Phone theft is when someone steals your phone, often with the intention to resell it or steal your identity. Whether your phone gets plucked from your back pocket at a dark bar, grabbed from your hands on a crowded subway, or stolen at gunpoint, the victim’s experience of phone theft ranges from terrible to down-right terrifying. Unfortunately, for many victims, phone theft goes from bad to worse when it leads to identity fraud. That’s why it’s included in Prove’s list of 8 major fraud types.
People often have their phones stolen while traveling and during the holidays.
When Jocopo de Simone’s phone was stolen from his pocket on London Bridge, he never expected the crime to make headlines. That’s ultimately what happened, however, when shortly after his phone was stolen, his bank account was drained. Jocopo was flummoxed as to how a pickpocket could gain access to his life savings but felt confident he would be reimbursed. When the bank refused to reimburse Jacopo, citing gross negligence, the police and an investigator from the Financial Ombudsman Service (FOS) had to get involved. While the bank claimed that Jacopo must have shared his PIN with someone else, Jacopo swears he did not. If Jacopo is telling the truth, the question then becomes: how are phone thieves bypassing security controls to not only access a user’s smartphone (typically protected by a PIN and facial recognition) but also the user’s banking apps?
According to cybersecurity expert Dr. Jessica Barker, there is an established playbook that fraudsters use to defraud victims via phone theft:
After stealing a victim’s savings, fraudsters can wreak havoc by accessing their other digital accounts. They do this by requesting password resets for commonly used banking, investing, and crypto platforms and waiting for the OTP to be sent to the stolen phone. With the OTP sent to the stolen phone, they can easily reset the account’s password, gaining complete control. This part of the fraud vector resembles SIM swap fraud.
There are a few very important rules every smartphone user should follow to protect themselves against this unique fraud vector.
Banks, financial institutions, and companies all play a critical role in protecting customers from fraud that stems from smartphone theft. When the victim contacts their mobile carrier to suspend the phone line and conduct a SIM swap, Prove’s Trust Score and Trust Score+ will detect these changes. By leveraging these metrics in their decisioning flow, banks, financial institutions, and companies can opt not to send OTPs to these phone numbers. As a result, companies can prevent a simple phone theft from turning into a devastating fraud event.
Trust Score+ is a dynamic metric that evaluates a phone number’s reputation in real time, providing an effective means for identity verification and authentication. Trust Score+ scrutinizes signals from authoritative sources during a transaction to detect and deter fraud, such as SIM swap fraud and other account takeover schemes. This score can be used across various scenarios to secure the customer experience.
A common application of Trust Score+ is to determine the trustworthiness of a phone line before sending a one-time passcode (OTP), which helps to identify potential risks like an insecure VOIP line, SIM swap, and low SIM tenure. Companies can make an informed decision about sending OTPs by checking the Trust Score first. For example, if the score indicates a recent SIM swap, the company may choose to verify the consumer's identity using an alternative method instead of sending an OTP.
The scores range from 0-1000, with a higher score indicating a higher level of trust. Scores over 630 are typically considered 'high', while scores of 300 and below are categorized as ‘low’. Trust Score's risk model considers various phone intelligence signals, such as phone tenure, line attributes, account activity, and device activity, to evaluate the level of risk associated with a phone number.
Phone theft is a serious problem that can lead to various issues for victims, including identity fraud and stolen funds. Fraudsters use an established playbook to bypass security controls to access users' smartphones and banking apps. To protect oneself from phone theft, it is essential to exercise discretion when using a phone in public places, fortify the phone by using two different PINs for the phone and banking app, and know how to remotely ‘wipe’ your phone and restore it to factory settings. Companies can protect users and their bottom line by leveraging dynamic metrics like Trust Score and Trust Score+ to determine the trustworthiness of a phone number before sending OTPs, thereby preventing phone theft from turning into a devastating fraud event. By taking necessary precautions and being vigilant, individuals and companies can protect themselves from the damaging effects of phone theft and identity fraud.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.