Honey Badger

SIM Swap

Administrator

Our reliance on mobile devices for security purposes, like two-factor authentication (2FA), has given rise to a new form of cybercrime known as a SIM swap attack.

What is a SIM Swap Attack?

A SIM swap attack, also known as SIM splitting, simjacking, or SIM porting, is a type of fraud that involves a criminal tricking a mobile carrier into switching a phone number to a SIM card controlled by the criminal. Once successful, the attacker gains control over all calls, messages, and potentially, secure accounts linked to that phone number.

How Does a SIM Swap Attack Happen?

The process typically involves:

  1. Gathering Information: Fraudsters collect personal information about their target through phishing attacks, social engineering, or public databases.
  2. Impersonation: Armed with this information, the attacker contacts the victim’s mobile carrier, pretending to be the legitimate account holder.
  3. Deception: They then claim that their phone has been lost or damaged and request that the phone number be transferred to a new SIM card, which is in the possession of the fraudster.
  4. Switching SIMs: If the mobile carrier is convinced, they deactivate the victim’s SIM card and activate the new one. The attacker now receives all communications intended for the victim.

Motivations Behind SIM Swap Attacks

Fraudsters engage in SIM swap attacks primarily to:

  • Hijack Accounts: Once they control the phone number, attackers can bypass 2FA systems, access victims’ personal and financial accounts, and reset passwords.
  • Financial Gain: They often target bank accounts, cryptocurrency wallets, and other financial services to transfer funds illegally.
  • Identity Theft: The attack can be a step towards more extensive identity theft operations.

The Vulnerability of SMS OTPs

One of the key reasons why SIM swap attacks are so effective is the vulnerability of SMS-based One-Time Passwords (OTPs) in 2FA systems:

  • Single Point of Failure: If the phone number is compromised, all security relying on SMS OTPs falls apart.
  • Carrier Dependence: The security of SMS OTPs depends on mobile carriers, who may not always have stringent verification processes.
  • Delayed Detection: Victims often realize they’ve been attacked only after losing access to their services or noticing unauthorized activities.

SIM swap attacks represent a significant vulnerability in our current reliance on mobile-based security, particularly SMS OTPs for 2FA. They highlight the need for more secure forms of verification and authentication methods that do not rely solely on a phone number. Awareness, improved security protocols by carriers, and alternative 2FA methods can help mitigate the risks associated with these attacks. As technology evolves, so do the tactics of cybercriminals, making constant vigilance and adaptation a necessity in the digital world.

How can Honey Badger help?

Honey Badger provides real-time lookups against mobile network operators to identify recent SIM swaps. This instant and frictionless lookup will highlight risk of a SIM swap attack due to a number recently being ported. To find out more visit Honey Badger’s Risk Insights page.

Honey Badger also provides a more secure alternative to SMS OTP known as Silent Authentication+. This approach uses SIM based cryptography to prove a user is in possession of their trusted device. To find out more visit Honey Badger’s Silent Authentication+ page.

CloseMenu

Partner with us

Complete the form below and we’ll be in touch to kick off a discussion. 

Account Servicing

Stop fraud and improve customer experience during account servicing by eliminating SMS One Time Passwords (OTP). Instead, leverage phone based SIM authentication which involves comparing data generated by the Mobile Network Operator (MNO) with mobile device session data. This provides a foolproof way of proving that an individual is in possession of their two-factor device.

Benefits

This new approach to authentication isn’t susceptible to SIM swap attacks and doesn’t require the user to enter a password. Ultimately, account takeover attacks are blocked, while customer experience is improved and the time taken to service a request us reduced.

Made for

 LENDERS   ONBOARDING   AUTHENTICATION 

Get started via

 EMBEDDABLE WIDGET   API 

Pricing

 PAY PER AUTHENTICATION 

Request a demo

Contact Data Cleaning

Contact Data Cleansing verifies that the contact and personal information you hold isn’t out of date or inaccurate. Data is compared against the information held on file by Mobile Network Operators (MNOs). Whether processing a single record or sanitising thousands of records in batch, you’ll quickly identify bad data.

