Citing a litany of complaints from consumers who have suffered significant distress, inconvenience, and financial harm, the Federal Communications Commission launched a rule-making process Thursday aimed at cracking down on SIM card swapping scams. Key among the new proposals: stronger authentication standards and notification procedures whenever someone tries to redirect a phone number to a new device or carrier.
SIM swapping occurs when a bad actor attempts to convince a carrier to redirect someone’s phone service to a new device, granting them a phone with the victim’s credentials. It’s not the only threat the FCC is taking aim at — there’s also port-out fraud, where the bad actor goes to a carrier different than the one you use, and convinces them to transfer your service to their device.
“In addition,” the FCC notes, “recent data breaches have exposed customer information that could potentially make it easier to pull off these kinds of attacks.”
Specifically, the FCC proposes to, “amend the Customer Proprietary Network Information (CPNI) and Local Number Portability rules to require carriers to adopt secure methods of authenticating a customer before redirecting a customer’s phone number to a new device or carrier. It also proposes requiring providers to immediately notify customers whenever a SIM change or port request is made on customers’ accounts.”