By Beatrice Pickup
Staff at Vodafone call centres have broken the rules about security checks and left customers vulnerable to fraud.
Criminals posing as genuine customers have gained access to some accounts even though they failed to correctly answer security questions.
A whistleblower told the BBC it happens because of pressure on call centre staff to meet customer satisfaction targets.
Vodafone said it takes security “extremely seriously”.
In February, David Hart from Lincolnshire discovered Vodafone had given someone else control of his mobile phone number.
They had contacted Vodafone via the company’s online web-chat service and pretended to be him.
His phone number was switched to another network, allowing criminals to receive the text message from his credit card provider which authorised the purchase of a £9,000 Rolex watch.
“I don’t think customer service at Vodafone really understand how important a mobile phone is,” said David. “If I hadn’t acted so quickly clearly many more things would have happened.”
David cancelled his credit cards and contacted the retailer from whom the watch had been purchased to alert them to the fraud.
Vodafone later confirmed that the individual who posed as him had failed to provide the correct PIN and password and had failed the security questions.
It apologised and confirmed that its web-chat agents should have been more thorough during the initial security process.
A whistleblower who works in a Vodafone call centre has told Radio 4’s You & Yours they have seen evidence of other, similar breaches.
“I get people coming through to me who become very upset when I don’t give them access to an account,” the whistleblower said.
“They claim that they got access the last time and I can see that’s true, and they sometimes even phone back and get another agent before I’ve finished my notes and closed the account, and I can see they’re being given access by someone else.”
The whistleblower said call centre staff were trying to keep customers happy to protect their bonuses, at the cost of security.
They described a customer satisfaction survey that is sent via text message to customers after a call has finished.
The first question is “would you recommend Vodafone?” and the customer has the option to choose a score out of ten.
The whistleblower said that a score of 9 or 10 means a 100 percent outcome for the customer service agent. A score between 5 and 8 would be zero, and anything below 5 would result in a rating of minus 100percent for that call.
Vodafone customer service agents can receive monthly bonuses worth up to £150 for high customer satisfaction scores alone.
However, low scores can also result in them being placed on action plans to improve their performance.
In relation to David Hart’s case, Vodafone said it has since “enhanced its security controls” so that authorisation codes for switching an account will only be provided if a caller accurately answers the security questions and has access to the mobile telephone in question.
The company said that data protection forms a major part of a customer service adviser’s training.
It takes non-compliance “extremely seriously” and disciplinary action is taken if any individual is found not to have followed its procedures.