Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Worried about SIM Swap read this

SIM swap attacks are a challenge for banks because they exploit weak ID&V processes implemented by the mobile service providers. In addition there is a general trend, especially pronounced with some mobile devices, towards making the identification details of the SIM inaccessible, thereby hampering device-based technical methods to detect SIM replacement.

There are two critical technologies which are relevant to mitigating SIM swap attacks: Mobile One-time-Pin (OTP) & Behavioural Authentication (Predictive Algorithm/Model). Mobile app-based OTP authentication is a particularly robust option to defend against SIM swap attacks for the following reasons;

1.      Mobile OTP operates in a completely disconnected manner. No carrier signal, Wi-Fi, or even an internet connection is required to use it. Therefore even if the device’s SIM is off air the Mobile OTP authentication remains usable and secure.

  • Mobile OTP has no dependency on the installed SIM. An attacker who hijacks a user’s SIM does not inherit the ability to authenticate through Mobile OTP.
  • Mobile OTP is unique in keeping the key material secure against an offline attack owing to a patented cryptographic camouflage algorithm.

1.      Behavioural Authentication - In general a fraudster’s spending behaviour following a SIM swap is vastly different from the victim’s typical spending. A fraudster has a window of time, up to a maximum of 6 hours to extract as much money or goods as possible from their target. Therefore a fraudster’s behaviour is usually characteristic of previously-seen fraud. The velocity and value of spending in combination with the use of different devices will indicate a strong suspicion of fraud. In these circumstances a predictive model has good cause to fail authentication automatically and alert the fraud team, thereby preventing any further transactions until the legitimate cardholder has beencontacted.  

Remember, no form of strong authentication is fail-safe forever. If the strong authentication has been given a high degree of trust within your systems, the speed and cost of a compromise is likely to be significant. But behaviour is impossible for a fraudster to mimic. Having a powerful predictive model in the background detecting deviations and anomalies is not only powerful but essential. 

 

6106

Channels

Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion

Member since

0

Location

0

More from member

Community
See all blogs »
E-commerce 

Fraud trends in 2023

Ryta Zasiekina

Ryta Zasiekina

 

Why underwriters are struggling to price cyber risk insurance policies

Jason Elmer

Jason Elmer

Marketing in Financial Services 

How can marketers manage consent and preferences of the customers to enhance personalization?

Pulkit Giria

Pulkit Giria

Digital Banking 

NFC and digital wallets: magic has security risks

Pavlo Farb

Pavlo Farb

Now hiring

See more