SIM Swap Fraud is one of the largest fraud growth areas, causing hundreds of millions in losses worldwide. This increasingly prevalent form of Account Takeover (ATO) fraud also has the potential to do irreparable damage to a financial services firm’s brand image. Find out why it happens and what you can do to protect your customers.
Improved security = increased fraud?
Nowadays, it has become very convenient to use a mobile phone in combination with online banking, as logging into a banking environment requires some form of multifactor authentication. This authentication process is in line with Secure Customer Authentication (SCA) guidelines that were introduced when the European Union’s Revised Payment Services Directive (PSD2) came into force.
According to SCA, users must be able to identify themselves by a combination of two of the following factors:
- Something they know (password, pin, secret fact)
- Something they own (phone, wearable, hardware token)
- Something they are (fingerprint ID, facial ID, voice ID, retina scan)
When a mobile phone has been paired as the authentication device, the user is prompted to complete an action on the device or input a code received via SMS. By completing this verification step, the user is identified and allowed access to the sensitive information.
Globally, this has become a big area of concern. What if the user has been impersonated by a hacker? In that case, it’s the hacker who receives the authentication code, enabling access to the user’s finances. This is the primary goal of hackers who commit SIM Swap fraud.
SIM Swap fraud occurs when hackers gain access to a customer’s sensitive information by convincing a telecom provider to move the phone number onto a SIM card they control. In doing so, hackers automatically nullify the purpose of SCA checks. Once in control of the user’s SIM, hackers are able to clone the user’s device, gain access to banking accounts and plunder funds at will.
How much of a problem is SIM Swap fraud?
SIM Swap fraud is one of the most dangerous forms of Account Takeover (ATO) fraud and the fastest growing type of fraud worldwide, with global losses estimated in the hundreds of millions. In the United Kingdom alone, a study revealed that over 10 million British Pounds had been stolen through SIM Swap fraud in a span of less than five years.
Whereas the initial fraud (SIM swapping) occurs as a consequence of lapses in security checks at telecom providers, that is only the beginning of the fraudsters journey. In the end, it is banks and financial institutions that are the real target and who need to perform proper security checks, such as making sure the user’s device ID matches the one they hold.
The potential harm that SIM Swap fraud can cause to customers and brands is alarming. Financial services companies need to take steps as soon as possible to ensure their systems are not compromised when fraudsters gain access to customers’ mobile phones.
How Mi-Pay is tackling SIM Swap fraud
Financial institutions have a responsibility to protect their customers’ funds and sensitive data, yet many are being blindsided by the rampant surge in fraud stemming from SIM Swap attacks. Without implementing effective fraud checks, financial firms and their customers will continue to incur huge losses and suffer unimaginable consequences.
But how can banks prevent fraudsters from accessing customer data, when the identification process checks out just fine? Nowadays, banks need to think beyond two factor or multifactor authentication. It’s not enough to verify a user’s identity. It is also necessary to verify the user’s device. That’s where Mi-Pay comes in.
Mi-Pay is the fraud solution provider that keeps the banks and consumers safe. We do this by providing financial institutions with real-time information that can be used to create scoring profiles and check for irregularities.
Mi-Pay’s look-up service compares unique, identifiable device data – such as the IMEI/IMSI number – against a SIM’s current status. If discrepancies are detected, the SIM has likely been compromised. That negative conclusion is then relayed to the bank, allowing it to prevent the hacker from ever accessing any sensitive information or resources within the online banking environment.
Mi-Pay’s SIM check service is highly coveted by financial institutions and international banks in various countries, including the United Kingdom, Ireland, the Netherlands and Australia.
Stop SIM Swap fraud now
Incidences of SIM Swap fraud are on the rise. This type of fraud has the potential to cost companies hundreds of millions in lost revenue, as well as do irreparable damage to a company’s reputation.
Unfortunately, multifactor authentication, while part of being compliant with SCA/PSD2 regulations, is also how the door is opened for fraudsters to come in and wreak havoc. This is why it is absolutely essential for businesses to implement fraud checks.
For financial services companies, the solution lies in forming partnerships with fintech firms – like Mi-Pay – who, through the use of platforms and proprietary APIs, can aid in the real-time prevention of fraudulent attacks and logins.
For more information on how Mi-Pay can help your business identify and stop SIM Swap fraud, get in touch with me anytime. As Mi-Pay Revenue Ambassador, I help financial institutions protect their brands and boost their profits.
Vice President of Sales
E: [email protected]
M: +44 7515083513