Rules would focus on preventing fraudulent transfers of phone numbers
In an effort to prevent SIM swap and port-out fraud, FCC Chairwoman Jessica Rosenworcel is proposing new rules focused on ensuring that carriers authenticate that a phone service belongs to a particular user before allowing the number to be transferred to another device.
The Federal Communications Commission called SIM swapping scams and port-out fraud “serious consumer privacy and data protection threats.”
SIM swapping (also sometimes called SIM hijacking or SIMjacking) is when an account thief convinces a victim’s wireless service provide to transfer the service from the legitimate owner’s cell phone, to one controlled by the bad actor—perhaps claiming that the phone and original SIM has been lost or broken. In port-out fraud, an imposter poses as a legitimate end-user and opens an account with a different carrier, then has the user’s service transferred to that new account so that the original owner no longer has access or control of the service. The hijacked phone number can then be used to receive one-time security codes from banks and other institutions. The account thieves usually have already obtained some types of personal information on the victim, or have purchased compromised account credentials, which enable them to convince customer service representatives that they are making a legitimate request.
The proposed rules would require wireless providers to adopt “secure methods” of authenticating a customer before redirecting a customer’s phone number to a new device or provider, and would also require wireless providers to “immediately notify customers whenever a SIM change or port-out request is made on customers’ accounts.”
The FCC said that the new rules would set baseline requirements and a uniform framework across the industry, while allowing providers flexibility to implement “the most advanced and appropriate fraud protection measures available.”
“Every consumer has a right to expect that their mobile phone service providers keep their
accounts secure and their data private. These updated rules will help protect consumers from ugly new frauds while maintaining their well-established freedom to pick their preferred device and provider,” Rosenworcel said in a statement.
“The wireless industry is committed to working with other stakeholders, including the FCC, to stay ahead of bad actors, while protecting the ability of legitimate customers to transfer their phone number to a new device or wireless provider,” CTIA said in a statement provided to RCR Wireless News.