cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Jb456
Mayor / Maire

Re: SIM Swap Fraud

But if everyone is talking about asking for a PIN.

 

Maybe at the same time PM should fix the 18554Public number where you can access anyone's account. 

z10user4
Mayor / Maire

Re: SIM Swap Fraud


@Jb456 wrote:

But if everyone is talking about asking for a PIN.

 

Maybe at the same time PM should fix the 18554Public number where you can access anyone's account. 


Sure. Why not. But again, all anybody can get is Available Funds and due date and redeem all the vouchers they want. But sure. While they're there.

mimmo
Oracle

Re: SIM Swap Fraud


@gpixel4 wrote:

they cannot always change the password because they need the email password or sms authentication to work. if they don't have either than changing the password will most likely lock them out. 

 


@gpixel4   are you sure to change password all that is asked is existing password.  if they got into the account they have your login and password so they can easily change password with two clicks.  there is no sms authenticaton here.

HALIMACS
Mayor / Maire

Re: SIM Swap Fraud


@z10user4 wrote:

@Jb456 wrote:

But if everyone is talking about asking for a PIN.

 

Maybe at the same time PM should fix the 18554Public number where you can access anyone's account. 


Sure. Why not. But again, all anybody can get is Available Funds and due date and redeem all the vouchers they want. But sure. While they're there.


I'd be inclined to side with @Jb456  on this one. 

 

The fact that anyone with another person's cell number can get that person's balance and next due date is disconcerting.  That information may help them 'convince' an unsuspecting Mod that they are the customer, when they may not be...  it's just another piece of a hacker's toolbox. 

 

Yet, Public Mobile still allows that type of access instead of PIN protecting it.

gpixel4
Mayor / Maire

Re: SIM Swap Fraud

@mimmo lol you're right I just changed my password recently. not sure why I thought there was an email verification process

 

in that case, it's very interesting that they don't. 🤔

Re: SIM Swap Fraud


@kb_mv wrote:

@will13am @z10user4 We already have the PIN associated with our account, so they wouldn't be starting from scratch on implementing this.


The difficulty with the PIN is how it's only 4 digits.  Also, when it starts being used on a widescale, that can become more of an opportunity of people who shouldn't have the PIN being able to use it to gain access through pure exporsure to an account.

Re: SIM Swap Fraud


@Jb456 wrote:

Just remove "change sim" from the account. If legit people need to change their sim card then they open a ticket for moderators. Problem solved!


I don't have perfect answers, but all that's required to verify account ownership are either the self serve credentials or the account PIN. Someone who's able to perform a SIM swap would already have that information anyway.

Re: SIM Swap Fraud


@ShawnC13 wrote:

@daki28 wrote:

That's what I said earlier, if PM cannot do some extra protection, just remove it. My tradeoff if I ever need this option (and for 20 year haven't had ) is to go to store and do it there. Prove your identity somehow and it's all good. 


What store would you be going to and who are you showing your identity to?  None of the retail locations have account access, even the PM Kiosks can only do setup and nothing to do with account issues.  Or are you saying pick up a sim at a retailer and then prove identity to the PM Moderators (which could still take 48 hours *or more*)

 

The PIN option mentioned seems like a reliable, responsible way ahead now it is to see if PM can implement and we know that around here it is at about the same speed the government implements practical solutions.


I agree that this would be more secure, but how would someone even know that the person processing the changes is trustworthy?  There also is the problem with if this is what's required to perform a SIM card change, it'll inconvenience customers to the point that they might switch to a different carrier if they absoltuely have to go to the store.

z10user4
Mayor / Maire

Re: SIM Swap Fraud

 @HALIMACS : I'm not sure I recall Jb456 defending his point in that same way. Y'see how it's funny how even just wording things differently but saying the same thing can twig people to get it. But I don't know if Jb456 said things of that nature before.

 

 @computergeek541 : The PIN is only sent once by SMS at activation. If requested to change, again to SMS. We don't know if the hackers have PIN's or just login credentials or both.

 

And RE: inconvenience: it's that problem with some people that gets them into trouble to begin with. I say tough toodles. If they can't tolerate the once in a blue moon needing a little extra security step to do something critical to their account then they're not worthy of a hands-on self-serve provider. Go to an upper tier and get hand-holded for the price.

Jb456
Mayor / Maire

Re: SIM Swap Fraud

@z10user4  I made a post last year (around same time sim swaps first started) that the 1855 # is a breach of confidentiality. I believe I tagged Tiana & Alan to that thread. Next day Public Mobile completely deleted the thread. That tells you something.

Need Help? Let's chat.