The authentication platform tru.ID has released Active SIMCheck, an easy-to-integrate API product, as a timely response to the alarming growth in SIM swap fraud and account takeovers. Banks, fintechs, and any company using SMS to send security PIN codes are all at risk.
By using Active SIMCheck, any online business that uses PIN codes sent by SMS for user authentication can now protect their customers and their brand from the potential damage of identity theft and account takeover caused by SIM swap fraud.
Many kinds of mobile fraud, including SIM swap, are now becoming mainstream. Just recently, Wired UK reported on the “relentless rise” of Royal Mail text message scams, while The Sun warned against WhatsApp scam access codes. According to Javelin, the strategy and research firm, there’s been a 72% year-on-year increase of account takeover fraud; as of 2020.
One of the most common ways to implement SIM swap fraud is to intercept a PIN code, and then take over a customer’s account.
How Active SIMCheck Works
tru.ID Active SIMCheck is an API-based service that connects directly, and in real-time, to mobile network operators to verify the identity of the SIM card in a user’s mobile phone. If there has been a recent change to that SIM card, it will be flagged by the API, enabling action to be taken and blocking potential fraudsters from intercepting SMS messages including SMS 2FA PIN codes.
This new security check can be integrated quickly and easily by developers alongside existing SMS 2FA solutions. There is no need for any change to the user experience.
“Many of the security challenges faced by businesses today are caused by antiquated reliance on passwords and SMS PIN codes,” comments Paul McGuire, co-founder, and CEO of tru.ID. “tru.ID delivers user authentication that is mobile-native, seamless, secure, and private. Active SIMCheck is part of the range of powerful new mobile authentication products developed by tru.ID that are based on the cryptographic security of the SIM card. Active SIMCheck is an important stepping stone on that journey enabling businesses to rapidly solve a major fraud risk without impacting the user experience.“
Who is at risk from SIM swap fraud?
Consumers’ general reliance on m-commerce, and other online interactions for banking, health, and education has been accelerated by lockdowns – and fraudsters have taken advantage. Now it is not only high profile cases, such as Twitter CEO’s Jack Dorsey account takeover, or tech entrepreneur Robert Ross’ $1million life-saving losses on crypto, who are targets of fraudulent activity. The customers of every business that uses PIN codes sent by SMS are now at risk of having their identity taken away and their savings stolen.
Why has SIM Swap become such a big issue?
Most phone-based authentication methods today simply use the mobile number and rely on a PIN code that is sent via SMS, or a voice call. Companies assume this is a possession-factor authentication method, but the problem is that it doesn’t reliably prove possession. There are some fundamental flaws – and bad actors are taking advantage.
The primary issue is SIM Swap. Bad actors are increasingly committing SIM swap fraud by persuading the mobile operator to issue them with a replacement SIM card that takes over the same mobile number. They are then able to receive all voice calls and SMS messages (including PIN codes) sent to that number, and then use those codes to take over that User’s accounts.
The solution? SIM-based authentication
The technology which authenticates the identity of each SIM card is a core part of every mobile network – it’s how MNOs are able to bill us correctly for our mobile network usage. But it is only now becoming available for identity management and fraud prevention. This new approach is what’s known as SIM-based authentication and tru.ID makes it available via API for fast and easy integration.