Subscribe
Sectors
Companies
About

SIM swap fraud clampdown

Bonnie Tubbs
By Bonnie Tubbs, ITWeb telecoms editor.
Johannesburg, 24 May 2013
It has taken the theft of thousands of rand and hundreds of unsuspecting victims, but operators and banks are finally taking steps to clamp down on SIM swap fraud.
It has taken the theft of thousands of rand and hundreds of unsuspecting victims, but operators and banks are finally taking steps to clamp down on SIM swap fraud.

It has taken hundreds of SIM swap fraud incidents to set the wheels in motion, but cellphone operators have finally taken notice of the growing problem and are taking decisive action to curb it.

This follows a recent spate of SIM swap fraud taking place across SA's mobile operators and banks. According to the South African Banking Risk Information Centre (Sabric), SIM swap fraud has increased dramatically over the past six months.

ITWeb reported last month that, due to the nature of the crime, recourse for consumers is inadequate, as neither mobile operators, nor banks, can be held fully accountable.

Several incidents have made headlines over the past few months and consumers are growing desperate for answers.

While SIM swap banking fraud has taken place irrespective of the mobile operator and bank the victim uses, MTN and Absa were the two entities more widely responsible.

See also
No simple solution for SIM swap fraud
SIM swap fraud 'rampant'

Sabric said during the launch of the inter-e-crime awareness this week that the banking industry is working in collaboration with both mobile operators and enforcement to combat cyber crime.

"Together, these industries urge their customers to join the fight against crime by adopting stricter personal IT measures."

Boosting protection

In this light, MTN and Absa have formed a task team that the operator says will "keep a close eye on fraud and bring about new ways to rapidly clamp down on it". The two industry giants recently held an urgent meeting in which executives discussed the spate of SIM swap fraud.

Eddie Moyce, MTN chief customer experience officer, says the operator realises it needs to protect its customers by tightening up systems development, and improving security and service delivery.

This special team has initiated security measures to protect MTN customers, such as an improved authentication process when carrying out a SIM swap. MTN says further measures will include a SIM swap delay until the legitimate customer has confirmed the request. "A dual-authorisation process is also being investigated."

The team will meet weekly to gauge success and identify further improvement required.

Adrian Vermooten, Absa head of channels and payments, says the bank treats fraud committed on its customers' accounts with high priority and is working with the stakeholders to clamp down on this method of fraud.

"We are working tirelessly with MTN and Sabric to ensure the systems and security are comprehensive and robust. Collaborating with MTN on reaching a joint solution has allowed us to tighten the screws on this method of e-crime."

Added measures

Cell C, which says the problem of fraudulent SIM swaps is "rife", has also sat up and taken notice following a media storm on the issue.

What is SIM swap fraud?

A two-tier crime, SIM swap banking fraud occurs when a user's personal and banking details are compromised - via cyber scams - and used to impersonate an individual in order for criminals to take over their cellphone number by performing a SIM swap through their mobile operator.

For criminals to be successful in committing Internet banking fraud, they require the one-time PIN/password (OTP) sent by the relevant bank to the customer's mobile phone. The OTP allows criminals to carry out transactions via the victim's Internet banking. SIM swaps are usually done when criminals have already stolen the victim's username and password needed to access the victim's banking profile.

Sabric says usernames and passwords are stolen predominantly by tricking the victim into disclosing personal information through phishing e-mails. "Phishing e-mails targeting local bank clients have been on the rise since late 2009."

Karin Fourie, executive head of communications, says Cell C now sends customers an SMS notification before a SIM swap is carried out. "If the customer did not request the SIM swap, he or she will be required to phone the call centre to stop the SIM swap from taking place."

She says while it is too early to say whether this measure has mitigated the incidence of SIM fraud, Cell C constantly reviews its processes to adapt to the changing methods used by criminals.

Vodacom, which previously said it was seeing about 50 incidents of SIM swap fraud each month, says it already has a system in place to combat SIM swap fraud.

"To complete a SIM swap, both the person performing the SIM swap and a store manager must enter an OTP [one-time password] into our system. These are unique codes sent to their phones. Due to this, there is clear accountability on who performed the SIM swap and who signed it off, and this has resulted in a reduction in incidents."

Vodacom's executive head of communications, Richard Boorman, says the system was put in place late last year in a bid to curb the crime.

Telkom Mobile says it has not received any reports of SIM swap fraud. "SIM swaps can only happen in store." Fraudulent SIM swaps are, therefore, allayed as customers have to be verified by providing proof of identification.

Sabric says consumers ultimately need to be vigilant and involved in order to proactively avert SIM swap fraud issues.

Sabric CEO Kalyani Pillay concludes: "The adage that we are living in an information era holds true, because there is commercial value derived from information, and your very personal information, if not well cared for, can be detrimental to you when it falls into the wrong hands."

Share