You can make the higher level person liable for their passcode usage. It’ll only take a few examples to be made for them to change their approach.
This whole two person security thing being untrusted seems silly however, as that’s what nuclear missile silos typically use to avoid rogue actors. Why it won’t work here seems odd, if you put the right punishments in place.
Nuclear missile launches are a very, very far cry from phone company customer support operations.
To engage the comparison nevertheless, at least regarding silos, the two person rule is physically enforced using space itself. You could collude, but the likelihood of two people getting to that point and then going through with it is so infinitesimally small as to be, essentially, purely academic.
The risks to one or two actors fraudulently SIM swapping someone’s line are much, much different.
Proportionality matters as much here as anywhere. What would a sufficient deterring punishment look like in this case that would make others think twice? People have already lost their jobs and been tried under existing law for this and it continues to happen.
This whole two person security thing being untrusted seems silly however, as that’s what nuclear missile silos typically use to avoid rogue actors. Why it won’t work here seems odd, if you put the right punishments in place.