FB pixel

Telecom body calls for SSI adoption to cut SIM swap attacks

Categories Access Control  |  Biometrics News
Telecom body calls for SSI adoption to cut SIM swap attacks
 

Self-sovereign identity (SSI) has long been an aspiration for many people working on digital identity and access to online services. Now various sectors are becoming convinced of the potential SSI holds to help them solve some of the major problems of specific industries, and the telecommunications industry is the latest example.

The Alliance for Telecommunications Industry Solutions (ATIS) is suggesting that telecoms consider adopting SSI as a means of combatting SIM swap fraud.

A 25-page report on the topic from ATIS argues that “SSI not only addresses the core vulnerabilities of current identity verification systems, but it also gives users cryptographic proof of their identity and ownership of their telephone numbers. By shifting the paradigm from centralized to user-centric, decentralized management, SSI stands as a pillar of resilience against the growing tide of telecom-related fraud.”

ATIS summarizes what SIM swaps are and their titanic costs: the FBI reports $72 million in losses each year to individuals and businesses in the U.S., while Canada’s telecom regulator counted more than 24,000 unauthorized number ports and SIM swaps from August of 2019 to May of 2020.

SIM swaps rely on the personal details of the victim being known to the attacker, usually through phishing or the sale of breached personally identifiable information on the dark web. The attacker phones the telecom operator to request a phone number transfer, and then defeats two-factor authentication based on device possession or one-time passwords.

SSI is summarized, and its treatment in eIDAS and by GLEIF reviewed.

The section on applying SSI to stop SIM swap fraud describes the use of a digital wallet on the consumer’s mobile device to store verifiable credentials. This improves security by enhancing subscribers’ control over their phone numbers, but also reduces carriers’ reliance on more traditional and vulnerable forms of identity verification and authorization.

“Furthermore, the implementation of SSI extends beyond the issuance of telecom-specific identities,” the report states. “Leveraging existing digital identity credentials, such as government-issued IDs or the newly introduced digital versions of mobile Driving Licenses (mDL) compliant with ISO 18013-5 specifications, which are currently undergoing deployment across various U.S. states, can significantly enhance a carrier’s onboarding and vetting processes.”

ATIS sets out several attack scenarios, and how SSI would help mitigate them, and provides advice on how the industry can realize these benefits.

Stronger stakeholder collaboration is needed, ATIS says, and telecoms should be prepared for both more testing, and then challenges arising during implementation.

The NFID Foundation, officially launched this week, is focused on bringing the benefit of SSI to physical access control.

Strengthening mobile-based authentication in the meanwhile

If telecoms are to adopt SSI, it will take time. The phishing and SIM-based attacks referred to in the ATIS report will continue to plague mobile security in the meantime.

Telesign has launched a new omnichannel verification API to provide alternatives to SMS authentication. SMS authentication costs are fluctuating, according to the announcement, and the API provides built-in protection against the vulnerabilities of this method while avoiding them.

The Verify API bundles communication via seven channels, including SMS, push, email and WhatsApp, to allow businesses to add new authentication channels with minimal resources.

“One thing that phishing attempts, social engineering schemes, and account takeovers have in common is that they can often be stopped at the ‘front door’ with powerful customer authentication technologies,” says Telesign CEO Christophe Van de Weyer.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

U.S. academic institutions get biometric upgrades with new partnerships

A press release says ROC (formerly Rank One Computing), which provides U.S.-made biometrics and computer vision for military, law enforcement…

 

Smart Bangladesh 2041: Balancing ambition with reality

Bangladesh aims to be a “Smart” nation by 2041 as the country goes through a drastic transformation founded on digital identity…

 

Nigeria’s NIMC introducing one multi-purpose digital ID card, not three

The National Identity Management Commission of Nigeria (NIMC) has clarified that only one new digital ID card with multiple functions…

 

Age assurance tech is ready now, and international standards are on their way

The Global Age Assurance Standards Summit has wrapped up, culminating in a set of assertions, a seven-point call-to-action and four…

 

NIST finds biometric age estimation effective in first benchmark, coming soon

The U.S. National Institute of Standards and Technology presented a preview of its assessment of facial age estimation with selfie…

 

Maryland bill on police use of facial recognition is ‘strongest law in the nation’

Maryland has passed one of the more stringent laws governing the use of facial recognition technology by law enforcement in…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events