FBI warns of SIM swap surge, Veridas outlines biometrics fix
The U.S. Federal Bureau of Investigation (FBI) has recently issued an official alert (Number I-020822-PSA) warning against the dangers of SIM swapping, just as Veridas proffers guidance on defending against the attack method with biometrics.
Veridas explains thwarting SIM swaps with biometrics
Veridas has published a new blog post highlighting the importance of using biometrics tools to tackle SIM swapping-based digital identity fraud.
In the post, Sandra Marqués from Veridas’s marketing team first defines SIM swapping as a type of fraud “in which a duplicate SIM card associated with a phone line is obtained without the consent of its holder and with the purpose of impersonating the holder’s identity and accessing confidential information.”
Marqués then describes how fraudsters usually obtain a duplicate of someone else’s SIM card by visiting operators’ physical stores in person and presenting a fake police report and photocopy of the ID card with a forged image.
Alternatively, they may attempt to call the operator, pretending to be the owner of the line and claiming to have had their cell phones and SIM card stolen, then requesting a duplicate SIM card.
Because of these reasons, Marqués claims SIM cards and SMS as a second authentication factor are simply not secure enough.
Instead, individuals should use biometric factors as authentication factors as they are “inherent and incapable of being supplanted.”
Marqués concludes her post by mentioning a few companies that have already integrated biometrics within their customer registration and authentication processes, including Ventocom, Deutsche Telekom, and Euskaltel.
FBI reported $12M in SIM swap losses from 2018-20, $68M in 2021 alone
“From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million,” the document reads.
“In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”
The alert also includes a description of how SIM swap schemes work, together with “tips on how to protect yourself.”
The latter section mentions traditional security practices such as not disclosing information about financial assets and phone numbers, but also using unique passwords and multi-factor authentication methods including biometrics, physical security tokens, and standalone authenticator apps.
The concept behind SIM swaps was explained in a September guest post for Biometric Update by Boku General Manager for Identity Stuart Neal.