For those who can remember, there was a time when getting a new mobile phone included the ritual of swapping the Subscriber Identification Module (SIM), that little plastic and metal card, from the old to the new device. This chip stored your mobile phone number and inserting it into the new device meant it would have the same number as the old one.
More recently, this step is unnecessary as people are starting to use eSIMs (digital cards stored on the chip of the mobile device) instead. This means that the SIM can be swapped over virtually by the mobile operator using Over-The-Air (OTA) provisioning, which has many benefits.
First, changing mobile providers or upgrading a mobile device becomes more straightforward. Second, plastic and metal waste are reduced by doing away with the physical SIM. And third, you no longer need to keep that little card in your desk drawer to carry out the delicate operation of a physical SIM swap.
The speed and convenience provided by eSIMs has other less obvious benefits, such as providing an alternative source for roaming coverage and tariffs.
However, does this speed and convenience have a downside? For instance, is the public more likely to suffer from identity and financial fraud?
One potential for fraud can come from an Account Takeover (ATO) attack, called SIM swapping, which is used to break into financial and other accounts. SIM swapping is when a fraudster moves your mobile number to a SIM/phone that they control. They can then hijack multi-factor authentication protections, such as SMS One Time Password (OTP), used to protect customer accounts.
So eSIMs make it easier to change SIMs and move mobile numbers, but is there mounting evidence that SIM swap fraud is more likely to happen? Well, SIM swap fraud attacks that exploit eSIMs have been reported, including these instances of SIM swappers hijacking phone numbers and fraudsters taking over handsets and raiding mobile banking accounts.
As long as mobile operators use the same security best practices as they do for physical SIM swaps, there should be no increased risk. Still, having an extra layer of security to protect your business from potential losses due to fraud is important. The good news is, there are measures that banks and other institutions can take for additional protection against all kinds of SIM swap attacks. For example, the Syniverse Account Takeover Detection solution can help identify high-risk numbers that may be compromised. It can also monitor high-risk events like SIM change, number porting, and call forwarding.
Ready to learn more about how Account Takeover Detection can protect you and your customers? Contact a Syniverse expert.
If you would like to learn about optimizing your Mobile Identity and Authentication strategy, please download our white paper, Cracking the Security Trilemma.
Contact us
