Jurisdiction

The customer requested to swap a SIM card to an eSIM for her mobile number.  The scheme member’s fraud team requires in person verification for this process. The customer considers this unnecessary and, as she was overseas till late 2024, would cause unreasonable delays. 

The customer requests an immediate eSIM swap and seeks compensation for disruption to her business because of the delays caused by the in person verification process as required by the scheme member. The customer estimates that she has suffered losses in the thousands due to missed project deadlines and unmet client expectations and that this could have been avoided had the scheme member agreed to verification by phone. 

The scheme member submits that the complaint should be excluded pursuant to the Terms of Reference as follows:

10:   to the extent allowed by law, a claim or claims for compensation based on indirect loss (including loss of profits), punitive damages, pain or suffering, loss of reputation, inconvenience, humiliation, mental distress, and costs involved in compiling or pursuing a Complaint;

I agree. TDR does not have the ability to award costs for the indirect costs the customer seeks. 

While compensation can’t be awarded, the complaint cannot be excluded in its entirety as the customer complains that the scheme member’s verification process has fallen below her expectations for customer service and that it has breached consumer legislation. 

The matter will proceed to mediation and adjudication where the merit of the complaint will be considered. The adjudicator can consider whether any breaches of the relevant Codes or consumer legislation have been breached. 

The customer may wish to consider if she wishes to proceed with the dispute knowing that TDR will not be able to award the costs he seeks.

Dispute outcome

  1. TDRs determination is that the customer’s complaint is not upheld.

Dispute

  1. The customer complains about a provider’s decision not to provide her with an e-SIM and personal information she had requested.

Final determination

  1. In making this determination TDR have considered the information provided by the customer and the provider and:
  • Fairness in all the circumstances
  • The Privacy Act 2020
  • The Consumer Guarantees Act 1993
  • The Fair Trading Act 1986
  • The Human Rights Act 1990
  • The Telecommunication Forum’s Customer Care Code and the scheme member’s Customer Care Policy.
  1. Having reviewed the submissions provided by the customer and the provider, TDR is satisfied that there is no settlement of the dispute.
  2. The reasons for the decision, along with the background to the dispute and the positions of the parties, are set out below.

The dispute

  1. During 2024 the customer was overseas, she contacted the provider requesting it provide her with an e-SIM.
  2. The provider advised the customer that it was unable to proceed with her request, and asked her to visit a store upon returning to New Zealand.
  3. The customer raised a formal complaint about this, to the provider but the provider confirmed its decision, saying this was for security reasons.
  4. The customer alleged the provider’s decision breached various legislation and requested access to her personal information. The provider declined her request, again for security reasons and asked her to visit a store.

Positions of the respective parties

The customer’s position
  1. The customer says the provider has breached the Consumer Guarantees Act because it failed to carry out their request for an e-SIM in a reasonable timeframe.
  2. The customer also says that the provider breached the Fair Trading Act by asserting there was no alternative to in-person verification.
  3. The customer claims that the provider has discriminated against her because she is a Muslim residing outside of New Zealand, and says the identity verification processes are discriminatory against overseas customers.
  4. The customer also says the provider has breached the privacy principles because she has been verified over the phone but it insists on in-person verification.
  5. The customer says she has suffered financial loss because she has been unable to communicate and conduct her business affairs.
The provider’s position
  1. The provider has declined the customer’s request due to concerns about security and the risk of fraud. It says prepaid accounts are easily manipulated and the customer’s prepaid account is high risk because of the little usage and no roaming. It also says that shortly before the request for an e-SIM was submitted, the customer’s details were changed in the online account. For these reasons, its fraud team declined the request for an e-SIM.
  2. The provider says it has discretion whether to approve e-SIM swaps, and it is not obliged to provide this service. It also points out that its Prepaid Terms exclude liability for the losses the customer has claimed.

Reasons for the decision

  1. Just as a consumer can decide who they do business with, so too can a service provider decide whether it will provide services to someone, and on what terms. Telecommunications are not a protected service where legislation or regulation requires providers to supply services to any consumer who requests them.
  2. The provider will have its own internal policies and procedures for determining who it will do business with and what products or services it will provide to them. Those policies must not breach any law, but it is acceptable for service providers to decline to provide services where the request falls outside of their risk appetite.
  3. A provider’s risk appetite includes the risk of fraud or misuse of its services. Telecommunication services can be used by criminals to carry out cyber attacks and scams, and the provider’s duty of reasonable skill and care requires it to act to protect against such harms. While this may unfortunately result in services being less accessible than customers may desire, this is a necessary measure to combat criminal activity. 
  4. TDR has reviewed the customer’s allegations that the provider breached various legislation, and we are unable to agree with her points. The simple fact is that the provider is not required to provide her with the service she requested. Given the decision was made with regard to the provider’s assessment of the related risk, its decision was not a failure to provide services with reasonable care or discriminatory. Nor does the fact that the phone was verified compel the provider to provide the customer with the service she has requested.
  5. The provider is required by clause 10.2 of the Customer Care Code and its own customer care policy to treat customers with respect and in a fair and courteous manner, and to work in a constructive and collaborative manner when engaging with customers. But again, this does not mean the provider was required to approve the customer’s request. Although the customer would not agree, TDR consider the provider met its obligations by promptly advising the customer of its decision and the reasons for that decision.
  6. The customers losses are not something TDR can compensate her for. The providers terms disclaim liability for this type of loss, and our terms of reference provide that we cannot consider claims for indirect losses, including loss of profit, reputational damage, distress and inconvenience.
  7. TDR suggests the customer seek advice from the Privacy Commissioner about the provider’s response to her request for personal information. 

Responses of the respective parties to the proposed determination

  1. The customer did not respond to the proposed determination.
  2. The provider accepted the proposed determination.

Conclusion

  1. As neither party has provided any response which would cause TDR to reconsider the findings of the determination, TDR confirm that the customers complaint is not upheld