Mobile Technology Specialist launches service to tackle SIM-Swap Fraud

When a customer lets their operator know that their SIM card is damaged, lost or stolen, the current SIM is deactivated and a new one is issued. Criminal groups and insiders at financial organisations and network operators work together to gather personal data and then pose as contract owners to secure a new SIM. Once activated by the fraudster, they are able to access bank accounts and other sensitive data authenticated through the SIM.

Myriad's service can help to reduce SIM-Swap by providing a real time check on the SIM, which cannot be tampered with via compromised third parties within an operator or bank. Using USSD (Unstructured Supplementary Service Data) authentication, no persistent data is held with any third party, providing a more secure service than current two factor authentication services, for example using SMS, where data is stored and therefore vulnerable to being intercepted. A clear audit trail is also established, where the user's identity is verified by a party external to the transaction. This results in a technology that will greatly enhance the security of transactions vulnerable to SIM-swap fraud.

"Even the National Institute of Standards and Technology in the US has identified that SMS is a risk,[1]" explains Paul Kingsbury, VP Business Development at Myriad's Connect Division. "It is not fit to secure financial services as it can be vulnerable to man-in-the-middle attacks such as SIM-Swap. It poses a challenge for operators as there is no audit trail, opening a door to large scale fraud through a single point of failure."

"The threat from SIM Swap is greatest in regions where mobile banking penetration is highest," continues Kingsbury. "Whereas in the UK the typical amount stolen is in the low thousands of pounds, in South Africa there have been a few cases of millions of Rand going missing. The challenge for banks and operators is how to protect customers not only from criminal gangs, but often invisible, compromised staff."

Myriad Connect enables financial institutions to develop and deliver compelling mobile services, with peerless security, to all consumers, regardless of technology and data connectivity.

-ENDS-

[1] Tech Crunch. 2016. NIST declares the age of SMS-based 2-factor authentication over. [ONLINE] Available at: https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/. [Accessed 27 February 2017].