Forum Discussion
What steps does Smarty take to prevent a sim swap attack?
Interesting you should mention banks. One of the first search results when Googling 'what is a sim swap attack' is the NatWest 'SIM swap fraud' page and on that page, under 'Top tips to stay safe', their point No. 2 states:
Set up a PIN or password with your phone provider: ask your provider to set up a unique PIN or password on your account, needed to approve any account changes.
Which is exactly what I said. Regarding security levels, I would expect Smarty and other phone operators to have this quite basic level of security around swapping SIMs, especially given how central phones are in the security chain.
And what I'm suggesting (and Nat West mentions) is really not too difficult - it's just an entry in a database. Then, in the scenario where someone contacts Smarty trying to impersonate a user, the impersonator would need to know this SIM swap password in order to proceed. As it currently stands, it seems the impersonator would just need to gather some biographical information about their target and Smarty would allow the swap.
Until OFCOM mandate such a thing, it’s not going to happen.
My recommendation is that OFCOM mandates all UK networks implement an option at account level that locks and prevents a number being ported out when enabled. We have that with .com domains. Why not telephone numbers? Yes, if an account is compromised, the individual can disable the option and port out, but it does prevent anyone hijacking your number through phone support or should they have physical access to your device for any reason.
