We’re all so digital at this point that we practically dream in ones and zeros. Strange that many banks and financial institutions (FIs) have yet to avail themselves — and their account holders by extension— of the latest in digital identity verification tech.
With mobile scams, phishing and the rogue’s gallery of fraud attacks at an all-time high, remote digital identity verification is the first line of defense in the fraud fight, and it must be hardened.
“Robust digital ID verification could prevent fraud schemes like SIM swapping, but many banks and businesses lack such processes,” according to PYMNTS November 2020 Digital Identity Tracker® done in collaboration with Jumio. “A recent survey found that less than half of North American banks employ digital ID verification during onboarding when opening bank accounts, with most requiring customers to verify themselves in person by visiting branch locations with physical ID documents in tow. This is a losing proposition in the age of COVID-19, as interacting with bank staff presents the risk of infection.”
Iron-Clad Authentication
SIM swap fraud has become staggeringly popular among thieves in the smartphone age. Mobile carriers play a huge role in account security, and more innovations are leaning that way.
“Digital identity has become a crucial part of the telecommunications industry as the proliferation of smartphones and the personal data they hold makes security paramount. Multifactor authentication (MFA) has become commonplace for online accounts,” per the new Tracker, “with users confirming their identities via text messages sent to their phones, and biometric authentication methods like fingerprint and facial recognition scans are now standard on the latest smartphone models.”
The Tracker adds that “Preventing SIM swap fraud requires vigilance and iron-clad authentication methods to ensure that users who are asking to transfer their phone numbers are legitimate rather than scammers. Digital identity verification methods such as device fingerprinting can be key to making that happen.”
Verify, Verify, Verify
Neither consumers nor mobile carriers nor FIs should underestimate the dedication, tenacity or ingenuity of mobile cybercrooks. This is a serious problem requiring immediate action.
Illustrating the problem, Ahmed Khattak, CEO and founder of prepaid cell carrier US Mobile told PYMNTS, “You could go to eBay and buy a blank SIM card for any of the wireless carriers out there. Once you have that blank SIM card, all you need to do is convince the carrier to transfer a phone number to that same card, and that’s it. Now you can log into an app and reset a password, or — if you already have that password — use that SIM card to get [an MFA] code.”
In other words, SIM swap fraud remains way easier than it should be, but that’s changing.
“Minimizing SIM swap fraud at US Mobile means these digital identity factors must be verified before any phone number modification can take place,” Khattak said. “Additional verification checks may be necessary as fraudsters figure out how to spoof this data, but for now, promoting robust verification methods can go a long way toward keeping customers safe.”