Last updated December 2023
The Evolution of Banking Security: Beyond Brick-and-Mortar
As banking services expand online and away from the brick-and-mortar branch, banks have had to implement new identification procedures to protect accounts against identity theft and fraud.
New security challenges have arisen with this move. Banks must ensure that the user logging in is who they say they are, and often, this requires more than just the traditional PIN and password.
For instance, many banks choose to synchronize accounts with customers’ mobile numbers.
This way, banks can send a text with account details to a customer’s phone, allowing them to log in or update their details.
This way, banks know that it is a legitimate access attempt.
The Threat of SIM Swap Fraud
However, this does not consider that SIMs suffer from identification vulnerabilities.
Unlike behavioural or physiological biometrics, there is little in a mobile number or SIM card to tie it to an individual’s identity.
By overlooking this detail, banks have opened the possibility for hackers to access their customers’ accounts through a process called SIM swap fraud.
The Mechanics of a SIM Swap Scam
SIM swapping is a sophisticated form of fraud in Telecom and falls under social engineering.
Fraudsters will distribute phishing emails, trying to ascertain as much personal information from victims as possible.
For example, they will pose as credit card companies, supermarkets or health insurers and try to retrieve details such as legal names, dates of birth, addresses and phone numbers.
Alternatively, they might use information from social media, public websites or data dumps from criminals.
Using this information, they will impersonate their victims, contact mobile operators to claim that they have lost or damaged their SIM, and request a new one with the same mobile number.
Once the fraudster can access the victim’s mobile number, they target bank accounts.
Knowing that certain banks will tie the mobile number to the customer, they request new login details via text message.
Preventing Unauthorized Account Access Through SIM Swaps
Therefore, gain full access to an account. From here, they can complete the fraud and transfer your funds into their own account.
To avoid falling victim to this scam, users should:
- Always exercise caution when revealing personal information online
- Use authenticator apps or services which encrypt messages and are not tied to your SIM
- Avoid using SMS as the primary form of authentication with their bank
- Check with your mobile operator to see if any new SIM cards have been issued without your knowledge
The Future of Banking Security: Biometric Authentication
Many financial institutions are now upgrading their mobile authentication strategy and are looking into biometrics to replace the PIN/password and even digitally sign sensitive transactions. This enhances the user experience for daily banking operations.