Mobile phones and other devices have become integral to business, education, and socialization. According to research conducted by Deloitte, mobile phone penetration is at 91% in developed countries, and 90% in developing countries. Mobile phones have become an integral part of daily life in nearly every country around the world.
Each of these mobile devices contain a physical SIM card and there is a growing trend towards the use of dual SIM devices (both physical and or eSIM). Dual SIM card device usage is most prevalent in India (66%) and Indonesia (65%), but there are similar growth trends in Brazil (36%), the Philippines (35%) and across Europe.
With the arrival of eSIM cards and the growing popularity of dual SIM devices that enable users to have multiple subscriptions, mobile operators’ SIM strategies are going through rapid transformation to keep up.
A relatively new form of fraud that targets the theft of SIM cards (particularly eSIM cards) is becoming an increasingly complex problem for mobile carriers to manage. In this article we'll take a closer look at what SIM card swap fraud means for telcos, and how it can be prevented using modern ID verification processes.
For context, an eSIM card is embedded directly into a device and can connect the user to any mobile carrier offering eSIM services. They offer a host of benefits to both the operators and outside stakeholders from across the entire telecommunications market.
For consumers eSIM enables faster and easier connection of devices onto mobile networks and easy addition or change of service providers over time. All this paves the way for enabling new appealing mobile device categories such as watches and other wearables and for business or personal travel.
For service providers, eSIM means less costly logistics compared to traditional SIM cards. In addition, there is an improved customer journey and new customer acquisition and retention capabilities.
On the downside, as more consumers move towards swapping between SIMs and leveraging eSIM to meet their needs, it is this very process of activating a new SIM card that’s highly susceptible to fraud for both the consumer and the carriers that provide the service.
SIM card swap fraud has grown to be a costly problem that telco companies simply cannot manage on their own.
SIM swap fraud occurs when a fraudster takes over someone’s phone number and has it transferred to a SIM card that they are in possession of. To accomplish this, they will contact the victim’s mobile phone company and convince them they are the legitimate SIM card owner. This is typically achieved using a combination of personal information gathered from a data breach, targeted hacking, or information that’s publicly available on social media.
The fraudster will ask to swap the SIM card linked to your device and transfer it to a card that they own. Another tactic is to ask for a porting authorization code (PAC) to move your number to a different carrier.
Now the hacker can intercept bank authorizations sent by SMS. Multi-factor authentication involving SMS code verification is also easily bypassed since they control your phone number. They never have to touch your phone to successfully commit this type of fraud.
A recent Princeton study on SIM swap fraud examined the authentication procedures used by five prepaid wireless carriers when a customer attempted to change their SIM card. The study revealed that all five carriers had serious authentication vulnerabilities that rendered them susceptible to SIM card swap fraud.
Although most carriers are aware of the threat that this type of fraud poses for them, few take the necessary steps to properly prevent it from occurring.
As a consumer, falling victim to SIM swap fraud can introduce a variety of complications. Not only will your service stop working, but you’ll find that many of your other personal accounts will be compromised as well. Your bank account will likely be the first target for a fraudster, so it’s crucial that you alert your bank as soon as you discover that your SIM card has been compromised.
For mobile carriers, the costs of SIM swapping can be equally as detrimental. Your reputation as a secure service provider can be tarnished if customers are repeated reporting fraudulent activity. If fraudsters become aware of the vulnerabilities in your authentication process, it will give them even more of a reason to target your customers.
Criminal fraud continues to evolve. This makes it vital for businesses to research, analyze, and implement new defenses. Behavioral biometric authentication such as device fingerprinting and facial verification provide a much more secure option.
When seeking an account-takeover solution, look for the following features:
Vesta’s Account Protect supports risk-based assessments to either invoke a biometric authentication (fingerprint, face ID) or a 2-factor authentication challenge. We use our machine learning algorithms to identify and prevent account takeovers in real time, stopping unauthorized activity before it happens, while protecting Personally Identifiable Information (PII).
If you want to protect your customers and your business from the threat of SIM swap fraud, you’ll want an account takeover solution that can’t be circumvented by clever fraudsters.
Many people are unfamiliar with SIM card swap fraud. Yet more than 90% of the global population has a smartphone or other mobile device, and in many cases, consumers own more than one device or SIM card that can be susceptible to fraud.
Vesta is a global fintech pioneer in payment and account fraud protection. If you are concerned that your current fraud prevention tools aren’t enough to stop account takeover fraud from occurring, you may consider looking into our Account Protect solution. Contact us today for a free demonstration to learn how we can fortify your defenses eliminate the cost of fraud.