More mobile phone users globally are becoming victims of SIM swap fraud than earlier thought, a new study by Myriad Connect has revealed, underlying the need for stakeholders to strengthen security systems.
According to a survey by Myriad Connect, a tech solutions firm, SIM swap fraud affects both developed and developing countries alike.
“SIM swap fraud is not limited to Africa. It is a growing global issue affecting even some of the most sophisticated technologies in the world,” Willie Kanyeki, Myriad Connect Director Business Development – Africa, is quoted as saying by the Kenya Standard Newspaper.
According to Kanyeki, the scam involves fraudsters replacing the SIM for a mobile number that does not belong to them, allowing them illegitimate access to personal information and accounts of the original user.
The scammers use SIM swap frauds to cancel and re-activate new SIM cards to their names to target bank accounts or any other money transfer services.
“This compromises the victim’s online banking, cryptocurrency or digital financial service accounts and gives SIM swap fraudsters access to all the victim’s online accounts, including email and all social media accounts,” he says.
A recent survey in Kenya revealed that over 90 percent of Kenyan banking leaders see SIM swap fraud as an issue for their organizations and over 25 percent of respondents had been victims of SIM swap fraud.
In 2016 the National Institute of Standards and Technology in the US identified that SMS is a risk and that OTP via SMS is not fit to secure financial services as it can be vulnerable to man-in-the-middle attacks such as SIM swap.
In South Africa, the South African Banking Risk Information Centre (SABRIC) reported that the incidence of SIM swap fraud has more than doubled in the past year.
Myriad Connection insists that whereas many users have responded by introducing further authentication measures to protect transactions, often in the form of a one-time-password (OTP) over SMS, these are also vulnerable to hacking.
“However, OTP via SMS has long been considered a vulnerable channel for authenticating financial services transactions, as it does not meet strict security standards. OTP via SMS is simply not secure enough to protect financial service transactions,” the survey says.
More great stories: