Contact Us
Back to View All

How the Top US Banks Stop SIM Swap Fraud, Today

January 29, 2020

Here’s how SIM swap fraud works and how the top US banks prevent SIM swap fraud today:

(1) Attacker SIM swaps victim and takes over their phone number (Read here how that is done ->)
(2) Attacker initiates “Forgot Password” flow at victim’s bank

At this point, the bank has a decision to make: every year millions of their customers actually do forget their password and need help. These processes are now automated so that call centers can focus on higher value services for customers. But of course, the OPEX savings and better customer experience don’t outweigh heavy fraud losses due to SIM swaps. So what do the Tier 1 banks do?

(3) The bank pings Payfone’s patented SIM swap technology, and in real time, Payfone is able to tell the bank whether a SIM swap has occurred in the last few hours. Payfone does this by checking the “born on date” of the SIM. If the SIM was recently changed (via a port-out or device swap) then the born-date would be a smoking gun.*

* The likelihood of a high-risk event such as password reset happening at the same time as a SIM change warrants further vetting, so the bank does not send an SMS with a password reset code to the customer/possible fraudster, and instead steps up the transaction.

Simple and powerful, Payfone protects the leading banks, insurers, fintechs and cryptocurrency wallets from SIM swap attacks in real-time for over 100M US consumers. In a recent case, a Tier 1 US bank saw SIM swap fraud drop significantly in real-time after launching Payfone.

We also recently expanded this capability to UK banks as part of a global roll-out.

To learn more about how your business can join other industry leaders in protecting your customers against SIM swap fraud, request a free consultation below.