By now, you might already know that SIM swap fraud is a major problem that can’t be ignored. It’s on most fraud executives’ radars, not to mention in the news nearly every other week. According to the Wall Street Journal, investigators say they know of more than 3,000 SIM-jacking victims, accounting for $70 million in losses nationwide (the real numbers are likely much higher considering that many cases go unreported).
Congress is also getting involved to battle this epidemic. Earlier this month, Senator Ron Wyden published a letter to FCC chairman Ajit Pai calling on him to take action to protect consumers against number porting (a.k.a. SIM swap) scams. In Canada, the CRTC also issued a similar letter to the Canadian Wireless Telecommunications Association echoing these concerns. On top of all this, Princeton just released a study finding that top U.S. mobile carriers were vulnerable to SIM swapping tactics.
Now you know that SIM swap fraud is a serious threat to you, your company, and your customers.
A different way of looking at SIM swap fraud
The focus of the Princeton study, Senator Wyden’s letter, and really most of what has been written on the internet about SIM swap fraud has been the role that mobile carriers play in attackers carrying out fraud. As evidenced in these writeups, the step where hackers dupe customer service agents into swapping their SIMs is vital to the attack being successful. But it’s also very difficult to prevent because it involves humans, and specifically customer service agents, who are trained to be as helpful as possible. But upon further inspection, this step is not where the actual damage is done.
In most cases, the actual damage – theft of funds, hijacking of a social media account, or theft of cryptocurrency – occurs after the fraudster actually goes to log into the victim’s accounts using the phone number he has just taken over. So technically, just taking over your phone number is not enough. In order to really inflict damage, a fraudster also needs to log into your accounts.
An opportunity to stop SIM swap fraud in its tracks
This is where Payfone’s patented Phone Intelligence comes into play. When the fraudster goes to log into the victim’s account, the business (whether it be a bank, crypto platform, social media platform, or other kind of enterprise) can use Phone Intelligence to detect that a SIM swap has taken place and block the fraudster from taking nefarious actions.
Consider this scenario involving a cryptocurrency exchange:
1) Fraudster steals username/password of victim and logs into cryptocurrency exchange.
2) Fraudster takes over victim’s phone number through a SIM swap attack.
3) With Payfone enabled, the cryptocurrency exchange can call our APIs to see if a SIM swap has occurred on that account.
4) If a SIM swap has occurred, the cryptocurrency exchange routes the user to further inspection before granting them access to the account.
5) Because accounts can be locked before any damage can be done, the cryptocurrency exchange is able to shut down hackers before they can do harm, safeguarding their users’ cryptocurrency.
Why CX and digital executives should also take note
From a customer experience standpoint, Phone Intelligence has the additional benefit of creating a more seamless experience for legitimate users. Since many SIM swaps are legitimate (in 2018, there were 90 million ports and 100 million device upgrades in the U.S.), simply detecting SIM swaps and hitting anyone who has swapped their SIM with a ton of friction can be significantly damaging to your customers’ experience and, in turn, customer satisfaction. Enterprises must be careful not to slow down the experience for customers who may have legitimately ported their numbers or upgraded their devices. By analyzing the contextual behavior and time of a SIM swap, Payfone provides a more sophisticated and nuanced approach to thwarting SIM swap fraud. As a result, you can offer a faster and easier experience for good customers while identifying potential bad actors and subjecting them to further inspection.
It’s also important to note that customers of businesses who do not use Payfone have to jump through considerable hoops if they want to go the DIY route to protect themselves against SIM swap fraud. There are numerous articles that give recommendations on how to do this (calling your mobile carrier, setting up a pincode, then setting up a longer 16-digit pincode, etc.) but not only is this time-consuming, these precautions are totally ineffective when hackers break directly into telecom companies to swap SIMs.
The Bottom Line: Implementing technology that not only safeguards your customers against SIM swap attacks but also betters their experience is an investment. However, it’s an investment that can not only help you avoid losing customers, but also to attract new customers by differentiating your company as one that cares about their security, convenience, and experience.
Want to learn more about protecting your company against SIM swap fraud while also improving your customer experience? Request a free consultation below.
