Blog

SIM Swap Fraud is Preventable – Why Aren’t More Companies Doing Something About It?

Post by:
Prove
February 5, 2020
Post by:
No items found.
February 5, 2020
SIM Swap Fraud is Preventable – Why Aren’t More Companies Doing Something About It?

By now, you might already know that SIM swap fraud is a major problem that can't be ignored. It's on most fraud executives' radars, not to mention in the news nearly every other week. According to the Wall Street Journal, investigators say they know of more than 3,000 SIM-jacking victims, accounting for $70 million in losses nationwide (the real numbers are likely much higher considering that many cases go unreported).

Congress is also getting involved to battle this epidemic. Last week, Senator Ron Wyden published a letter to FCC chairman Ajit Pai calling on him to take action to protect consumers against number porting (a.k.a. SIM swap) scams. In Canada, the CRTC also issued a similar letter to the Canadian Wireless Telecommunications Association echoing these concerns. On top of all this, Princeton just released a study finding that top U.S. mobile carriers were vulnerable to SIM swapping tactics.

Now you know that SIM swap fraud is a serious threat to you, your company, and your customers. What you might NOT KNOW is that there is an effective, easy-to-implement way to prevent SIM swap fraud.

A different way of looking at SIM swap fraud


The focus of the Princeton study, Senator Wyden’s letter, and really most of what has been written on the internet about SIM swap fraud has been the role that mobile carriers play in attackers carrying out fraud. As evidenced in these writeups, the step where hackers dupe customer service agents into swapping their SIMs is vital to the attack being successful. But it’s also very difficult to prevent because it involves humans, and specifically customer service agents, who are trained to be as helpful as possible. But upon further inspection, this step is not where the actual damage is done.

In most cases, the actual damage – theft of funds, hijacking of a social media account, or theft of cryptocurrency – occurs after the fraudster actually goes to log into the victim’s accounts using the phone number he has just taken over. So technically, just taking over your phone number is not enough. In order to really inflict damage, a fraudster also needs to log into your accounts.

An opportunity to stop SIM Swap fraud in its tracks


This is where Prove’s patented Phone Intelligence comes into play. When the fraudster goes to log into the victim’s account, the business (whether it be a bank, crypto platform, social media platform, or other kind of enterprise) can use Phone Intelligence to detect that a SIM swap has taken place and block the fraudster from taking nefarious actions.

Consider this scenario involving a cryptocurrency exchange:

  1. The fraudster steals the username/password of the victim and logs into the cryptocurrency exchange.
  2. Fraudster takes over victim’s phone number through aSIM swap attack.
  3. With Payfone enabled, the cryptocurrency exchange can call our APIs to see if a SIM swap has occurred on that account.
  4. If a SIM swap has occurred, the cryptocurrency exchange routes the user to further inspection before granting them access to the account.
  5. Because accounts can be locked before any damage can be done, the cryptocurrency exchange is able to shut down hackers before they can do harm, safeguarding their users’ cryptocurrency.

Why CX and digital executives should also take note

From a customer experience standpoint, Phone Intelligence has the additional benefit of creating a more seamless experience for legitimate users. Since many SIM swaps are legitimate (in 2018, there were 90 million ports and 100 million device upgrades in the U.S.), simply detecting SIM swaps and hitting anyone who has swapped their SIM with a ton of friction can be significantly damaging to your customers’ experience and, in turn, customer satisfaction. Enterprises must be careful not to slow down the experience for customers who may have legitimately ported their numbers or upgraded their devices. By analyzing the contextual behavior and time of a SIM swap, Payfone provides a more sophisticated and nuanced approach to thwarting SIM swap fraud. As a result, you can offer a faster and easier experience for good customers while identifying potential bad actors and subjecting them to further inspection.

It’s also important to note that customers of businesses who do not use Payfone have to jump through considerable hoops if they want to go the DIY route to protect themselves against SIM swap fraud. There are numerous articles that give recommendations on how to do this (calling your mobile carrier, setting up a pincode, then setting up a longer 16-digit pincode, etc.) but not only is this time-consuming, these precautions are totally ineffective when hackers break directly into telecom companies to swap SIMs.

The Bottom Line: Implementing technology that not only safeguards your customers against SIM swap attacks but also betters their experience is an investment. However, it’s an investment that can not only help you avoid losing customers, but also to attract new customers by differentiating your company as one that cares about their security, convenience, and experience.

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.

Create secure frictionless customer experiences using modern identity solutions

Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.

Keep Reading...Read our latest white-paper on this subject!

Tap the button below to read our latest white-paper on the subject as industry leaders.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.

Create frictionless customer experiences

Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.

Schedule a demo

Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.

Schedule a demo

Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.

Interested in more information about Prove Pre-Fill?

Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.

Interested in more information about MFA?

Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.