SIM swap fraud threatens online banking
A credit card identity and data theft concept. Fraudsters can gather their victim’s particulars and information through phishing of emails. PHOTO | FILE | NATION MEDIA GROUP
What you need to know:
- The threat of digital transaction fraud has seen the introduction of authentication measures such as one-time password (OTP) over SMS.
- The government and other stakeholders should take measures to curb the threat of the ever-evolving cyber fraud.
The past few months have seen mobile phone subscribers complaining on social media platforms about subscriber identification module (SIM) swapping.
One Miss Moraa lamented that when she checked with her wireless service provider, she was informed that she had 10 SIM cards in her name. Many Kenyans echo Moraa’s story.
Technology is ever evolving. This is made worse by the fact that cybercrimes are becoming more difficult to detect and trace.
Hence, mobile phones could be the new banking hall for SIM hijackers. Network operators have been taken to task to explain such anomalies.
In the cyberspace, SIM card scamming has far-reaching consequences to the mobile phone subscribers.
Fraudsters are using mobile phones as new banking halls, fleecing witless, susceptible and vulnerable Kenyans millions of shillings.
FRAUDSTERS
Indeed, Safaricom, one of the major wireless service providers, admitted that Sh20 million was lost to mobile money fraudsters last year.
A US cryptocurrency investor claims a SIM swap resulted in the theft of his $23.8 million in tokens and is suing his carrier, AT&T, for 10 times the amount.
A SIM card stores data in the Global System for Mobile (GSM) phones. Fraudsters strive to flawlessly ‘port’ (link) a telephone number to another SIM.
GSM authenticates the cellular phone’s subscriptions, which cannot be tapped into a mobile network without a SIM card.
But a user’s data can be retrieved through social engineering using a willing representative of the service provider for the details needed.
There are indications that SIM fraudsters recruit retail workers at mobile shops to gain access to protected accounts.
Most Kenyans have their mobile phone numbers linked to their bank accounts. This has made cyber fraud rampant as one can be precisely earmarked.
IMPERSONATION
Fraudsters can also gather their victim’s particulars and information through phishing of emails.
Sadly, many cannot differentiate between phished emails and real ones. They then create a false identity by impersonating the target.
Armed with such kind of information, the criminal activates different SIM cards and disguises bank withdrawals using parallel systems.
Detecting the fraud is difficult. Victims often discover the fraud when they try to make a phone call or send a text as the fraudsters deactivate the SIM cards when they have accomplished their mission.
Banks should develop the international mobile subscriber identity (ISMI).
SOLUTION
Every GSM phone has a unique ISMI number that allows one-time use codes to be only sent to legitimate subscribers.
In case irregularities arise, the bank should contact the mobile phone subscriber by email, text or phone call. Banks and mobile operators should educate subscribers on the scams.
Use of SMS as the primary method of passing information should be avoided because the data is never encrypted and can be pried easily.
The threat of digital transaction fraud has seen the introduction of authentication measures such as one-time password (OTP) over SMS, which research in Kenya shows 87 percent of financial services providers have deployed and 71 percent of consumers have used.
The government and other stakeholders should take measures to curb the threat of the ever-evolving cyber fraud.
Dr Ligawa (PhD), peace and security consultant, is a certified security management professional. [email protected]
