Money Box has revealed how mobile phone providers may have become a weak link in the fight against fraud.
One of the measures used to help prevent fraud is the 2-step authentication process. This is where organisations send a code to your mobile phone that you must enter into a website to confirm that you are who you claim to be.
For example, banks often make use of this technique for you to authenticate an online banking transaction.
Bypassing This Security Measure
The latest edition of Money Box reveals the case of a woman who contacted her mobile phone provider to complain she no longer had a signal, only to discover they had swapped her number to another SIM card after a fraudster had impersonated her.
This meant that the authentication code used to verify that it was she who was making an online banking transaction was actually sent to the fraudster’s phone instead, allowing them to proceed with the transaction. Fortunately, in this instance other security measures stopped her losing her money.
Questionable Behaviour By the Mobile Phone Provider’s Staff
Money Box plays part of a recording of the fraudster trying to get the number swapped to the new SIM card. What is shocking here is that they eventually succeeded in doing so, despite failing to answer security questions correctly. This suggests that – at the very least – service providers may want to consider better training of staff on the significance of a SIM swap and the importance of strictly following security procedures.
The programme is well worth a listen.