In its fourth decade, the simple but powerful form of identity at the heart of every mobile phone is now bringing mobile authentication into the 21st century.

Photo by Hans Vivek on Unsplash

In the fast-moving world of technology, the humble SIM card is a pretty venerable piece of kit. The first SIM card was developed in 1991, by smart-card maker Giesecke & Devrient. The clue is in the name — from the very beginning, the SIM (Subscriber Identity Module) proved itself as a form of identity, having the advantage that if a device is lost or damaged, the SIM card can be removed and placed in a different one, and this usefulness spurred its meteoric growth.

Today, SIM cards are utterly ubiquitous, enabling over 7 billion devices to connect to cellular networks…

The rise of mobile e-commerce means too many customers are choosing guest checkout — and you miss out on key revenue and marketing opportunities. What’s to be done?

Photo by Sara Kurfeß on Unsplash

A few weeks ago, I was speaking to the Product Owner of a large online platform business, and his experience shows just how the world of online retail has changed. His business is an industry leader in a multi-billion-dollar sector, and over the last two years they have seen a dramatic transition in the way that customers choose to check out.

Originally, the business’s traffic was entirely desktop-based, but now 95% of their transactions take place on a mobile device. …

How do they do it? How do they get away with it? And what’s to stop them?

Photo by Markus Spiske on Unsplash

Your users take cybersecurity seriously. You encourage them to use strong, unique passwords that can’t be guessed. You ensure their sensitive accounts are backed up with two-factor authentication (2FA). And their devices are with you at all times.

And yet one day, with no warning, your user wakes up to discover that their mobile phone isn’t working. Soon, they discover that their email password has been changed — they’re locked out. And to their horror, their banking or cryptocurrency wallets have been emptied… with no way to trace who’s responsible.

Like thousands of others, your user has just fallen victim…

It’s on the rise — and passwords are no defence.

Photo by Bermix Studio on Unsplash

Most account security measures require an SMS to be sent to verify the user. If a fraudster is able to intercept that SMS, they can change the user’s account password and steal all their money and use all their accounts.

This in a nutshell is SIM swap fraud — also known as SIMjacking or SIM hijacking. It’s a way to impersonate and take possession of a victim’s mobile phone number in order to perform an account takeover. You can learn more about how SIM swap works here.

But although SIM swap fraud is a growing problem with serious financial consequences…

SIM-based authentication offers a robust, seamless way for online businesses to protect their customers and their brand from identity theft and account takeover

Photo by David Clode on Unsplash

Consumers’ general reliance on m-commerce, and other online interactions for banking, health and education has been accelerated by lockdowns — and fraudsters have taken advantage.

Now it is not only high-profile cases, such as Twitter CEO’s Jack Dorsey account takeover, or tech entrepreneur Robert Ross’ $1million life-saving losses on crypto, who are targets of fraudulent activity.

Many kinds of mobile fraud, especially SIM swap, are turning dangerously mainstream. Just recently, Wired UK reported on the “relentless rise” of Royal Mail text message scams, for example while The Sun warned against WhatsApp scam access codes. …

Useful advice to keep users and customers safe.

Photo by Max Bender on Unsplash

What do superstar Selena Gomez and cryptocurrency millionaire Michael Terpin have in common with countless ordinary people? They’re victims of SIM swap fraud — the account takeover method that attackers use to bypass 2FA (two-factor authentication) and break into online accounts.

In the UK alone, reports of SIM swap have risen by a massive 400% in the past five years, and thousands of pounds are stolen in the average attack. …

Passwords, social logins, OTPs — the most popular ways to identify users are all vulnerable to SIM swap attacks

Photo by Sammy Williams on Unsplash

If you’re building for mobile and are concerned about SIM swap fraud compromising your users, you’re not alone. It’s a growing issue with serious financial consequences — fintechs and cryptocurrency wallets have been especially targeted, but any platform is at risk if it can be used to gather details about potential victims or gain unauthorised administrative access to a widely used system. All it takes is one compromised user to cause major damage.

But with so many mobile security solutions now available, it can be daunting to work out the best way to authenticate real users and keep the bad…

SIM Swap fraud is getting worse — but SIM-based authentication offers a robust solution

Photo by Debasish Lenka on Unsplash

If you’re concerned about fraud, risk management or user identity management as part of your work, you probably already know that SIM swap fraud is a big problem — and it’s growing. But you may not realise that there is now an easy and secure solution, which can both protect your users and streamline authentication.

In this article, I’ll look at how common mobile user authentication approaches are allowing SIM swap fraud to proliferate, explore the specific mobile vulnerabilities that enable SIM swap fraud, and lastly, explain how a new, mobile-native approach can finally solve this problem.

Who is at risk from SIM swap fraud?

SIM Swap fraud…

SIM swap fraud is on the rise, and it’s not just high-profile cases like Twitter CEO Jack Dorsey getting their account hacked. What’s to be done?

Photo by Setyaki Irham on Unsplash

We’re all familiar with using email + password when registering for a new online account. But knowledge factors like passwords are widely acknowledged to be flawed, security-wise, so a second possession factor is added, typically an SMS OTP (one-time password).

However, the way SMS 2FA (two-factor authentication) is used as a security layer when changing a password gives bad actors wide-ranging access to multiple accounts, leading to financial theft and stolen identities — SIM swap fraud.

Banks, fintechs and crypto businesses are key targets, but any business using 2FA is vulnerable — as is any mobile app relying on the…

If you onboard new users via a mobile device, you’re likely losing 20–30% of that potential new revenue every month — here’s how to save them

Photo by Daan Mooij on Unsplash

COVID-19 has accelerated the migration of business to online. Online now primarily means mobile, of course, and that creates a whole set of challenges which most businesses have not even begun to address. Take onboarding, for example. Time and again, businesses tell us that when they look at the numbers, trying to onboard customers on mobile typically results in 20–30% customer drop-off at registration — whether via app or mobile web.

Those are big numbers with serious implications — not only in reduced revenues, but very likely also in increased customer support costs and damage to your brand from negative…

Paul McGuire

Co-founder and CEO, tru.ID — mobile authentication API. Serial entrepreneur with 20+ years in telecoms, mobile financial services. Co-founder, Boku and mBlox.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store