The Federal Communications Commission (FCC) on Thursday said it’s looking into tightening rules around cell phone service, in an effort to rein in SIM swapping scams and port-out fraud, two ways fraudsters can access a person’s cell phone account and phone number for nefarious purposes.
The agency says in a statement it has received numerous complaints “from consumers who have suffered significant distress, inconvenience, and financial harm” due to SIM swapping and port-out fraud. And, the FCC said, recent data breaches have exposed customer information that could make it easier for bad actors to carry out these kinds of attacks successfully.
SIM swapping is when someone hijacks your cell phone number so they can intercept two-factor authentication codes — the ones you use to verify a log-in or account access — to gain access to your account information. Typically, a bad actor is able to convince their victim’s cell phone carrier to transfer service to a different device, which the victim doesn’t have access to, but the bad actor does.
Port-out fraud happens when the fraudster poses as their victim and opens an account with a different cell phone carrier than the victim’s and has the victim’s phone number transferred — or “ported out” — to the new account with the different carrier.
In most instances, if the bad actor has access to a piece of personal identifying information, they can pull off either (or both) of these scams before the victim realizes what has happened.
Most security experts recommend using a third-party authenticator app to provide 2FA rather than receiving a text message with a log-in code, which is a less secure method.
The FCC has now issued a formal notice of proposed rulemaking and said in a press release it wants to amend the current rules to require carriers to adopt more secure methods of authenticating a customer’s identity before they redirect service or a phone number to a new device or carrier. The agency is also proposing requiring carriers to immediately notify a customer whenever a SIM change or port request is made on their account.