How SIM Swapping Fraudsters Threaten Digital Identity

Did you know that a fraudster can port your mobile number and gain access to your bank account in minutes? It’s true – and it happens every day. SIM swap fraud is an imminent threat to the security of financial data. Phone number data intelligence can help strengthen and validate the user verification process, reduce fake accounts, inform risk models, improve conversions and accuracy of collected information and even determine the optimal channel for message delivery. 

TeleSign joined NICE Actimize’s X-Sight Marketplace Innovation Spotlight Series for a webinar to discuss digital acceleration and expanded fraud activities in the financial sector. In the webinar, we covered: 

• What is a SIM swap attack
• Why it’s important to stop SIM swap attacks
• How to protect your business and customers from becoming a victim 

If you missed the webinar, you can watch it on-demand. We didn’t get all the great questions answered during the webinar, so here are the answers to the questions we missed. 

How to Address SIM swap attack fraud 

What industries are typically targeted with a SIM swap attack? 

SIM swap is largely a social engineering attack designed to exploit mobile carriers’ security and take over a customer’s mobile device. Since devices are used to authenticate a customer, any company that uses a mobile phone as a security factor check can be vulnerable to SIM swap. Due to the effort involved and the precise nature of the attack, finance, FinTech and other high value targets are most vulnerable, since account takeovers with access to personal data and bank account information can mean significant financial losses to businesses and the user. 

What are phone identifiers in a SIM swap fraud attack? 

TeleSign’s PhoneID API is a REST API that provides a cleansed phone number, phone type and telecom carrier information that can be used to determine which phone numbers are a potential fraud risk, and what the best communication method for a phone number is (voice, SMS). 

In addition to SIM swap, we look at: 

• Call forwarding activities
• When a number was deactivated and by which carrier
• How closely the name and address for a submitted phone number matches the name and address on file with the carrier
• Whether the phone is prepaid, post-paid, who the primary account holder is and how long the status has been maintained.
• Porting history and status 

Does SIM swap detection work with international numbers? 

Yes. Through our longstanding history working with the largest international web properties, our cross-customer fraud intelligence and our global mobile network operator (MNO) network, we have access to insights on billions of phone numbers. Our SIM swap coverage extends to over 16 countries, with more than 40 MNOs integrated into our platform. 

If a phone happens to be compromised by a SIM swap, what’s the best way to reach the customer? 

Ideally, contact their carrier to let them know that that phone number had been compromised is the best way to get to the source. The carrier can notify the customer and ask them to come in person with an ID to get account information and security controls changed. 

How do you address legitimate SIM swaps? 

TeleSign’s SIM Swap detection API provides not only a yes answer with a time stamp, it also evaluates how likely it is that the SIM swap was for a fraudulent reason using a scale from 1-4.

To learn more about how to protect against SIM swap attacks and other fraud related activities, contact us today.