Skip to main content

SIM Swap

  • Digital Identity

Account takeover protection with SIM Swap

Overview

As the number of digital transactions made around the world grows, so does the risk of account takeover. Businesses that use SMS to send one-time passcodes (OTPs) as a means of two-factor authentication are particularly at risk.

Our SIM Swap API can help. It gives a date and time stamp showing when a SIM associated with a phone number was last changed – a recent change can indicate potential account takeover and possible fraud – providing partners with an extra layer of security.

Key Features

  • Check a SIM hasn’t been swapped recently before sending a one-time passcode.
  • Check a customer’s mobile phone account isn’t compromised.
  • In retail banking, as extra security for high-risk journeys, such as setting up of a new payee or standing order.

Benefits

  • Adds an extra layer of protection and security for customers.
  • Reduces fraud costs.
  • Helps fulfil regulatory requirements for ‘Strong Customer Authentication’ (SCA) under PSD2.
  • Builds customer confidence in digital journeys, and improves customer retention.
benefits
How does it work?

On receiving the customer’s verified number, the API responds with a timestamp of the last time the SIM was changed – e.g. “simChange”:”2002-10-02T15:34:00:000Z”.

Ideal for:

  • Increasing confidence that a one-time passcodes (OTP) is going to the intended recipient, providing more security for the customer.
  • Real-time checks to indication potential account takeover.
  • Identifying potentially fraudulent behaviour before creating a new account, changing an address or other personal details, or resetting a password, for example with banking transactions.

APIs Included

EE
BT

SIM swap

Identity and Authentication
Digital Identity

The SIM swap product offers a mechanism through which a service provider can request information about when the SIM card was last changed by the mobile customer.

Product Documentation
Back to top