Risks of banking SMS authentication

The Telecommunications Industry Ombudsman has issued an Information Sheet on reducing fraudsters’ theft of mobile numbers following complaints from consumers whose mobile numbers have been stolen by a fraudulent third party.

The TIO says that fraudsters can steal a consumer’s mobile number by getting their mobile service provider to switch the number to a new SIM card in the fraudster’s hands. Alternatively, fraudsters try to transfer the mobile number to another mobile service.

Before attempting a SIM swap, fraudsters collect personal information about the consumer. This may be through deceptive emails (phishing), scam calls, or by taking information from websites and social media.

Fraudsters use this information to trick providers into believing they are the owner of the mobile number. They do this by exploiting the way providers verify the identity of the consumer.

The Information Sheet gives case studies of how the fraudster was able to hack the customer’s banking profile because the banks used consumers’ mobile numbers to send an SMS text message to the mobile number to satisfy a two-factor authentication’ check to drain their bank accounts of tens of thousands of dollars.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.