According to the U.S. Fairtrade Commission, cases of SIM swap fraud have increased by more than 150% since 2013. Now, with more than 2,658 cases a year, the fraud is becoming increasingly popular for its sheer simplicity. But what is it exactly and how can it be prevented?
SIM swap fraud
SIM swap fraud is a method of gaining access to bank accounts, credit card numbers and other personal data. It involves a scammer impersonating their victim and convincing their mobile network to activate a new SIM card. Effectively, it gives fraudsters control of the victim’s phone number.
The scammer is then able to reset banking passwords by using security details sent to the victim’s phone and make payments using mobile apps. Often bank accounts are quickly emptied and loans are applied for in the victim’s name – causing a huge amount of damage before the victim is even aware.
How to identify SIM swap fraud
As it is tough to detect SIM swap fraud, quick identification is key. Most victims will realise the fraud has occurred when calls and texts fail to go through, as the ‘old SIM’ has been disconnected, but other tools are available to larger organisations. Banks, for instance, are using behavioural analysis technology to identify a compromised device, ensuring the victim is immediately notified and requests from the device are blocked.
What should banks and mobile operators do to adapt their authentication processes?
- Invest in security technology
- Put extra security questions in place that cannot be answered through personal details from social media
- Adequately train contact centres and customer services teams to better identify fraudulent activity
- Drive awareness of the growth of SIM swap fraud, along with guidelines that help customers protect themselves
- Send SMS notifications of a SIM swap request, alerting the victim of attempted fraud
- Enforce a SIM swap delay, requiring a delay between a SIM swap request and when the request is done to give subscribers time to halt the process
How can SIM swap fraud be prevented by the customer?
- By limiting how much personal information is revealed on the internet, such as:
- Date of birth
- Telephone number
- Current and previous places of residence
- Family names
- Asking banks to share statements via multiple channels (e.g. SMS and e-mail alerts) to increase the likelihood of victims noticing fraudulent behaviour
- Being aware that banks will never ask for internet banking passwords or PIN numbers via email or over the phone
- Using a separate e-mail address for online banking and social media accounts, adding an extra layer of security
Banks should work more closely with mobile networks to make historical customer data available. Using this data, a bank’s fraud prevention software can help verify authentic transactions and communications, building better practices in combating SIM swap fraud. Banks can then utilise trigger based communications to notify the victim that a scam has been detected, resulting in faster response times to fraudulent behaviour.
For more on mobile fraud, click here.