The SIM swap problem is becoming a headache for businesses and for mobile operators but the issue is even more painful for the mobile subscribers as fraudsters are gaining control of their messaging accounts as well as bank accounts. This is a pain that everyone can feel immediately.
What is SIM Swap?
What is common here is that the victim is a mobile subscriber who is under the impression that his/her data is safe with the mobile operator and communication with the retail channel is secure. While in many cases, consumers are exposing themselves for certain security issues though unsafe surfing the web or providing personal details to a stranger, with SIM swap an individual is not in position to protect him/herself. The only place where protection can be implemented is with the mobile operator and eventually at organization providing service to the consumer.
What the mobile operator can do.
As it is clear from the mechanics of SIM swap, fraudsters are often using fake IDs. The same methods used by criminals in the case of so-called subscription fraud or subscription never pay fraud, where a criminal would use fake IDs to obtain an expensive subscription or get a premium phone without paying the installments.
Clearly this type of fraud cannot be prevented by an employee of a retail store. Moreover, in some cases some of the individuals there might be part of a criminal chain and therefore a manual check cannot be trusted.
However, an efficient anti-fraud system that in real-time prevents Subscription fraud or SIM swap attempt is quite feasible. Using supervised Machine Learning algorithms, it is possible to achieve 99% detection accuracy for the SIM swap or subscription fraud detection. The check can be performed real-time and when guarded by proper procedures any internal fraud can be prevented as well.
At the same time, an ML based anti-fraud system requires certain investment from the Telco provider. It also takes time to get it implemented as well as to train Machine Learning algorithms. Therefore, another approach Telco providers can take is to simply block any A2P message or A2P call sent to a customer when they get a new SIM card for 24 or 48 hours.
This measure can be quite efficient in the majority of cases as the consumer would likely notice a lack of mobile service caused by the activation of an alternative SIM and complain to their Telco provider. However, this measure would be efficient only in cases where the mobile operator can distinguish the application originated activation SMS from normal P2P traffic. And that represents another issue.
Many medium and small financial services companies as well as OTT applications are trying to minimize their costs when sending activation SMS to consumers and therefore utilize the so-called grey-route mobile aggregators. Messages sent via grey routes are not visible to Telco providers as a premium A2P message and therefore they are not in position to enable the policy suggested above.
Clearly, a proper approach to the grey-route management and proper detection of A2P bypass can enable mobile operators to address more security and fraud issues representing an increment revenue with very short ROI.
Finally, it is also in the interests of small and medium sized businesses to use trusted and secure telco services, considering that in some geographies, it is they who would potentially carry the cost of SIM swap fraud.
Of course, the solutions suggested above are potentially introducing costs to telco businesses as well as to enterprises. However, from the ethical perspective each and every business is responsible to secure services provided to the consumers. A fraudster target can be anyone, including people taking budget/investment decisions. Therefore, reasonable investment into security and anti-fraud should be a part of a daily agenda for the businesses. That would prevent negative exposure in the press and eventually financial losses caused by legal actions and consumer complaints.