Q&A: The Impact of eSIMs on Fraud Rates

Fitzwilliam Anderson
September 23, 2022

Earlier this month, Apple made headlines when it announced its plan to ditch the traditional SIM card in the iPhone 14. Since the announcement, we’ve received a ton of questions from customers about what, if any, implications this will have on Prove specifically and cybersecurity generally. To get the answers to these critical questions, I spoke with Prove’s VP of Authentication Bill Fish. 

So what’s happening exactly?

Bill Fish: Since 2018, Apple has had a hybrid approach to SIM cards, meaning that iPhones contain both a traditional SIM card that you can remove as well as support for eSIM cards. Moving forward, however, Apple plans to ditch the physical SIM card entirely and embrace a full eSIM model. Long story short: the iPhone 14 will be the first of its kind to have only eSIM capability. 

What’s an eSIM? 

Bill Fish: In many respects, the eSIM works exactly like the traditional SIM card with one major exception. Because the eSIM is embedded into the actual hardware of the phone, you can’t remove it with a paper clip or replace it manually when you travel. 

Why is Apple switching to eSIM?

Bill Fish:  An eSIM allows users to activate a new cellular plan digitally. This means you don’t have to purchase a new SIM card at the airport the next time you are going on an international trip. It also means that you can switch cellular service carriers almost instantly. T-Mobile is leveraging the eSIM to offer prospective customers a free 3-month free trial and smaller carriers are feeling bullish about the change to eSIM as well.  Beyond adding user convenience, embracing the eSIM gives Apple some much-needed space in the next iPhone. Because Apple is always on a mission to build thinner phones, every bit of hardware they can consolidate is a good thing in their eyes. 

What are the security implications of this transition? 

Bill Fish: Apple is feeling optimistic when it comes to eSIM’s impact on security. Kaiann Drance, Apple’s VP of iPhone marketing, explained that the eSIM makes devices ``more secure” because they can’t physically be removed if the device is stolen. While this is true, it is important to note that this is not the most common fraud vector. The bigger concern is traditional SIM swaps that take place remotely. 

Do you think the switch to eSIM will have an impact on the rate of SIM swaps?

Bill Fish: This is the million-dollar question. The logic behind the concern is sound: if the eSIM really makes it easier and faster for users to switch cellular plans, will fraudsters be able to conduct SIM swaps faster? Only time will tell but I think it’s important to underscore the fact that iPhones today already have eSIM capabilities so fraudsters can do this already. 

On the other hand, there are some experts in the cybersecurity industry who believe that this change will actually decrease SIM swaps: 

“Since there is no physical SIM card in an eSIM system, no one can fraudulently claim that their SIM card got lost or damaged as all the identity details reside in the owner's phone. eSIMs prevent cybercriminals from acquiring another SIM card or re-registering the number in their name.”

This narrative makes sense but fraudsters are an innovative bunch so you can be sure they will continue to wreak havoc regardless of Apple’s change in technology. 

What can companies do to fortify OTPs to reduce the impact of SIM swaps?

Bill Fish: Prove’s Trust Score™ is a real-time measure of phone number reputation that can be leveraged for identity verification and authentication purposes. Trust Score analyzes behavioral and Phone-Centric Identity™ signals from authoritative sources at the time of a potential transaction to mitigate fraud such as SIM swap fraud and other account takeover schemes. The important thing to emphasize about Trust Score is that it detects eSIM swaps as effectively as it detects the swap of old-school SIM cards. The main message for Prove customers who use Trust Score either as a standalone API or as a component of our Pre-Fill and Prove Identity solutions is simple: you're still protected from SIM swaps.

Keep reading

See all blogs
Prove’s Brad Rosenfeld Explains the New Customer Onboarding Process on Fast Company

No longer confined to top-of-funnel engagement and brand awareness, CMOs are now leading efforts to shape the entire customer experience journey.

Kaushal Ls
June 6, 2024
PYMNTS TV: Prove CEO Rodger Desai Explains Need for Phone-Based Approach to Authentication

Prove’s CEO Rodger Desai was featured recently on PYMNTS TV, where he met with PYMNTS CEO Karen Webster to discuss trends and shifts in the identity verification market.

Kaushal Ls
June 4, 2024
Prove’s Tim Brown Explains How to Reduce Fraud and Improve Onboarding with Identity Verification

Reporters from GreenSheet, a popular publication that highlights trends in the banking, financial services, and fintech markets, recently met with Prove’s Global Identity Officer, Tim Brown to learn how advanced identity verification solutions are driving faster and better digital customer onboarding.

Kaushal Ls
May 21, 2024