What are SIM swaps and porting fraud, and how are we working to stop them?
We’re on a mission for better security, and we’ve started working with organisations in the banking industry and other sectors to make it harder for criminals to steal your identity and, ultimately, your hard-earned cash.
According to the Australian Institute of Criminology the annual impact of identity crime exceeds a whopping $3.1 billion (up from $2 billion in previous years), and that’s only expected to grow. It’s also a key enabler of serious and organised crime, which costs Australia around $36 billion annually.
What are we doing about it?
Our latest initiative will help protect you at that last line of defence where a scammer is about to take off with your money and involves us working with other organisations.
We’re starting with the banking sector as this is where a lot of fraud takes place, and where we can have the biggest impact. When you apply to transfer money from your account, there are several checks and balances to ensure that you are who you say you are, especially when transferring to a new recipient. Banks and credit unions will make a number of queries on your behalf to make this determination.
A recent SIM swap or port out on a user’s mobile number might indicate that the person who has access to that mobile service and is receiving one-time codes, might not actually be who they say they are. This is where we come into it.
To help keep you safe, when a request is made to us by a banking organisation we’ll provide a rating (in the form of a number on a risk scale) which gives an indication of whether there has been any recent SIM swaps or port out activity for the mobile service you’re using as a form of identity with that organisation.
But not all SIM swaps or porting activities are indicators of crime. That’s why the role we’re playing is to provide more information to help other organisations piece together the puzzle; it does not automatically result in you not being able to proceed with a transaction, it simply indicates to the bank or other organisation to obtain more information before proceeding. The information we provide simply raises a flag.
You can find out more information about how we handle personal information, and how we will be sharing risk assessments with other organisations in our updated Privacy Statement, which you can access at Telstra.com/privacy.
Although our initial focus is to work with the banking sector, we’re also considering how this fraud-detection technology could be applied in retail, insurance, transport and logistics, social networking and even online gaming.
How scammers steal your identity with SIM swap fraud
If there’s one thing we’ve learned about scammers, it’s that they’re determined.
A lot of people I speak to about fraud and security say that they can’t imagine themselves as a target.
“Why would anyone want to target me?”, they wonder. I want to make it clear that scammers don’t care who you are: their target is everyone.
Scammers are out to steal your identity, and to get control of your accounts and services. With the increasing use of pins and passwords that are sent to your mobile number (commonly referred to as one-time codes), if a scammer can get access to your mobile service, and the messages sent to you, then they can potentially access your accounts.
By the time a scammer has access to your mobile service, they’ve already been busy at work collecting enough personal information to pretend to be you. They will have nabbed your phone number, bank account information, as well as identification information and documents.
Protecting your own personal information is the first step in preventing identify theft. But when that fails, we want to help by putting up one more barrier in front of criminals as a last line of defence.
How to keep yourself safe
One way we’ve found to help stop them is to implement multi-factor authentication (MFA). In simple terms, MFA combines multiple layers of verification to help institutions protect and prevent a criminal from accessing your account, even if they manage to steal or guess your password.
Telstra has strong authentication processes but we have still seen some fraudsters get enough personal and account information from customers and persuaded them to give up their one-time codes in order to pass authentication.
From there, they can access other accounts including bank accounts, superannuation accounts and investment or crypto currency wallets.
This is where we want to intervene to help stop this train of fraud in its tracks. So in addition to MFA, we have introduced additional defences by enabling MyTelstra app users to use Facial Biometrics and a Telstra PIN.
We strongly encourage customers to download the app and enable the use of biometrics and a Telstra PIN. The MyTelstra App is a consistent, always-on secure channel for customers and Telstra to communicate.
Keeping you safe now and into the future
We’re actively protecting you against scam threats through our Cleaner Pipes initiative. We’re blocking millions and millions of scam calls every day from reaching our customers and have successfully stopped 100 million scam calls so far. We’re also working with government agencies to make the text message channel more secure and taking down scam websites before they can hurt our customers.
When you sign up with Telstra for a phone plan, broadband service or even just as a pre-paid customer, we believe we have a duty of care to keep you safe from threats that come in from outside the network. While we will never prevent every scam or cyber- crime, our aim is to prevent as many as possible by making it as hard as possible for scammers to succeed.
We’ll have more to share on other ways we’re keeping you safe soon.