SIM swap fraud: threat to digital identity
From cryptocurrency to valuable social media handles, SIM swap fraudsters are a threat to more than just their victims’ bank accounts
Because SIM swap fraud has been so prevalent across Africa in recent years, African consumers are well aware of the potential for financial losses during unsecured financial transactions. But the incidence of SIM swap fraud is increasing both across Africa and internationally, and fraudsters are finding new ways to profit from this particular mode of fraud.
In high-profile international cases recently, $14 million in Crowd Machine Compute Tokens were stolen by SIM swap fraudsters in the latest crypto casein Oklahoma; while in another incidentin the UK TSB customers fell victim to SIM swap fraudsters during the bank’s chaotic IT upgrade earlier this year. The TSB cases, along with other similar incidents in the UK, prompted the BBCto look into how SIM swap fraud is committed in the market, which exposed that it is often perpetrated with the involvement of compromised insiders.
A SIM swap, in which criminals obtain a replacement SIM for a mobile number that does not belong to them, gives criminals access to the legitimate user’s information and accounts. This then compromises the victim’s online banking, cryptocurrency or digital financial service accounts as well as giving the fraudsters access to all the victim’s online accounts, including email and all social media accounts. These accounts are an important component of a user’s digital identity, and by taking control of them, fraudsters can carry out identity theft, blackmail the victim, or damage the victim’s reputation. There have even been reports of these fraudsters targeting valuable Instagram and Twitter handles, and selling them on to users on the Dark Web.
Of course financial service providers like banks, social media platforms, email service providers and providers of any digital service have put in place measures to increase security beyond username and password, with the introduction of two-factor authentication (2FA). 2FA is most often delivered in the form of one-time-password over SMS. Long considered a vulnerable channel for authenticating financial services transactions, OTP via SMS is vulnerable to man-in-the-middle attacks and opens a door to large scale fraud through a single point of failure.
This vulnerability, in the 2FA method used to protect users, has given rise to SIM swap fraud, because of the value attributable to taking control of a user’s mobile number. And, what is evident, from cases we have seen internationally and that we have seen locally in Kenya, is that SIM swap fraud is often committed by compromised insiders. It is a global issue and not surprising that one weak link in the ecosystem can undermine the security of services provided by all players.
In the quest to offer customers greater security and assurance, financial services and network operators are stepping up their demand for security services enabled by independent, third party providers.Crucially, Myriad Connect’s SIM swap detection service provides an additional level of security by offering an entirely independent service, which cannot be tampered with by compromised individuals involved in the financial or digital service delivery chain.
Speaking about Myriad Connect’s service, Willie Kanyeki, Business Development Director – Africa, said “Our service provides a real time check on the SIM, while no persistent data is held with any third party, providing a more secure service than current two factor authentication services like OTP over SMS and significantly enhances the security of transactions susceptible to fraud.”
There is indisputable demand for a SIM swap detection service that cannot be tampered with by a compromised individual, from any organisation. A service where where the user’s identity is verified by a party external to the transaction. We have already seen a strong response to SIM swap fraud in Kenya, coming from the leaders across the digital service delivery chain and we are sure to see Kenya, once again, not only as global leaders in the development of innovative digital services, but also in protecting them.