Myriad Connect has launched a service to counter the growing threat of SIM-Swap fraud that is costing banks and mobile network providers millions and customers their life savings.
When a customer lets their operator know that their SIM card is damaged, lost or stolen, the current SIM is deactivated and a new one is issued. Criminal groups and insiders at financial organisations and network operators work together to gather personal data and then pose as contract owners to secure a new SIM. Once activated by the fraudster, they are able to access bank accounts and other sensitive data authenticated through the SIM.
Myriad Connect’s service can help to reduce SIM-Swap by providing a real time check on the SIM, which cannot be tampered with via compromised third parties within an operator or bank. Using USSD (Unstructured Supplementary Service Data) authentication, no persistent data is held with any third party, meaning there is a clear audit trail. This results in a technology that will greatly enhance the security of transactions vulnerable to SIM-swap fraud.
“Even the National Institute of Standards and Technology in the US has identified that SMS is a risk,” explains Paul Kingsbury, VP Business Development at Myriad Connect. “It is not fit to secure financial services as it can be vulnerable to man-in-the-middle attacks such as SIM-Swap. It poses a challenge for operators as there is no audit trail, opening a door to large scale fraud through a single point of failure.”
“The threat from SIM Swap is greatest in regions where mobile banking penetration is highest,” continues Kingsbury. “In the UK the typical amount stolen is in the low thousands of pounds, where as in South Africa there have been a few cases of millions of Rand going missing. The challenge for banks and operators is how to protect customers not only from criminal gangs, but often invisible, compromised staff.”
Myriad Connect enables financial institutions to develop and deliver compelling mobile services, with peerless security, to all consumers, regardless of technology and data connectivity.