Join the Community

21,920
Expert opinions
43,977
Total members
405
New members (last 30 days)
169
New opinions (last 30 days)
28,652
Total comments

SIM swaps - a growing problem with a SIMple solution

  0 1 comment

Suddenly there seems to be a lot more talk about SIM swaps. If you don’t know, this is when a fraudster, using social engineering techniques, dupes the victim’s mobile phone operator into porting the victim’s mobile number to a SIM in the possession of the fraudster and so starts receiving any incoming calls and text messages, including banking one-time-passcodes, that are sent to the victim’s phone number. Number porting is a common request and is therefore relatively easy for professional fraudsters to perpetrate

The fraudster can then perform transactions over a range of banking services such as Internet banking, and when the bank tries to verify the transaction via the mobile, by either a voice call or SMS, the fraudster is able to confirm it and the transaction is authorised. Intriguingly, there are significant regional variations – SIM swapping is does not appear to be an issue in the US, but relatively common in  Australia, Brazil, Malaysia, Mexico, Portugal, South Africa and increasingly so in the UK, for example. The US situation is interesting since it may well be that SIM Swap fraud, being more complex than card skimming, is either not prevalent (card skimming is easier to commit) or is not being reported.

SIM Swap fraud is a type of Spear Phishing (targeted) attack. It is more complex than Phishing (duping) and is particularly insidious. The bad news is that a fraudster has decided to target an individual and has sufficient knowledge of the individual’s personal details to be able to carry out these attacks. Also, because the attack is typically cross channel, individuals will not intuitively deduce that they are under attack - how many people would immediately suspect that their bank account was under attack if they suddenly stopped receiving calls on their mobile, for example?

The good news is that there is a technological solution to the problem. It is already possible to tell if a mobile number has been ported, then prevent transactions being authorised using that particular phone unless other indicators suggest the swap was in fact legitimate.

If the banks move quickly they can cut off yet another of the fraudster’s routes into our money and at the same time improve their own customer service. SIMple!

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,920
Expert opinions
43,977
Total members
405
New members (last 30 days)
169
New opinions (last 30 days)
28,652
Total comments

Now Hiring