cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
SD08
Retired Oracle / Oracle Retraité

Re: SIM Swap Fraud: 2 factor-authentication

Thanks to PM for adding this balance between customer convenience and security.

ShawnC13
Oracle

Re: SIM Swap Fraud: 2 factor-authentication

Great news Jade!!! Glad to have this feature back and will help the members so much!


I am happy to help, but I am not a Customer Support Agent please do not include any personal info in a message to me. Click the Chat bubble in the bottom right to create a trouble ticket *

softech
Mayor / Maire

Re: SIM Swap Fraud: 2 factor-authentication

I agree with @z10user4   

 

We seen before that people got simjacked and unable to logon to My Account. So, either their My Account was compromised first or the email was first compromised and then My Account.

 

But of course, many people requiring SIM swap because they lost their phone or the old SIM was broken and hence they were unable to receive the SMS and an alternate way is needed, sadly in this case, email....

 

Let's see how it goes and hope for the best.

 

 

 

BlueB
Town Hero / Héro de la Ville

Re: SIM Swap Fraud: 2 factor-authentication

Great to see that the option for self-serve SIM Swap is back... particularly for @darlicious's significant other who seems to go through a new SIM every month! 😂

 

In terms of security, I agree that time will tell whether this is an effective solution or not.  It's a great step in the right direction, and the added challenge will definitely make things more secure.  How secure it really is will all depend... if somebody really wants access to your account/SIM/whatever, there are many ways of doing it through any variety of ways, social engineering, technical espionage, or however else.

smp99
Deputy Mayor / Adjoint au Maire

Re: SIM Swap Fraud: 2 factor-authentication

I may be missing something here but I think a 2FA using an Authenticator application that supplies a 6 digit code every 30sec or so, would have been an ideal solution. 

 

 

BlueB
Town Hero / Héro de la Ville

Re: SIM Swap Fraud: 2 factor-authentication

@smp99 

While a TOTP code (or similar) is a good idea, the "ideal solution" is often tricky to define.  In particular, the logistics behind it would be difficult.

 

For example, let's say this is set up upon activation.  Will the average Public Mobile user know how this works?  If the user changes phones or loses their phone, how would they have access to the application?  This would need to be set up well in advanced and maintained by the user (and Public Mobile).  There are also backend considerations for Public Mobile to maintain... more systems and maintenance = higher cost.

 

Although it's one secure way of handling things, not sure how feasible it actually would be.  The moderators here have been very helpful with problems, and I think it's a small inconvenience for us to involve them for the "occasional" SIM card swap (and now- self serve!) than to pay more every month because this would surely increase the expenses on their end.  🙂

will13am
Oracle

Re: SIM Swap Fraud: 2 factor-authentication

It is nice to see this feature make a come back in the self serve and with security feature this time.  

Haiggy
Model Citizen / Citoyen Modèle

Re: SIM Swap Fraud: 2 factor-authentication

Another step would be that since Public Mobile is all prepaid, you do not need to use your real name on the account, and can be updated to your real name later if you actually did want to make a legitimate port-out request yourself.

darlicious
Mayor / Maire

Re: SIM Swap Fraud: 2 factor-authentication

@Jade_S 

It's good to see pm has implemented a compromise between customer self-serve and account security. However given some of the observations by fellow members that 2FA may not be possible or a customer does not have access to their account or possibly has not created one does the ability to perform a sim swap with the moderators operate in the same manner?

 

Seeing as I have performed this action more than probably anyone here and do so on behalf of the bf who hasn't a clue  how to do any of this..... I cannot perform a sim swap for him if the phone or sim card is lost. Why is there no possibility of recieving the code via a phone call? It makes the verification code accessible without the device and the lost/stolen feature has suspended service.

 

Could we not have an option to change the email and/or phone number used for 2FA? As its been pointed out the blanked out email and phone number is already accessible in the account and a likely source of a breach or hacker or a thief. From an account management side without access to the phone or email it makes a sim swap within the account a non-starter. Not having the phone call option is a huge oversight in my opinion.

 

I still believe having the ability to change the login username from the accounts email would greatly improve account security especially since that ability to perform that action already exists.

 

@BlueB 

The bf did indeed go thru entire last 30 day cycle without enabling lost/stolen and had his rewards actually apply upon renewal! The second time in 22 months that I did not have to contact the moderators to have them applied manually.

darlicious
Mayor / Maire

Re: SIM Swap Fraud: 2 factor-authentication

@Haiggy 

At no time do you have to use your real name to activate and create your pm account. You can edit those details of your profile at anytime by logging into your self serve account. Changing the account holder name has been employed as an effectuve means of preventing fraudulent ports.

Need Help? Let's chat.