MTN ups security after SIM swap issues

Read time 2min 50sec
ITWeb Security Summit 2016

Don't miss the definitive event for security professionals:
17-18 May (conference and expo), 19 May (workshop)
Vodacom World, Midrand
Book today!

MTN has noted the reports about customers losing money from their personal bank accounts due to an apparent SIM swap scam.

"MTN wishes to assure its customers that it has put security requirements and systems in place to improve security," the company said in a statement.

The telecoms operator says it continuously reassesses the applicability of its security controls, and as and when security controls are breached, new and different controls are developed and implemented.

"However, as with any security and control systems, unscrupulous individuals will always explore ways of circumventing such systems. It is unfortunately a continuous process, as criminal elements always find ways to improve their fraudulent methods."

This after media reports emerged that hundreds of thousands of rands had been siphoned out of MTN customers' First National Bank accounts due to fraudulent SIM swaps. MTN did not comment on whether the scam could have been an inside job.

MTN says it has a number of security measures in place to make sure this type of fraudulent activity does not happen, but "the onus is on consumers to ensure their passwords and log-in details are not compromised".

"In a number of cases of fraudulent transactions, the customer has already been compromised by unwittingly divulging their details to third parties either through phishing or social engineering," MTN says.

The operator urges its customers to safeguard their Internet and telephone banking log-in details and passwords against phishing, to safeguard their accounts.

MTN warns customers that "unscrupulous individuals" will always explore ways of circumventing security systems.
MTN warns customers that "unscrupulous individuals" will always explore ways of circumventing security systems.

MTN says since 2009, it has implemented and made available to the banking environment a feature called Subscriber Identity for Third Parties (SIFT), which gives banks real-time alerts on change in SIM card number. MTN's view is that if implemented by a bank, SIFT should go a long way to enable banks to mitigate fraud risk.

In the past, the banking sector has had access to this system at a nominal cost but MTN says the solution will now be zero-rated.

MTN says it has also implemented a range of other security interventions for the SIM swap process. These measures include improved SIM swap verification and a double opt-in to activate the SIM swap, to give control to the customer. Another solution within the process is a one hour SMS notification to ensure the legitimate customer has ample time to confirm the SIM swap request.

"MTN is furthermore investigating a solution that allows customers to be contacted on a secondary number or e-mail address to verify SIM card swaps. This, of course, is dependent on customers giving to MTN such secondary contact details. If successful, the SIM swap will be activated only after the customer has given consent to the transaction via the alternate contact detail.

"Where fraudulent activity has taken place, MTN is working closely with the South African Police Services as well as the South African Banking Risk Information Centre to assist in the necessary investigations to bring perpetrators to book," the company concludes.

See also