At this point, the bank has a decision to make: every year millions of their customers actually do forget their password and need help. These processes are now automated so that call centers can focus on higher value services for customers. But of course, the OPEX savings and better customer experience don’t outweigh heavy fraud losses due to SIM swaps. So what do the Tier 1 banks do?
(3) The bank pings Payfone’s patented SIM swap technology, and in real time, Payfone is able to tell the bank whether a SIM swap has occurred in the last few hours. Payfone does this by checking the “born on date” of the SIM. If the SIM was recently changed (via a port-out or device swap) then the born-date would be a smoking gun.*
* The likelihood of a high-risk event such as password reset happening at the same time as a SIM change warrants further vetting, so the bank does not send an SMS with a password reset code to the customer/possible fraudster, and instead steps up the transaction.
Simple and powerful, Payfone protects the leading banks, insurers, fintechs and cryptocurrency wallets from SIM swap attacks in real-time for over 100M US consumers. In a recent case, a Tier 1 US bank saw SIM swap fraud drop significantly in real-time after launching Payfone.
We also recently expanded this capability to UK banks as part of a global roll-out.
Did you know that Sir Richard Branson is a digital security do-gooder? The Virgin founder is taking aim at online fraudsters in a delightful new animated video posted on his Instagram feed. In the clip, Branson and his dubious doppelganger walk through some common online scam methods such as phishing, bots and social engineering. Branson briefly describes each of the suspicious scenarios and warns Virgin followers not to trust anyone masquerading as him or his team and asking for personal information.
“At Virgin Group, we’re working hard to unmask scammers,” he says. “Only trust what we post on our official channels and social media channels.”
To further fight fraud, Virgin has even set up a webpage dedicated to stopping online scams here. Branson urges viewers to report anything they think is suspicious on the site. “If you think it’s a con, send it on,” he says.
While being defrauded and losing money is clearly a concern for most people, there is an important – albeit less obvious – consequence. Online scammers lower everyone’s trust of transacting online – from consumers to enterprises. Because no one trusts anyone, all consumers are forced through experience-killing, time-sucking, and revenue-stunting friction (passwords, security questions, one-time passcodes) to prove they are who they say they are. Payfone-powered digital experiences restore Trust and sideline scammers so that they are unable to touch your customers’ cash or ruin their experience.
To learn how our Trust Score can help you distinguish between fraudsters and your real customers, contact us.
International Fraud Awareness Week is taking place this week from November 17th through 23rd. Identity fraud is growing at a rapid pace, and data breaches fuel a wide range of attack vectors, impacting big brands and their consumers on a daily basis. Online fraud losses are up >10% for more than half of FIs*.
This is a good time to evaluate new technologies that can bolster security and privacy while enhancing the user experience. The right technology choices can help enterprises achieve many of their strategic objectives and result in increased traffic, higher conversion rates, reduced fraud, simplified operations and streamlined compliance.
One of these key technologies is WebAuthn. WebAuthn, the W3C password-less MFA standard, will revolutionize the online experience in 2020 as it moves into widescale deployment. It supports device embedded cryptographic authenticators. This easy-to-use, strong multi-factor protocol frees users from having to remember passwords, provides a great user experience and mitigates over 99.9% on ATO fraud vectors.
WebAuthn provides an enhanced multi-factor authentication capability for the web – for browser, mobile web and mobile applications. It has several major benefits:
*Aite Group May 2019
Payfone’s CEO, Rodger Desai, is presenting at Tearsheet’s Embedded Conference in NYC on Tuesday, November 19th. The discussion will focus on the most consequential trends and challenges in the industry around lack of trust, the growth of fraud and the power of phone intelligence. Rodger will provide multiple use cases on how enterprises can definitively validate identities, improve pass rates with reduced friction, and increase customer satisfaction by leveraging real-time telecom signals as a proxy for individuals’ digital identity.
Presented by Tearsheet, The Embedded Conference is a first-of-its-kind event that brings together financial institutions, technology players, and other firms getting into financial services for the first time. It isn’t about banks vs. non-banks — the Embedded Conference is about collaboration and tapping into the best each player in the ecosystem can offer.
