The US federal agency puts pressure on telecom carriers to put better authentication, account protection safeguards in place.
Last week the Federal Communications Commission (FCC) put out for comment its first set of consumer cybersecurity protection rules under the Biden administration. These proposed rules address the growing scourge of so-called SIM swapping and port-out fraud.
These scams exploit the fact that many businesses and organizations use cell phones to identify individuals for a host of accounts aside from mobile phone service. Among the accounts that use cell phones number for identification are e-mail, social media, banking, cryptocurrency exchanges, and online retail outlets, to name just a few of the kinds of accounts that criminal actors can compromise.
SIM (subscriber identity module) cards allow carriers to identify individual users once inserted in a device. Mobile phone owners can typically switch carriers and keep their own devices by simply swapping out SIM cards.
In issuing its Notice of Proposed Rulemaking (NPRM), the FCC said it “has received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of SIM swapping and port-out fraud.” As Senator Ron Wyden said in a letter he and his colleagues sent to the FCC last year urging the agency to address SIM swapping, fraudsters use SIM swapping to “get wireless carriers to transfer the cell phone accounts of victims to them, steal their login credentials and then empty their victims’ bank accounts.”
This article appeared in CSO Online. To read the rest of the article please visit here.