Keys to avoid SIM Swapping and improve the user experience
Original article published in REDES&TELECOM on November 25, 2022
Signed by Rocío Motilla
Technology is part of our daily life, in many cases facilitating interactions and our experience as users when carrying out all kinds of procedures and procedures. However, there are also risks associated with its use. In fact, at the beginning of the current year, the Spanish Agency for Data Protection (AEPD) fined the main telephone operators 5.8 million euros for not using sufficient means to avoid the so-called “SIM swapping”. But what is hidden behind this term, and what are the derived risks for users and companies?
SIM swapping is a type of fraud in which scammers impersonate legitimate users of a phone line and request a duplicate SIM card. Although there are different ways to act, one of the most common is to present a report of theft of the DNI and a false photocopy of this document in the operator’s physical stores, in which the fraudster has changed the photo of the real owner for his own.
Once the SIM card is obtained, criminals can carry out actions on behalf of the owner and gain access to its sensitive data. One of the most common frauds derived from this type of activity is bank fraud, since sending SMS to the telephone number as a double authentication factor is a common practice in a large part of the daily operations of many financial institutions. In fact, recently, a court in Zaragoza sentenced Telefónica in September to pay 2,680 euros to a customer whose SIM card was fraudulently duplicated and, as a consequence, suffered fraud in their bank accounts.
And if the operators do not take measures, everything indicates that new cases will continue to emerge.
Avoid the risk of SIM Swapping and improve the user experience
Beyond the controversy about whether the responsibility and the fine should fall on the operators, financial institutions or other types of companies that have been involved in a scam, it is important to note that the technology is already available on the market necessary to prevent this type of attack, which also improves the end-user experience and complies with the standards determined by the CCN (National Cryptological Center), guaranteeing security in the treatment of information.
This technology is qualified video identification, capable of unequivocally identifying a user in less than 90 seconds and from any mobile phone or PC with a camera. In the case of telephone operators, this video identification could even be integrated as one more functionality within the mobile application with which users have access to their invoices or their contracted products, to offer the customer an experience of fuller use.
To achieve this unequivocal identification, the video identification technology guides the user to easily verify the authenticity of the documentation, personal data, biometric features and, in addition, carry out a proof of life. In addition, a query is carried out in real time with the National Police database to verify the validity of the document. The identification process culminates with the issuance of an electronic certificate that allows signing the contract for the new SIM card and enabling a trust channel between the user and the operator for all future procedures between the user and the company (acceptance of terms, GDPR, contract for new services, etc.), with the consequent advantages for the operator.
It should also be noted that this is a technology that meets the requirements of SEPBLAC and the eIDAS regulation.
Thanks to the use of this new technology available and recognized by Spanish legislation, both the company and the client benefit tremendously. The company avoids fraud with the corresponding economic benefit and the “intangible” sample of control and security towards the end user. The client also benefits from a completely remote process, 100% secure, which verifies the authenticity of the documentation, their personal data, their biometric features and performs a proof of life -in addition to avoiding unnecessary trips and waiting times.