Benefits

The case for maintaining up-to-date records goes way beyond good practice for compliance and regulatory reasons. It’s critical to ensuring customers are contactable. Furthermore, it reduces security threats by ensuring communications aren’t sent to the incorrect individuals.

Made for

 LENDERS   FINTECH  KYC 

Get started via

 WEB INTERFACE   API 

Pricing

 PAY PER RECORD CHECK 

Request a demo

SIM Swap Detection

SIM Swap Detection is a critical step in stopping account takeover. Why? Because account takeover attacks commonly exploit the ease of which a phone number can be stolen by simply assigning it to a new SIM. This allows bad actors to intercept communications, such as SMS one-time-passwords (OTP), which are used by 93% of enterprises worldwide to verify customers.

Benefits

SIM Swap Detection instantly and silently checks the history of a SIM card to see when it was last swapped. Recent swaps indicate high risk of fraud, allowing you to take appropriate action, such as failing verification or requesting additional security procedures are followed.

Made for

 FRAUD PREVENTION

Get started via

 WEB INTERFACE   API 

Pricing

 PAY PER SIM SWAP CHECK 

Request a demo

Social Trace

Social Trace significantly reduces the risk of losing contact with your customers by diversifying communication channels. Simply drop the Social Trace widget into your onboarding workflow and allow customers to connect one or more social channels with just a click.

Benefits

Lenders who capture social channels are significantly less likely to lose contact with their customers. Why? Because different demographics prefer to engage over different channels. This is particularly important when it comes to collections. Initiating contact over different channels increases your chances of getting a response, which in turn increases the likelihood of resolving late or non payment. 

Made for

 LENDERS   ONBOARDING   COLLECTIONS

Get started via

 EMBEDDABLE WIDGET 

Pricing

 MONTHLY FEE 

Request a demo

Mobile Fraud Check

Mobile Fraud Check allow you detect fraud indicators using data provided by Mobile Network Operators (MNOs). Key checks include device overseas, call forwarding, SIM swap, a high risk number database lookup and much more.

Furthermore, Mobile Fraud KYC allows you to verify a person’s firstname, lastname, date of birth and postcode against the data held on file by MNOs. Since MNOs conduct their own KYC checks on new customers, it gives you the ability to match personal information you collect against a trusted and verified source.

Benefits

Mobile Fraud Checks happen instantly and with zero customer friction. The data held by MNOs is often more recent and reliable than other data sources and a level of granularity is provided,  allowing you to see how many and which KYC fields matched.

Made for

 LENDERS   ONBOARDING   FINTECH  RISK ANALYSIS

Get started via

 WEB INTERFACE   API 

Pricing

 PAY PER LOOKUP 

Request a demo

Mobile Data for Credit Risk

Mobile Data for Credit Risk delivers the data required to predict credit risk based on a persons mobile phone information. Key data attributes include the network provider, line type, and KYC match information. Working in partnership with lenders we’ve been able to clearly identify correlations between this data and the likelihood of a loan going into arrears.

Benefits

Open Banking Vs Mobile Data. Which is the most effective in predicting bad borrowers? A recent project with a UK lender compared a risk model built with Open Banking against a model built with Honey Badger’s Mobile Data. The results showed that both models outputted almost identical risk scores. The difference? Mobile Data could be deployed immediately with no customer friction required to calculate a risk score.

Made for

 LENDERS   ONBOARDING  RISK

Get started via

 EMBEDDABLE WIDGET   WEB INTERFACE   API 

Pricing

 PAY PER LOOKUP 

Request a demo

Geo Authentication

Geo Authentication™ provides frictionless identity verification that reduces abandonment rates. Users simply select images that they recognise from nearby to their address. In built anti-fraud controls ensure that valid users can complete the challenge whilst bad actors are blocked.

Benefits

Leading lenders such as Amplifi Capital use Geo Authentication during applications as an alternative to more intrusive identity verification checks, such as document uploads, that cause high friction and lead to increased dropouts. Completion rates with Geo Authentication are 28% higher and have subsequently helped drive an increase in revenue for the business.

Made for

 LENDERS   ONBOARDING   ACCOUNT RECOVERY 

Get started via

 EMBEDDABLE WIDGET   WEB INTERFACE   API 

Pricing

 PAY PER AUTHENTICATION CHECK 

Request a demo