Did You Know?: That SIM Swap Fraud is Dangerous But Preventable
May 9, 2019
Did you KNOW…
SIM swap fraud is one of the fastest-growing and most devastating fraud vectors plaguing companies and consumers today. From cryptocurrency exchanges to social media networks, all digital service providers that require users to log in are at risk of making headlines for falling victim to these increasingly common attacks if they do not have advanced preventative technology in place.
HOW SIM SWAP FRAUD WORKS
First, scammers trick victims into divulging personal information about themselves and then socially engineer customer service representatives in order to take over a victim’s phone number by having them transfer the number to a SIM card in their possession. Once they’ve done this successfully, the fraudster has full control over the unsuspecting victim’s phone number, allowing them full access to their accounts.
While victims are at risk of having their cryptocurrency accounts drained or having their social media handles taken hostage, the harm to the service providers who failed to protect their users against these kinds of attacks ranges from major reputational damage to liability for lost funds to the risk of losing users to more secure competitors.
WHAT COMPANIES CAN DO TO PROTECT THEMSELVES AND THEIR CUSTOMERS
Many proactive service providers are taking it upon themselves to secure their businesses with preventative technology, like Payfone’s Trust Score, to protect their customers against SIM swap fraud.
Payfone’s patented Trust Score provides a real-time check that allows service providers to see, at the time of a transaction, if a SIM swap has taken place. Here is a real-life example of how the Trust Score is being used today by a leading cryptocurrency exchange:
1) Fraudster steals cryptocurrency exchange username/password of victim through email phishing or similar method.
2) Fraudster takes over victim’s phone number by social engineering a customer service representative.
3) Typically at this point, the fraudster would then be able to log into the cryptocurrency exchange with the stolen credentials, and since they would have taken over the phone number as well, they would be able to receive any 2FA SMS one-time passcodes right to their own phone. However, with Payfone enabled, the cryptocurrency exchange would be able to call the Payfone Trust Score before sending an SMS OTP to see if a SIM swap has occurred on that account.
4) If a SIM swap has occurred, the cryptocurrency exchange routes the user to further inspection before granting them access to the account.
5) In almost all cases where accounts were locked due to insight from the Payfone Trust Score, victims confirmed that their accounts had, in fact, been taken over. Because accounts were locked before any damage could be done, the cryptocurrency exchange was able to safeguard the victims’ cryptocoins.
Note: There were some cases where accounts were locked despite no actual fraud having taken place. This was due to the fact that not all SIM swaps are nefarious. SIM swaps often occur for legitimate reasons–perhaps you dropped your phone in the toilet and wanted to activate an old phone you had in a drawer. However, all SIM swaps should be subject to additional scrutiny as a safety measure.
The overall result was that the cryptocurrency exchange reported zero SIM swap attacks since implementing Payfone’s Trust Score.
“We’re experts in mobile identity. We predicted that as chip cards rolled out in the U.S., fraudsters would attack two-factor solutions that secure banking, fintech and bitcoin services,” said Rodger Desai, Chief Executive Officer, Payfone. “Payfone’s patented Trust Score thwarts these types of attacks before they can do harm by detecting suspicious SIM swaps as soon as they occur.”
The Trust Score has an additional benefit of creating a more seamless experience for legitimate users. One of the main complaints that consumers have about accessing online services is that proving their identities through passwords, knowledge-based authentication and SMS one-time passcodes is cumbersome and time-consuming. Payfone overcomes this tradeoff by using advanced analytics to make logging into online accounts as easy for good users and impossible for scammers.
“Consumers expect digital services to be effortless and secure. Yet security can often be cumbersome,” said David Birch, Global Ambassador, Consult Hyperion. “With new, cutting edge attacks such as SIM swaps, businesses need more and better security, which could mean more friction and therefore fewer customers. Payfone’s technologies deliver the security without the friction.”
Interested in learning how Payfone can stop SIM swap fraudsters from damaging your company? Contact us here to set up a free consultation.