Verify

Verify and validate customers globally using their phone number.

Velocity

Discover the network provider for every mobile number globally.

Authenticate

Protect customers, accounts, and transactions within your app.

Live

Discover if a mobile number is assigned to a subscriber.

Score

A real time phone number credibility score.

TeleShield™

Identify if a number has the propensity to be used for fraud.

Banks and Financial Services
E-Commerce
Insurance
Mobile Messaging
Gaming & Gambling
Communication and Service Providers
Identity & Verification Providers
eBooks
News
Developers
Viteza
FAQ
About us
Events
Careers
Contact us
Articles

Understanding SIM-Swap

Edward Glasscote

4 min read
A hand holding a SIM card with text overlay discussing SIM-Swap understanding by Edward Glasscote.

What is it, and how can you protect your business?

How do you prevent fraud?

If you’re part of a small to medium business, no matter what, there is always more you could, or should, be doing.

Of UK and US SMEs, one-third report using free, consumer-grade cybersecurity, and a further one in five use no endpoint security whatsoever. A single attack can cost over £10,000 to recover from without factoring in the subsequent loss of business, which can be devastating for any business, but especially an SME.  

Regarding customer verification, it is common for businesses to be similarly lax: you may utilise phone number and password combinations but alone these leave accounts wide open to fraudsters. To add an extra layer of security, your business may also require the use of a code sent to an SMS – in reality, this may not make your customers much more secure.

Multifactor authentication methods, such as SMS, have become the most commonplace form of authentication.

This makes sense: mobile phones are ubiquitous today. They have revolutionised the way we communicate with one another locally and globally – becoming a practical necessity for modern life. As central as they are to our lives, they are not as secure as you might think. Gaining access to a person’s phone number is not considered difficult, and with the high volume of legitimate customer requests, fraudsters are able to act undetected. Costing UK victims an estimated 2.6M in 2019, SIM-swap fraud boasts some high-profile targets, such as Twitter CEO Jack Dorsey who famously had his bank and Twitter accounts compromised.

So how does it work?

SIM-swap is the process of moving a phone number onto a different SIM card. This can occur legitimately if a customer loses their SIM card or wants to change to a device with a different SIM format or a different provider entirely – whilst maintaining their original phone number.

This is where the fraudsters come in, looking to take advantage of these processes implemented for customer convenience…

When the fraudster has selected their target phone number, they will attempt the SIM-swap procedure, to port the phone number to a device they have access to. If they can succeed in this, they will have access to all SMS and calls intended for the legitimate customer.

To achieve this, the fraudster will use their victim’s personal information to convince the network operator to perform the swap. These details are usually gathered from spoof portals, smishing, social engineering or purchased from the dark web. In some cases, fraudsters will even attempt to prove their identity in person, with forged documents.

Once the swap has taken place, all calls and SMS will be directed to the fraudster’s device, allowing them to request access, or a password reset on the victim’s banking or retail account. With the security information being sent directly to the fraudster, nothing is stopping them from making illegitimate transfers and processes.

Is there a smarter solution?

Fraudsters have perfected their craft. Even seemingly complicated acts of fraud have become perfectly achievable, for even an amateur fraudster, due to black market guides and communities. As such, fraud is on the rise, mobile fraud particularly: the losses due to mobile banking fraud in the UK rose by 127% in the first half of 2021, compared with the same period in 2020. More fraudsters are making more money more easily.

But the fact that it is straightforward, means that there are some equally simple – but powerful – steps you can take to keep your customers safe.

Adding further checks and barriers may seem like the best solution – however, while these tactics will be effective at stopping fraudsters from accessing your services, they will also be effective at stopping legitimate customers from having the convenient experience they desire.

When preventing fraud, the use of fraud prevention solutions and customer experience must be balanced. It is imperative organisations do not cause undue stress for legitimate customers. After all, customer experience is key to retention. For example, online retail sites see an almost 70% cart abandonment rate, 24% of these abandonments are due to the account creation process, and another 18% are due to an overly long or complicated checkout. In short: too many security steps and they are likely to lose interest, no matter how well-protected it makes them.

By quickly checking that a SIM or Device ID has not changed since you last interacted with a customer, you can identify and respond to any flags, without impeding users. 

The key to this is the use of mobile network operator data. Within the streams of information sent between phones and the network, there are clues as to the identity of the end-user, one of these clues being if a SIM has recently been swapped.

Whilst preventing fraud requires a multi-faceted and collaborative approach, by increasing data enrichment, you will provide better security against many kinds of fraud, specifically SIM-swap and Account Takeover – whilst providing a desirable customer experience. SIM-swap is simple, so don’t let it get the better of your business.

Last updated on September 18, 2024

Contents

Related Articles

Person performing a card trick with an advertisement for an article on responsible gambling and authentication in the background.

How to bet ‘without losing money’ – and why gambling can be a bit of harmless fun

Promotional graphic for an article on ghost broking prevention, featuring a ghost and the title 'how to bust ghostbroking' by Edward Glasscote.

How you can Bust Ghost Broking

A promotional graphic for a mobile security resource by Peter Taylor, featuring a smartphone image with a "read now" call-to-action.

Mobile Phone Security


What Our Customers Are Saying

"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."

MaxMind

"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”

Business Telecommunications Services

"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."

Six Degrees Labs

"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."

LATRO

"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."

Global Message Service

"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."

Global Voice

"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."

Alberto Grunstein - CEO

"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."

Luisa Sanchez - VP of SMS and Messaging Solutions, Identidad Technologies

"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."

Deutsche Telekom Global Carrier

Ready to get started?

We provide the most comprehensive device, network and mobile numbering data available

Contact us > Chat to an expert >