Edward Glasscote
If you’re part of a small to medium business, no matter what, there is always more you could, or should, be doing.
Of UK and US SMEs, one-third report using free, consumer-grade cybersecurity, and a further one in five use no endpoint security whatsoever. A single attack can cost over £10,000 to recover from without factoring in the subsequent loss of business, which can be devastating for any business, but especially an SME.
Regarding customer verification, it is common for businesses to be similarly lax: you may utilise phone number and password combinations but alone these leave accounts wide open to fraudsters. To add an extra layer of security, your business may also require the use of a code sent to an SMS – in reality, this may not make your customers much more secure.
Multifactor authentication methods, such as SMS, have become the most commonplace form of authentication.
This makes sense: mobile phones are ubiquitous today. They have revolutionised the way we communicate with one another locally and globally – becoming a practical necessity for modern life. As central as they are to our lives, they are not as secure as you might think. Gaining access to a person’s phone number is not considered difficult, and with the high volume of legitimate customer requests, fraudsters are able to act undetected. Costing UK victims an estimated 2.6M in 2019, SIM-swap fraud boasts some high-profile targets, such as Twitter CEO Jack Dorsey who famously had his bank and Twitter accounts compromised.
SIM-swap is the process of moving a phone number onto a different SIM card. This can occur legitimately if a customer loses their SIM card or wants to change to a device with a different SIM format or a different provider entirely – whilst maintaining their original phone number.
This is where the fraudsters come in, looking to take advantage of these processes implemented for customer convenience…
When the fraudster has selected their target phone number, they will attempt the SIM-swap procedure, to port the phone number to a device they have access to. If they can succeed in this, they will have access to all SMS and calls intended for the legitimate customer.
To achieve this, the fraudster will use their victim’s personal information to convince the network operator to perform the swap. These details are usually gathered from spoof portals, smishing, social engineering or purchased from the dark web. In some cases, fraudsters will even attempt to prove their identity in person, with forged documents.
Once the swap has taken place, all calls and SMS will be directed to the fraudster’s device, allowing them to request access, or a password reset on the victim’s banking or retail account. With the security information being sent directly to the fraudster, nothing is stopping them from making illegitimate transfers and processes.
Fraudsters have perfected their craft. Even seemingly complicated acts of fraud have become perfectly achievable, for even an amateur fraudster, due to black market guides and communities. As such, fraud is on the rise, mobile fraud particularly: the losses due to mobile banking fraud in the UK rose by 127% in the first half of 2021, compared with the same period in 2020. More fraudsters are making more money more easily.
But the fact that it is straightforward, means that there are some equally simple – but powerful – steps you can take to keep your customers safe.
Adding further checks and barriers may seem like the best solution – however, while these tactics will be effective at stopping fraudsters from accessing your services, they will also be effective at stopping legitimate customers from having the convenient experience they desire.
When preventing fraud, the use of fraud prevention solutions and customer experience must be balanced. It is imperative organisations do not cause undue stress for legitimate customers. After all, customer experience is key to retention. For example, online retail sites see an almost 70% cart abandonment rate, 24% of these abandonments are due to the account creation process, and another 18% are due to an overly long or complicated checkout. In short: too many security steps and they are likely to lose interest, no matter how well-protected it makes them.
By quickly checking that a SIM or Device ID has not changed since you last interacted with a customer, you can identify and respond to any flags, without impeding users.
The key to this is the use of mobile network operator data. Within the streams of information sent between phones and the network, there are clues as to the identity of the end-user, one of these clues being if a SIM has recently been swapped.
Whilst preventing fraud requires a multi-faceted and collaborative approach, by increasing data enrichment, you will provide better security against many kinds of fraud, specifically SIM-swap and Account Takeover – whilst providing a desirable customer experience. SIM-swap is simple, so don’t let it get the better of your business.
Last updated on March 28, 2024
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide comprehensive device, network and mobile numbering data available.
Contact us > Chat to an expert >
