Fraud & Identity Featured Article

Solving SIM-Swap Fraud: Monitoring is Key

By Michael Guta Contributing Writer

Every new technology designed to make our lives less complicated and more efficient comes with a great risk of criminals exploiting the vulnerabilities within these systems. Case in point is the rapidly growing SIM-Swap fraud. Many banks have a policy in place that requires them to verify a caller’s identity by checking the SIM card they’re calling from. However, criminals have identified a vulnerability in this system and, unfortunately, they’re exploiting it to drain entire bank accounts of customers around the world.

What is SIM-Swap Fraud?

This is a type of fraud in which criminals register the current number of a legitimate customer on a new SIM card. If you happen to use your mobile phone for banking or other financial transactions, the fraudster is able to intercept vital information that allows them to gain access to your bank, credit cards and other personal information. And for banks that use your phone or the SIM for authentication, they will be able to withdraw, transfer or purchase from your account at will.

In many cases, this type of crime is committed by criminal groups with unintentional inside help from financial organizations and network operators to get the information that is needed to obtain a new SIM card by posing as the owner. Of course, the organizations have no idea they’re not speaking to the actual owner, and would never knowingly participate in fraudulent activity, but it is fairly easy for fraudsters to use this method to gain access to account information.

What’s Being Done to Stop it?

Clearly, SIM-Swap fraud is a growing problem that needs to be stopped. Luckily, several mobile security companies exist to help fight this issue through better authentication methods. Most recently, Myriad Connect came out with a new service that provides real time monitoring of SIM cards. According to the company, it uses USSD (Unstructured Supplementary Service Data) authentication so the inside collaborators in banks and mobile service providers cannot tamper with the technology. With USSD, there is a clear audit trail, so no persistent data is held with any third party, greatly improving the security of transactions that may be vulnerable to SIM-Swap fraud.

Several other companies, both mobile security providers and financial institutions alike, provide similar services to deal with SIM-Swap fraud. On the banking side of things, Santander is well-known for its SIM swapping solution, and even received recognition for its efforts when it received the Banking Technology award in 2013.

There’s no need to be concerned if you don’t use Santander as your bank, though. There are other companies that make stopping fraudulent activity their job, and they’ve gotten very good at it. iconectiv, for example, has several authentication-based solutions that make it harder for fraudsters to walk into Verizon (News - Alert), for example, pretending to be someone they’re not. Preventing SIM-Swap fraud is really all about stopping that problem at the source, which means making it as difficult as possible for fraudsters to lie about who they are to phone operators and financial institutions.

The challenge of protecting SIM cards is explained by Paul Kingsbury, VP Business Development at Myriad Connect. He goes on to say, “Even the National Institute of Standards and Technology in the US has identified that SMS is a risk. It is not fit to secure financial services as it can be vulnerable to man-in-the-middle attacks such as SIM-Swap.  It poses a challenge for operators as there is no audit trail, opening a door to large scale fraud through a single point of failure.”

Through better, more careful authentication methods like the ones iconectiv (News - Alert), Myriad, Santander and a variety of other companies offer, the growing problem that is SIM-Swap fraud will hopefully slow down, and eventually be defeated altogether.