SIM swap? It’s Really Identity swap

A long-time friend on Facebook just posted the following:

My SIM card was hacked on my cell phone (Someone convinced my wireless carrier that they were me and gave them a new SIM card number and phone to route my texts and phone calls). Then my Gmail account was hacked via text messages to phone. Twitter account then hacked as well. So if you get an email or text just ignore it until I indicate here on FB that all is clear….

A couple of days later, he got back in touch to say that he had, thanks to some insider knowledge at his wireless carrier, Twitter and Google, gotten control of his cyberlife. His identity had been restored without incident, and with a minimum of hassle.

He’s a lucky one. The world is full of SIM-swap victims who are not so lucky. As attested to in

this Canadian documentary,  contact center agents are extremely vulnerable to the method of “social engineering” that an experience hacker can employ to gain enough personal information to do real damage. Those hackers also have the experience to act quickly to compromise other online accounts, including access to bank accounts where they can siphon funds to their own accounts and do real financial damage.

As you can see from the CBC video, it may take more than one call to aggregate enough information to change a password or add a third-party assistant. Fraudsters have the time and incentive to do so.

This is not just about getting free premium cable. It amounts to identity theft and potentially huge financial losses.

This Could All be Prevented by Adding Voice Biometric for Authentication

The shocking and frustrating aspect of the CBC exposé is the fact that victims often learn of the fraud after it has already taken place. Then they are stuck with a number of complex tasks, starting with re-establishing service with their wireless carrier, but rapidly expanding to addressing the global need to re-establish the ability to log onto and use e-mail, social networks, credit cards, bank accounts and many more services that rely on UserID/Password combinations as the major pre-requisites for establishing trust.

A better approach is to insist that the wireless carrier add voice biometric to their authentication factors. Voice biometrics is the strongest way to ensure that you are who you claim to be because it is literally “something you are.” Among biometric factors, voice makes the most sense in the case of SIM swap attacks because they occur without the victim’s knowledge in conversations with contact center reps over the phone (meaning the “voice channel”).

We Need to Get Rid of the Speedbumps

It’s high time for companies to stop discounting the power of voice biometrics to combat this type of fraud in the contact center. There has been long-standing concern about enrollment, but our recent research has found businesses achieving enrollment rates of 80% or more and still complying with regulatory restrictions. It is now possible, using technology exemplified by NICE’s Real Time Authentication suite, to enroll voiceprints based on existing recorded conversations between customers and reps (with informed consent, of course) and then use them passively, in the background during the sort of lengthy conversations that fraudsters engage in to carry out their nefarious tasks.

There has also been a feeling that consumers are resistant to voice-based authentication. Yet our latest tallies of enrolled voice prints used for authentication in contact centers exceeds 500 million. Clearly customers are not afraid of biometrics anymore.​

SIM swap fraud is one area of vulnerability where the superiority of voice biometrics is easy to establish. As the occurrence of SIM Swap attacks continues to rise, my prediction is that deployment of integrated voice-based authentication, like RTA, will as well.