As digital transactions have grown, the number of account takeovers involving customer phone numbers, in which SIM information is ported to another device without the account holders’ knowledge, has increased. It has particularly been an issue for companies that use SMS to send one-time passwords (OTPs), as fraudsters can intercept these.
We have partnered with NatWest to utilise our SIM Swap API to provide them with a date and time stamp, showing when the SIM associated with a number was last changed. A recent change could indicate an account takeover; partners can use this information, along with other sources, to identify potential fraud.
- Numerous sectors are now carrying out SIM Swap checks in order to protect customers
- This information can be used to ‘hold’ transactions until further checks are carried out
- Customers can be more confident that their online accounts are not being hacked.
When utilising SMS OTP as a factor of authentication, it's important to ensure that reasonable steps are taken to facilitate secure delivery to our customers. We see SIM Swap checks as a key part of that protection.
Chris Parker, eCrime & Digital Fraud Lead, NatWest Group