Prove Trust Score™: Fighting the Rising Threat of SIM Swap Fraud in the UK and Eliminating False Positives

The financial services industry is going through a once-in-a-lifetime upheaval. The pandemic has forced individuals to opt for digital transactions over face-to-face interactions. While this has led to a significant reduction in operational overheads associated with physical touchpoints, the explosive rise in digital transactions has led to an alarming rise in online identity fraud, often executed by fraudulently taking over the consumer’s phone. 

The UK particularly has been a victim of a massive spurt in cyber fraud in the recent past. A report by Atomik Research found out that 74% of financial institutions in the UK and the US experienced a significant spike in cyberthreats linked to COVID-19. About 37% of them believe their customers are now at greater risk of cybercrime or fraud. When it comes to security, one cannot underplay identity theft, account takeover, and online fraud. Stolen identity data invariably finds its way to the dark web, where it is bought by fraudsters to open mule accounts used to launder money and finance criminal activities. These threats have forced financial institutions to implement more stringent identity verification and authentication practices. However, strengthening fraud prevention often leads to an undesirable outcome—a high number of false positives resulting in deprecation of onboarding and servicing experience for genuine customers.

‘False positives’ severely hamper customer experience. New applicants and customers are denied access, or they are subjected to additional steps in identity verification and authentication, making the process cumbersome. One of the major reasons for false positives is fraudulent SIM swaps and the difficulty in identifying them before it is late. SIM swapping, also known as ‘SIM splitting’ or ‘SIM jacking,’ is a fraudulent activity where a fraudster takes complete control of users’ phone accounts by either porting or cloning their SIM without their knowledge. The instances of SIM swaps have been increasing globally. But the UK has seen an increasing number of SIM swap cases in the past few years. The highest number of SIM swap cases were recorded in 2018, where the cumulative loss was £2.9 million from 3,111 fraud cases. In the first half of 2020, 483 SIM swap cases were recorded in the UK, resulting in a loss of £839K; the average loss for a user amounted to £2,567. In 2015, there were just 144 cases of SIM swap fraud. Mobile phone companies in the UK have also come in for criticism after allowing the details of customers to be leaked. 

Currently, banks are tackling the SIM swap problem in collaboration with telcos by validating SIM swaps and porting data within a stipulated cut-off time. This supposedly gives the original phone owners enough time to contact their network provider when they discover that they have fallen victim to an unauthorized SIM swap. However, relying on a single data point on swaps and ports has many undesirable effects. Customers who have legitimately ported their SIM card fall into a false positive queue and are subjected to unnecessary delays in verifying their identity. 

What is required by financial institutions to address SIM swap fraud is a risk model that analyzes various device and phone number-related attributes from authoritative sources at the time of a transaction and indicates the level of trustworthiness. Such a model will use advanced algorithms on phone data and intelligence aggregated from multiple sources to assign a reputation score for the individual’s phone number—the higher the score, the higher the pass rate. A high score will also greenlight more genuine customers, thus eliminating false positives. 

The good news is that Prove’s Trust Score™, designed to detect and stop this fraud vector, is now available in the UK for enterprises. Trust Score is a real-time measure of a phone number’s reputation that uses behavioral and phone intelligence signals to measure fraud risk and identity confidence. When a Prove client asks if a phone number is safe to send a text message to or engage with, Prove will perform many real-time checks, including a SIM swap check, to calculate a real-time Trust Score. A low Trust Score is an indicator to apply the appropriate authentication policy, such as rejecting the transaction, not sending the 2FA code by SMS, or redirecting them to manual scrutiny by an agent. By identifying phone numbers that have been associated with a SIM swap or other suspicious activity, Prove stops would-be scammers in their tracks and prevents them from bypassing the two-factor authentication process.

Trust Scores run on a scale from 0-1000, with a higher number indicating a higher Trust Score. Trust Scores over 630 are typically considered ‘high,’ and scores 300 and below are categorized as ‘low.’ Some of the phone intelligence signals that Trust Score’s risk model examines include phone tenure (SIM tenure, tenure of device), line attributes (active number, number porting, mobile status, available network status, and line type), account activity (change event occurrence velocity), and device activity (device ownership tenure) to calculate the level of risk.

To maintain a superior customer experience, it is critical to ensure that genuine prospects and customers are not subject to cumbersome verification and fraud checks. Reducing false positives not only offers a seamless experience for the user but can also be one of the critical success factors in improving customer retention. Prove’s Trust Score™ ensures that this process is seamless for legitimate users.