SIM Swap is one of the most damaging types of fraud imaginable because it gives fraudsters control of a user’s device. Accounts can be drained, products purchased, money transferred all in the matter of a couple hours. In order to understand how TeleSign fights against SIM Swap fraud, it’s important to know how the scheme works.
Unlike some forms of fraud, SIM Swap always involves a third party; either an unwitting telco employee or one who has taken a bribe. In a classic case of SIM Swap, a fraudster will have learned some personally identifiable information (PII) about their victim pulled via social engineering or phishing attacks. PII of high value targets is also sometimes sold on the black market.
From here, the fraudster calls the victim’s cell provider and impersonates the victim. The criminal answers enough questions accurately to convince the customer service representative on the end of the line to port the number over to a SIM card controlled by the fraudster.
Now with control of the victim’s device, the fraudster can trigger account recovery sequences for high value accounts. Think of banks, crypto accounts, stock portfolios, social media, e-mail accounts or e-commerce sites. Once the fraudster has access to these accounts, they can move lucrative assets around without arousing suspicions. Even more diabolical, they can troll e-mail and social accounts to find information that can be used for extortion. A life can be ruined overnight.
Plugging the Gap
SIM Swap primarily exists to circumvent two-factor authentication. By re-routing a one-time passcode to a different device, an account takeover becomes possible. This is why at TeleSign, our wholistic identity solutions go a step further.
We leverage mobile identity to look at the metadata behind a phone number, including looking at the last time a number was ported. With our SIM Swap API a business can find out whether the SIM for a phone number has been swapped and if so, when. TeleSign evaluates how likely it is that the SIM swap was for a fraudulent reason.
For example, if a number was ported to a new device an hour ago and then the associated account tried to move $100,000 in cryptocurrency, this might be cause for concern. Red flags would be raised, and your platform could choose to block the transaction. TeleSign allows businesses to seamlessly integrate our solutions into your existing infrastructure so you can always keep your users and your platform secure.
TeleSign has been connecting and protecting online experiences for over 15 years. We support the largest web properties in the world and we’re prepared to help you. Contact TeleSign now and learn more about how we can protect online transactions, keeping platforms and users safe.