July 19, 2021

Everything developers need to detect SIM swap fraud

Parth Awasthi
Head of Product
Try out Tru.ID

Make your first phone check in 1 minute. No app required to test. Get started for free.

Follow us on

SIM swap fraud is a sophisticated form of account takeover which can result in devastating financial consequences. Bad actors perform SIM swaps by exploiting security gaps in mobile networks (learn how here). This lets them overcome phone number-based two-factor authentication (2FA). The challenge for developers is designing secure verification that keeps out fraudsters without complicating your user experience. 

Here’s the easy method – whether you’re developing for iOS, Android, or React Native, or already using Messagebird, Vonage Verify, Twilio Verify, or Firebase Phone Auth, the SIMCheck API from tru.ID can be added to your existing verification workflow. 

Any time there is a change – such as issuing a new SIM card – the issuing Mobile Network Operator updates the subscriber information. Partnering with global carriers, the API verifies whether the SIM card associated with the phone number has recently changed, which you can use to embed  silent, continuous verification in your app.

We’ve got step-by-step tutorials that take you through the whole process of adding frictionless SIM swap detection to your application or web app. 

  • 2FA SIM Swap Detection with Twilio Verify: Learn how to add SIM Swap Detection to your existing Web App's Twilio Verify two-factor authentication (2FA) SMS and Voice login flow using SIMCheck. (10 minutes, easy) 

SIM-based authentication is invisible to the user; the check of the SIM happens in the background once the user inputs their mobile number. If your site or app already has the user’s mobile phone number and their consent, even better – there's no user action required at all. This improved UX creates seamless account experiences without compromising security.

No personally identifiable user data or application information is exchanged during the MNO number and SIM lookup – the check is over a data connection and validates official carrier information.

You can start testing for free and make your first API call within minutes – just sign up with tru.ID or check the documentation for more information and Quick Start guides to each of tru.ID’s APIs for passwordless two-factor authentication. 

Got more questions, or another implementation you’d like to read a tutorial for? Check our FAQs, or feel free to get in touch – tru.ID is keen to hear feedback from the community, or to discuss potential case studies.