French operators work with AFMM to fight 'SIM swap' fraud ⋆

French operators work with AFMM to fight ‘SIM swap’ fraud

SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator’s ability to seamlessly port a telephone number to a new SIM. This feature is normally used when a customer has lost or had their phone stolen.

Attacks like these are now widespread, with cybercriminals using them not only to steal credentials and capture OTPs (one-time passwords) sent via SMS but also to cause financial damage to victims.

Mobile payments are now huge: mobile phone-based money transfers allow users to access financing and micro-financing services, and to easily deposit, withdraw and pay for goods and services with a mobile device.

In early September 2019, the SIM Swap or SIM splitting fraud has gained notoriety since it was spotted as being the source of the hacking of the Twitter account of Jack Dorsey’s Twitter account.

This fraud is to recover a new SIM card associated with a number belonging to another person from an operator (under the pretext of a theft or loss), using personal information previously collected also from fraudulent way.

Once the new SIM card is activated by the fraudster, the real owner of the card can no longer use his mobile. The fraudster, in possession of the new SIM card, will be able to hack his accounts online by receiving instead of the victim the SMS OTP with the unique validation code – most of the time using the login credentials of the victim who must also be recovered upstream.

Although marginal in France, the SIM Swap fraud worries online service providers and French individuals

Bouygues Telecom, Orange and SFR have collaborated with the AFMM, of which they are members, to implement a preventive measure against ‘SIM swap’ fraud.

Launching soon, the new system enables online service providers to receive an alert when dealing with suspect SIM cards, based on recent activity recorded by the mobile operator. As a result, providers can decide to take action, for example by offering the customer in question a different authentication method.

The SIM Swap fraud solution is the first of the solutions developed within the AFMM with operators Bouygues Telecom, Orange and SFR around the digital identity to be launched throughout the years 2019 and 2020.

” We welcome the upcoming launch of this SIM Swap anti-fraud solution thanks to the motivation and involvement of the AFMM’s member operators. This solution is essential for the future of authentication methods based on the SIM card. Maintaining the trust of online service providers, e-merchants, and individuals is a priority for the AFMM and its members. “

Says Christian Bombrun, President of the AFMM.