During the last week of October, Payfone was onstage multiple times at Money 2020, one of the largest conferences where the financial services industry congregates to connect and create the future of money. During the event, we had a chance to engage with our customers, meet with partners and new prospects, and take part in key industry conversations. Payfone’s CEO, Rodger Desai spoke with industry leaders in two fireside chats about relevant topics – the customer experience, Pass Rates and Trust Scores.
Rodger joined Carol Juel, Synchrony’s EVP and CIO, to discuss the merging of physical and digital worlds to ensure fast and easy payments and the new ways the transformation of the payments industry will have on consumers and businesses. The discussion revolved around how trust is at the core of delivering fast, easy and secure customer experiences and the importance of pass rates. During this chat, Carol referenced Synchrony’s partnership with Payfone with complimentary shout-outs “Payfone is a shining example of how work gets done” and “the opportunity to work with Payfone brings trust to another level.” Thank you, Carol!
Rodger was joined onstage for a fireside chat with Mastercard’s Rob Carter, Director, Product Development & Innovation, Cyber & Intelligence Solutions, about “The Trust Gap” whereby approval rates of card not present transactions are 25% lower than card present transactions. The discussion revolved around this phenomenon that hinders the customer experience, stunts revenue and increases operating costs. Practices that enterprises can follow to reverse this Trust Gap were discussed.
Here’s how Tearsheet describes their Fintech Toolkit and why they started it:
Heading to HLTH this month? Come by booth #203 to meet the Payfone Healthcare team and learn how our digital trust solutions can transform your member/patient experience and supercharge engagement.
Who?: The Payfone Healthcare team & you
What?: Key digital transformation use cases such as password-less login, identity authentication for telehealth services, online portal registration, and call center authentication
Where?: Booth #203 at HLTH at the MGM Grand in Las Vegas
When?: October 27-30
Why?: Learn from Payfone’s digital identity “sherpas” who can guide your digital authentication and verification strategies to enhance member/patient experiences and engagement while protecting privacy. See how Payfone’s patented Trust Score can significantly increase your percentage of members/patients that can interact with you frictionlessly, and try our demo to get your own Trust Score.
SIM swap attacks continue to make headlines, with Twitter CEO Jack Dorsey becoming one of the most famous victims to date when his mobile phone number was taken over last month. Similar scams are rapidly increasing in frequency, impacting high-profile CEOs, Hollywood celebrities, cryptocurrency communities, and everyday people, as criminals take advantage of security loopholes and the vulnerabilities of 2FA (two-factor authentication) to hijack social media accounts or steal money and cryptocurrency by taking over victims’ mobile phone numbers.
This week, we announced that we are taking a stand and extending our SIM swap detection algorithms to even more consumers to protect them from a fast-growing fraud scheme that easily breaks 2FA, costing them millions in lost dollars and personal data.
The call center is one of the most challenging channels when it comes to balancing security with customer experience. Fraud methods that target the call center – such as ANI-spoofing and account takeover attacks – are on the rise, with 51 percent of financial service professionals believing that phone channels see the greatest number of ATO attempts.* At the same time, we all know how unpleasant it can be to deal with security processes such as knowledge-based authentication and PIN codes when dialing into a call center, and quick and easy user enrollment remains a top priority for 91 percent of call center industry leaders.*
The good news is that there is hope for brands looking to use technology to solve these issues. Payfone’s Call Center solution uses a sophisticated, multi-layer approach to authenticating call center calls and the identity of callers to prevent ANI-spoofing and ATOs while also delivering a frictionless experience to >90% of callers. Enterprises can alleviate security concerns by leveraging the Payfone Trust Score™ and call authentication for real-time porting and SIM swap intelligence and to prove possession of the phone dialing into the call center. The Fonebook can then be used to identify callers for an increased ANI-match rate that eliminates the need for KBA questions and contains callers in the IVR so that they can quickly service themselves instead of requiring human intervention.
Curious to see what other features make Payfone’s Call Center solution so comprehensive and to see how your current solution stacks up? Download our Call Center Authentication Checklist below for the most critical differentiators to look for in a solution.