go through arbitration rests on amendments the B.C. government made to the Business Practices and Consumer Protection Act in March.

The B.C. government amended the legislation so cell phone companies can no longer impose these agreements on customers, arguing forced arbitration hurts consumers.

Vandenbosch contended that these new rules must be retroactively applied to her case.

Judge Anita Chan of the British Columbia Supreme Court disagreed. However, she did rule that the public interest permitted one aspect of Vandenbosch’s case to be pursued in open court.

In her decision, Chan offered one caveat: the case can proceed under a section of the Business Practices and Consumer Protection Act that allows for resolution in the public interest.

This section predates the spring rule changes and allows for a judge to order a company to publicly accept responsibility or make changes and restore “any money or other property or thing” that was acquired through activity found to violate the act.

Vandenbosch alleges her bitcoin was stolen after a fraudster that pretended to be from Rogers contacted a Match employee working in a kiosk in Montreal. The fraudster persuaded the Match employee to share their computer screen, effectively giving the fraudster visibility of information about Vandenbosch’s phone account. It seemingly did not occur to the Match employee to challenge the reasons for a Rogers employee to request information about a Rogers customer based over 4,000km away, nor did the store exercise a strong enough protocol to determine if they were speaking to a genuine Rogers employee or not. Rogers is also blamed for permitting so much customer data to be freely accessible to people working in Match’s stores.

This case revolves around the specific laws that apply in British Columbia but the issues are general in nature. Telcos are trying to limit their liability for SIM swap crimes by placing contractual limits on how customers seek redress. One of these limitations prevents customers warning the rest of the public about security failures. Meanwhile, privacy infringements remain rife. How many times have we heard that protecting customer data ranks as a telco’s highest priority? You would never form that impression based on the litany of data breaches and data thefts that are reported each month. The theft of large amounts of cryptocurrency through SIM swaps has been so common that there are law firms which specialize in representing cryptocurrency SIM swap victims. In such circumstances, it is unsurprising that legislators in places like British Columbia might stop comms providers using arbitration clauses to reduce their own risk by effectively increasing the risk borne by their customers.

Instead of managing risk by hushing up bad news and restricting the legal options available to victims, telcos might be better off refocusing on the root cause of these crimes: lax controls around data. The phrase ‘restoring trust’ gets repeated a lot these days. The widespread use of mandatory arbitration contract clauses suggests telcos continue to attach more importance to different objectives than the restoration of trust.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email