How Active SIMCheck works to address SIM swap fraud
tru.ID Active SIMCheck is an API-based service that connects directly, and in real-time, to mobile network operators to verify the identity of the SIM card in a user’s mobile phone. If there has been a recent change to that SIM card, the API will flag that, enabling action to be taken and blocking potential fraudsters from intercepting SMS messages including SMS 2FA PIN codes.
This new security check can be integrated quickly and easily by developers alongside existing SMS 2FA solutions. There is no need for any change to user experience.
Paul McGuire, co-founder and CEO of tru.ID, says:
“Many of the security challenges faced by businesses today are caused by antiquated reliance on passwords and SMS PIN codes. tru.ID delivers user authentication that is mobile-native, seamless, secure and private. Active SIMCheck is part of the range of powerful new mobile authentication products developed by tru.ID that are based on the cryptographic security of the SIM card. Active SIMCheck is an important stepping stone on that journey enabling businesses to rapidly solve a major fraud risk without impacting the user experience.“
Who is at risk from SIM swap fraud?
Consumers’ general reliance on m-commerce, and other online interactions for banking, health and education has been accelerated by lockdowns - and fraudsters have taken advantage. Now it is not only high profile cases, such as Twitter CEO’s Jack Dorsey account takeover, or tech entrepreneur Robert Ross’ $1million life-saving losses on crypto, who are targets of fraudulent activity. The customers of every business that uses PIN codes sent by SMS are now at risk of having their identity taken away and their savings stolen.
Why has SIM swap become such a big issue?
Most phone-based authentication methods today simply use the mobile number, and rely on a PIN code that is sent via SMS, or a voice call. Companies assume this is a possession-factor authentication method, but the problem is that it doesn't reliably prove possession. There are some fundamental flaws – and bad actors are taking advantage.
The primary issue is SIM swap. Bad actors are increasingly committing SIM swap fraud by persuading the mobile operator to issue them with a replacement SIM card that takes over the same mobile number. They are then able to receive all voice calls and SMS messages (including PIN codes) sent to that number, and then use those codes to take over that User’s accounts. There are many other issues with SMS 2FA; for a full comparison take a look at the SMS 2FA security analysis on our website.
The solution to SIM swap fraud?
The technology which authenticates the identity of each SIM card is a core part of every mobile network – it’s how MNOs are able to bill us correctly for our mobile network usage. But it is only now becoming available for identity management and fraud prevention. We call this new approach SIM-based authentication, and tru.ID makes it available via API for fast and easy integration.