Leave a legacy.

Sim Swap Scamming Prevention Check

By: othalian | 01-12-2018 14:40

Our phones are an integral part of us these days and on so many levels. And it is being used more-and-more in the two factor authentication process by various organisation which include banks and Amazon to name two. However, scammer too are realising this which is why "Sim Swap" scams are on the rise.

If you don't know what "Sim Swap" scams are it's when someone contacts a phone provider and requests a replacement sim card because it was lost, damaged, eaten by the dog, you name it. And oh by the way could you transfer all "my" stuff over to the new sim, please. You the owner might not notice it has happened for a few days and by then the scammer has accessed your bank account, etc.

My suggestion is for us all as a community to come up with a system of quick checks which can be carried out prior to a replacement sim being issued.

Idea 1. You are allocated a PassCode calculated on elements of your profile. No-one would know which elements are used to create this PassCode so it would be hard to recreate if not impossible.

Once issued with this PassCode you would be required to print it off and keep it safe. The page would have just enough information on it to remind YOU what the PassCode is for and not anyone else.

Idea 2. You nominate someone as a "Sim Friend", for want of a better name, within your profile. If a sim is requested then your "Sim Friend" would receive an sms which would ask them to contact you and confirm they did indeed request a replacement sim. Your "Sim Friend" would then press either a "Yes" or "No" link within the message to confirm or decline the request on your behalf. However, this option only works if Giffgaff retains secure servers of course.

Those are my suggestions but if someone can provide better, simpler solution then let's hear it. But we as a community can't just ignore it and hope it won't happen to us. Let's act now and protect us all from these sorts of scams. Also, it might be a great selling point for new members too.

Comments

by: peterg92
on: 22-05-2019 16:27

Sounds good

by: haseebhejazi
on: 24-04-2019 22:31

good lu

by: limes03
on: 28-03-2019 17:04

Sounds wise. Probably best to make it utterly personal and, from someone else's point of view, random. Inventing one's own security question and answer at a late stage in the setup works. Recommend that the user does not use biographical details or only very trivial ones which no one else knows, like; "why didn't you buy the orange juice on Georges birthday?", "Because I got a puncture." for example, better yet utterly fictional but memorable.

One could add a level by splitting user input between devices, enter your question/s via a computer and text the answer/s by phone for example. In that way if one device is already compromised the full combination is still unknown to a scammer. For a legitimate SIM request the user would simply answer those questions. As for verification purposes the user would only need one device the advice would be to reset the questions and answers using two devices quite soon,

At the server end including precise times elapsed between items of data entered during set-up adds a better than pseudorandom element to the math's which differs from user to user. With good data separation that should be reasonably secure.

Edited
by: helen_starkey
on: 17-03-2019 19:46

amazing idea think this would be great well done

by: emmalouisep93
on: 27-02-2019 14:00

Good luck.

by: emmalouisep93
on: 11-02-2019 19:31

Supported..

by: jossy22
on: 07-02-2019 09:49

Increased security always supported!

by: iamnew787
on: 01-02-2019 13:15

liked

by: persco
on: 30-01-2019 07:39

I still think 2Factor Authorisation rather will solve this issue. It’s a feature that is already being used elsewhere and giffgaff can adopt.

by: blueleather
on: 31-01-2019 17:24

Two factor authorisation is a well tested method, quite reliable.

by: stevwarn
on: 31-03-2019 06:59

Concur 2FA and a more robust security features to stop SIM swap fraud is well overdue!

by: adamtheant
on: 26-01-2019 23:53

defo support this