You have a responsibility to help protect your clients

STRONG AUTHENTICATION

Having rigorous authentication processes helps detect identity abuse.  But multi-factor authentication shouldn’t rely on SMS-based authentication – it gives a false sense of security and can aid criminals through illegal phone porting.

 

Give your customers the option to set a security PIN required for account changes, especially phone transactions.

 

SIM Cards should be locked and unavailable to port if the appropriate security approvals aren’t met.

STRONG POLICIES

We need to increase awareness of identity misuse and consider tighter legislation.

 

As long as the cost of committing identity fraud is significantly lower than the financial gains, criminals won’t be deterred.

STRONG
SYSTEMS

Maintain a vigilant approach to possible threats to your systems.

Identify operating weaknesses, particularly in software.

 

This extends beyond an organisation's information system ecology to the devices used by customers.

 

Research shows that an organisation’s disclosure about the implementation of their identity theft counter-measures and management systems is viewed positively.

It is not beauty that endears, it’s love
TIPS FOR BANKS,
INVESTMENT FIRMS,
and REAL ESTATE

Use hardware dongles that generate one-time passwords (OTPs). They’re considered more secure than codes sent by SMS.

 

Track attempts at high-value transactions.

 

Use metrics such as device fingerprint technology and geolocation to reject transactions and suspend accounts.


Respond quickly to account-freezing requests. Enforce a rigorous authentication process such as several pieces of ID, and an ‘only-person’ account unblock.

CAUGHT IN THE ACT

Sydney man charged with stealing $100,000 via phone porting

Hacker who stole $5 million by SIM swapping gets 10 years in prison

Super funds warned as young mum charged over $10 million scam

Telco suspected fraud but allowed a customer's phone number to be ported anyway - then he was hacked

Government targets mobile number hijackers with tighter porting rules