The last few years have seen a sharp rise in SIM swap fraud, placing the mobile and digital sectors at risk of disrepute. This can result in great implications for all the participants in the value chain, including mobile users, mobile operators, digital services, and financial services providers.
By Mirza Bukva, head of telecom partnerships: Africa at Infobip
This type of fraud involves an account takeover scam that exploits a mobile operator’s ability to port a phone number to another SIM card. While this is typically a convenient feature in legitimate cases where a user has lost their mobile device and wants to keep their mobile number, it can also be abused for fraudulent purposes.
SIM swap fraud: how it happens and how to protect yourself
SIM swap fraud takes place when cyber criminals contact Mobile Network Operators (MNOs) pretending to be a customer, deceiving them into activating a new SIM card with the customer’s phone number.
Once this is done, the scammer gains full access to the end-user’s phone and information, and subsequently, every one-time-pin (OTP) message sent to that specific number is then received by the fraudster.
By finding loopholes in a completely legitimate process, cybercriminals can now gain access to all of a user’s personal accounts and applications that are linked to that phone number.
With SIM swap fraud on the rise in South Africa, the South African Banking Risk Information Centre (Sabric) reported that the number of incidents rose from 2 686 incidents in 2020 to 4 386 reported in 2021 – an increase of 63%. The average financial loss per incident jumped from R12 315 in 2020 to R17 775 reported in 2021 – a rise of 44%.
Some emerging trends related to SIM swap takeover in South Africa as well as many other countries, include the usage of social tactics to convince victims to provide their personal information for the fraudsters’ benefit. This can include phishing emails or messages that appear to be from a legitimate source but are actually designed to trick the victim into divulging their private info.
On a larger scale, use of advanced technology and machine learning can automate the fraud process allowing fraudsters to conduct SIM swaps much faster and quickly identify vulnerable targets.
In response to these emerging trends, telecom companies (as owners of the SIM and the technology behind it) should consider implementing various strategies to mitigate SIM swap fraud and protect their customers. This can be done by adding additional layers of security to good old 2-Factor Authentication (2FA), such as Mobile Identity and biometrics to identify and prevent fraudulent attempts.
However, it is important for all of us as individuals to be vigilant and remember to keep our personal information private, be cautious of unsolicited calls and messages, and to regularly monitor our financial accounts for any suspicious activity.
Implications of SIM swap fraud on telcos
The aim of digital fraud is to target an individual’s identity in order to extract financial gain. Or, in other words, to impersonate someone in the quest to drain their bank account. While this in itself is a significant threat, there is also the risk of identity theft, which can lead to greater cases of fraud whereby imposters pose as the victim, potentially wreaking havoc in their life.
The stakes for telcos are perhaps even higher, as SIM swap fraud negatively impacts the trust between mobile users and their mobile provider due to the substantial volume of data in their possession. This is even more important in cases of post-paid users, or jurisdictions with mandatory prepaid SIM card registration.
For any company, trust is essential. Losing the trust of customers is bad for business, however, adding a readily available anti-fraud solution is the easiest and most direct way of preventing loss of trust and reputational or legal damages to enterprises, and this rings true for telco operators too.
A business that holds individuals’ data, or handles their financials, has a vested interest in preventing any damages, and that means implementing all the feasible means of protecting their customers. As a result, mobile operators need to implement reliable and efficient anti-fraud tools.
An example of such a tool is Mobile Identity – an authentication system that allows MNOs to perform a real-time check on the new SIM card and determine when it was activated. If a financial transaction was attempted within 24 or 48 hours from the time of activation, it is then flagged to the bank and can be blocked. A request for confirmation can then be sent to the legitimate user, thus preventing fraud and financial loss.
How MNOs can strengthen SIM swap fraud prevention
Working with trusted technology vendors can result in a stronger defence against fraud committed through SIM swaps, and add to the operators’ anti-fraud offering as part of their wider digital services and digital transformation-focused enterprise portfolio.
Mobile identity solutions are very effective, with sign-up processes that are quicker, cheaper and ultimately much more secure. It’s a huge opportunity for the telecoms industry, particularly those that are working with financial service providers or providing financial services themselves, demonstrating that they are listening to consumer concerns and introducing anti-fraud measures to help alleviate these fears.
In conclusion, protecting your customers and your business from the impacts of digital fraud, including SIM swap fraud, should be a high priority for all businesses. Constant and consistent efforts to educate employees and clients should also be implemented along with strong security measures such as 2FA.
Furthermore, working with MNOs better positions businesses to greatly reduce the risk of falling victim to digital fraud. By taking these steps, businesses can ensure that they are secure and trusted, while providing peace of mind to their customers.