Technological advancement in mobile has transformed the convenience quotient for people, especially in the payments and financial space. More people are increasingly transacting via mobile banking. As per data experts Caci, 25 million people in the UK, i.e., approximately half the country, are using mobile for banking activities. But, there is a flip side to this convenience quotient—fraud. The number of fraud cases has consistently increased over the past few years. As per the City of London Police, over 453,495 reports were filed in the last 13 months, resulting in financial losses to the tune of £2.4 billion through fraud and cybercrimes. One of the fraud techniques that has particularly stood out is ‘SIM swapping.’
SIM swapping, also known as ‘SIM splitting’ or ‘SIM jacking,’ is a fraudulent activity where a fraudster takes complete control of users’ phone accounts by either porting or cloning their SIM without their knowledge. First, scammers trick victims into divulging personal information about themselves and then socially engineer customer service representatives to take over a victim’s phone number by having them transfer the number to a SIM card in their possession. Once they’ve done this successfully, the fraudster has complete control over the unsuspecting victim’s phone number, allowing them full access to their accounts.
While victims are at risk of having their accounts drained or having their social media handles taken hostage, the harm to the service providers who failed to protect their users against these kinds of attacks ranges from significant reputational damage to liability for lost funds to the risk of losing users to more secure competitors.
The instances of SIM swap have been increasing globally. But the UK has seen an increasing number of SIM swap cases in the past few years. The highest number of SIM swap cases were recorded in 2018, where the cumulative loss was £2.9 million from 3,111 fraud cases. In the first half of 2020, 483 SIM swap cases were recorded in the UK, resulting in a loss of £839K; the average loss for a user amounted to £2,567.
Over the years, telecom service providers have implemented several safeguards to prevent mobile-related fraud. However, fighting sophisticated SIM card-related fraud requires leveraging the power of mobile intelligence. Enterprises with SIM swap detection technology may have visibility into the fact that a SIM swap has occurred. However, they cannot see when the event took place, which is a major factor in differentiating fraud from a legitimate transaction. Since many SIM swaps are legitimate, enterprises do not want to slow down the experience for customers who may have legitimately ported their numbers or upgraded their devices.
What is required to address SIM swap fraud is a risk model that analyzes device and phone number-related attributes from authoritative sources at the time of a transaction and indicates the level of risk.
The good news is that Prove’s Trust Score™, designed to detect and stop this fraud vector, is now available in the UK for enterprises. Trust Score™ is a real-time measure of a phone number’s reputation which uses behavioral and phone intelligence signals to measure fraud risk and identity confidence. When a Prove client asks if a phone number is safe to send a text message to or engage with, Prove will perform many real-time checks, including a SIM swap check, to calculate a real-time Trust Score™. A low Trust Score™ will tell Prove clients to apply the appropriate policy, such as not sending the given SMS. By identifying phone numbers that have been associated with a SIM swap or other suspicious activity, Prove stops would-be scammers in their tracks and prevents them from bypassing the two-factor authentication process.
Trust Score™ has the additional benefit of creating a more seamless experience for legitimate users. One of the main complaints that consumers have about accessing online services is that proving their identities through passwords, knowledge-based authentication, and SMS one-time passcodes is cumbersome and time-consuming. Prove overcomes this trade-off by using advanced analytics to make logging into online accounts as easy for real users and impossible for scammers.
To understand why so many leading companies are using Trust Score™ to secure their customer experiences, download our report of critical vulnerabilities we uncovered by using Trust Score™ to analyze 385,000+ MFA transactions here.