Matthew Hornsey
Published on: July 9, 2024
Currently they’re mostly used by people travelling for work or going on holiday – a handy way to pay local tariffs when overseas rather than being clobbered for hefty international roaming charges.
But eSIMs are going to become mainstream.
It’s only a question of when.
I suspect the tipping point moment is still a year or two away – and will come when either Apple or Samsung announce that they are moving away from having a SIM tray on their handsets at all. At that moment a process will begin which will see eSIMs quite quickly supersede and ultimately replace physical SIM cards almost completely.
In the same way that Bluetooth headphones very swiftly achieved blanket adoption once iPhones no longer carried a jack for wired connection.
The attraction is obvious. For the customer, it means instant access to their phone and all its apps rather than waiting 24-48 hours, or longer, for a replacement SIM to arrive by post or courier. And for the phone company, it’s cheaper, quicker and cleaner.
So it is almost certainly going to happen.
And that means that anyone working in or adjacent to the mobile device sector needs to be alert to the looming prospect of eSIMs and how it may affect them.
But the current answer is: we simply don’t know.
I like to think that the world will be smart enough to avoid the mistakes that have been made at previously pivotal moments in the development of e-commerce and digital culture. But there’s no way to guarantee the world won’t simply repeat them.
In fact, the eSIM per se is not really the issue – there is no significant difference between an eSIM and a physical SIM. They both perform the same function in the same way, in the sense that all of them have an IMSI and that is both unique and tied to the user’s mobile number.
So any check you can do on a physical SIM-equipped device you can do on an eSIM one.
The complication comes in what eSIM allows, namely that a single physical device can suddenly become capable of linking to multiple numbers and SIM identities simultaneously – which complicates a lot of existing functions.
At this point in the update of eSIMs, there are both pros and cons.
In the plus column, there is the reduced threat of physical theft: since there’s no physical SIM to steal or swap, eSIMs should eliminate the common fraud tactic of SIM swapping to gain control of a victim’s phone number.
But of course, the fraudsters will already be trying to find ways around this and you can be certain that they will find them. And there are already reported cases of successful attacks.
Simply, say, sending a one-time passcode before allowing an unverified user onto your platform may be an invitation to fraud – if the eSIM that the OTP is sent to has been cloned then that six-digit code will be going to the criminal, not the account holder.
The solution is to apply more robust procedures at every stage of onboarding and know your customer (KYC) processes. We will need layers of protection and verification and customer education to ensure it’s not a simple job for the crooks to hack them.
Activation of an eSIM should require going through a carrier’s secure verification process, which may include multi-factor authentication, reducing the chance of unauthorised access.
Using eSIMs makes it more difficult for automated security checks to be certain of what they are seeing. For instance, if you are attempting to sign into a platform giving your ‘normal’ number but the outgoing web call is made from another profile that has another number, there is no way it will be authenticated.
It will also perhaps over time render the concept of burner-type numbers harder to track because you might for example download an eSIM when on holiday and have a new number for a week to avoid costly roaming charges.
I don’t believe it’s going to cause seismic changes. And this is down to one overarching reason: people will still want to keep their primary number for many years if not forever – it’s a kind of digital signature to most of us – and as long as they do, then the digital landscape won’t suddenly become a maze.
Currently, fraud in this sphere appears to be relatively small-scale and highly targeted so although there have been breaches – and for large amounts – they have not become widespread. They have been aimed at prominent people with particular assets rather than the wider population.
But eSIM fraud will certainly become more prevalent and this means a need for both vigilance and communication among interested parties.
For instance, there are currently one or two apps out there offering eSIM services targeted at regular travellers – who currently don’t share data with fraud prevention organisations like ourselves and others working in our field to combat fraud.
It’s in everyone’s interest – particularly, for the integrity of their brand, theirs – for that to change. And quickly.
For us at TMT ID the advent of a cardless SIM future certainly presents an opportunity – and it’s an almost limitless one because global adoption will mean several billions of new eSIMs that will need checking. I just hope it’s as much of a positive for users.
Last updated on September 18, 2024
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
