Why mobile operators must take proactive measures to protect customers from SIM/eSIM swap fraud
Two-factor authentication (2FA) is a method commonly used by online businesses to verify their customers’ identities and protect them from becoming victims of fraud. It’s a relatively simple process. Prior to completion of an online transaction, the business generates a one-time passcode (OTP) and sends it to the customer’s mobile phone via SMS. The customer then enters the passcode as part of their online order to authenticate their identity and complete the digital transaction. The problem is that this method is being exploited by fraudsters and cybercriminals, who, in recent years, have capitalized on the weaknesses of this authentication method to carry out an increasing number of attacks.
SIM/eSIM swap fraud is considered one of the most effective enablers for cybercriminals to steal money from legitimate users, especially cryptocurrencies. It occurs when a cybercriminal/fraudster contacts a telecom operator, posing as a genuine customer, and requests an unauthorized SIM/eSIM swap request. Once the operator authorizes the fraudulent swap, the attacker essentially takes over the mobile phone number of the victim. From this moment on, the fraudster receives all incoming calls and text messages sent to the victim’s mobile phone number. This allows them to intercept any OTPs sent to the genuine customer and perform fraudulent activities on their behalf. The implications for customers, businesses and service providers can be devastating, with the latter potentially exposed to severe lawsuits, brand and reputational damage, as well as claims for heavy monetary compensation. To emphasize the seriousness of the phenomena, a recent publication even stated that SIM/eSIM swap fraud poses a threat to the entire cryptocurrency economy.
While many security experts are advising online businesses to stop using OTP sent over SMS, the vast majority (including the biggest ones like Google, Facebook, Amazon, etc.) still use it and are expected to continue doing so – it’s cost-effective, easy to deploy and commonly accessible by billions of mobile phone users around the world.
Amdocs Revenue Guard's SIM/eSIM Swap Fraud Protection service is a unique, robust carrier-grade solution that proactively identifies and prevents SIM/eSIM swap fraud on service providers’ networks. From the moment it’s deployed, the service delivers immediate value by proactively analyzing customer location anomalies in real time and taking preventive actions to ensue no damage can occur.
Want to learn more? Feel free to contact me at firstname.lastname@example.org
Dror Eshet is a product manager at Amdocs, a leading expert in combatting telecom fraud with more than 20 years of experience in fraud detection and prevention at various large enterprises.