cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
kb_mv
Mayor / Maire

Re: SIM Swap Fraud

@daki28 @RobertQc I like the idea of an email but it would need to be something that required action to allow the sim change (similar to the porting process) as opposed to "if you do nothing it will happen in XX hours".

 

In the past when on vacation my attention to email is spotty at best and if this is when the ner do wells decide to do this, my non action would suffice to stop it.

RobertQc
Mayor / Maire

Re: SIM Swap Fraud

 

 


@kb_mv wrote:

@daki28 @RobertQc I like the idea of an email but it would need to be something that required action to allow the sim change (similar to the porting process) as opposed to "if you do nothing it will happen in XX hours".

 

In the past when on vacation my attention to email is spotty at best and if this is when the ner do wells decide to do this, my non action would suffice to stop it.


@kb_mv  Perfect, so it can either be do it unless in X hours. Or don't do it unless the required action went through. Allow the customer to choose the way they want it.

gpixel4
Mayor / Maire

Re: SIM Swap Fraud

@daki28 

Probably, but correct or incorrect information

means nothing for SiM change function. Once you/they are in, it doesn't matter. It might mean something to port your number, but I'm not sure that I want to put 'John Doe' name and then use that when porting. How do I prove I'm 'John Doe' if that's required.. That never made any sense to me. Also, even if it is ported/SiM Hijacked, it is easier to prove your identity with 'real info', rather than made up.

 

yes, there needs to be a compromise. but, I would rather lose my number than to lose my identity. it isn't easy to reclaim your identity after its stolen.

daki28
Model Citizen / Citoyen Modèle

Re: SIM Swap Fraud


@RobertQc wrote:

@daki28 wrote:

@RobertQc  Problem with SMS is that probably your SIM is not working and you cannot receive, but email would work. Or 'alternate phone number' that we can all list.


@daki28  Yes but thats why if your phone is not working, no reply would allow the sim to go through like normal.The sim change will automatically go through unless you stop it. But yes, send it to as many e-mails / phone numbers you wish.

 


@RobertQc wrote:

"No" to cancel the sim change, otherwise the sim change will go through in X hours"


 

 


@daki28 wrote:

@RobertQc  Also, being able to set hours in Self Serve is a potential risk as those who got in, can change it to 0 hours and change SiM.


@daki28  No, like I said, this number can NEVER be lowered.

 


@RobertQc wrote:

and do not allow this to ever be lowered, only increased even with account information verification and moderator intervention.


 

This timer doesn't have to stop any other future advancements in sim swap prevention methods public mobile comes up with and it can be only used by people that want to use it. It is only able to assist against sim swap fraud by those that wish to utilize this feature if it was available.


@RobertQc Sure, we are giving some suggestions but neither of us can make that call. The thing is that we are solutioning without even knowing what the problem is. If it is 'too simple' password ,PM can easily solve that. If not, then do some extra steps (I'll take any suggestions any of us mentioned).. I hope somebody from PM is reading this and understanding potential impact to the company. This is not simple issue like competitor is giving better plan. This could have some serious consequences on some people and I'm not taking this lightly. 

Teslas
Good Citizen / Bon Citoyen

Re: SIM Swap Fraud

Thanks for educating everyone about this.

 

If a fraudster is able to compromise a person's cell phone account it becomes the gateway to taking their other accounts, this makes cell phone accounts the primary target & thus it would make sense that cell phone accounts should have the strongest security against attack available.

 

As far as I can figure out, Public Mobile's security is currently bare-minimum: password and a security question. Weak. No 2FA as mentioned. 

 

Will Public proactively protect its customers by implementing 2FA at minimum Authenticator type and/or even better: FIDO U2F security key capability that is cheap, widely available, easy to use & super secure? Please protect us!

https://fidoalliance.org/showcase/fido-u2f-security-key/

https://en.wikipedia.org/wiki/Universal_2nd_Factor

https://www.howtogeek.com/232314/u2f-explained-how-google-microsoft-and-others-are-creating-universa...

 

I would VERY MUCH APPRECIATE this.

 

Who else wants better security against growing SIM swap fraud??

sunflowershine
Deputy Mayor / Adjoint au Maire

Re: SIM Swap Fraud

Thanks for your info!

XionBunny
Town Hero / Héro de la Ville

Re: SIM Swap Fraud

About time this information was posted honestly, though personally I'm kinda sketched out about the security of this service now, there really does need to be a censor put on sensitive information here when a person posts, such as phone numbers when posted being automatically blanked out, so that a criminals cant use that info to compromise accounts.

Pawprints1986
Town Hero / Héro de la Ville

Re: SIM Swap Fraud

"Ironically when I signed into my CRA account yesterday I had been randomly selected to add 2FA with no option to refuse its implementation. Choosing to recieve a phone call ensures it can be sent to just about any phone ( ie landline) but it means that you can at least ensure that you have your voicemail pin required to access your messages from any device ."

 

@darlicious 

 

That's actually true, I hadn't thought of this. For myself I know my pin so well that it totally escaped my mind that it would be hard for others to guess ! SMS even with thumbprint or pattern enabled on the lock screen, for my own ease of access I have it set up so if I push on the little notification bubble, I can see the SMS. 

 

But that could be a possibly better way to prevent Sim fraud, if it's requested, you get a voicemail, from pm which contains a decently tough unique 1 time code that you then have to text to pm, to prove its you and you still have full control of your device ?

 

I still say the telus port phone support line should be universally available as the only way to port out though. Since theyre all the same company anyway, it's not like they'd have to hire anyone! 

Daiheadjai
Good Citizen / Bon Citoyen

Re: SIM Swap Fraud

One countermeasure which would be easy to implement, is for Public to simply send out an email alert when a SIM card change is requested/applied to an account.

This way, customers would at least be warned that something is happening.

 

This is exactly how I found out something was wrong in my SIM fraud experience: A payments service provider sent me an email noting that I'd changed my address to an address in another province, and had attempted to change my e-mail address as well (by luck or by design, it still sent the email to my old/real address, otherwise I'd never known until the charges hit my account).

 

 

Daiheadjai
Good Citizen / Bon Citoyen

Re: SIM Swap Fraud

I was looking into removing 2FA in a banking account - was pretty miffed that there's no option to remove it.

It's pretty impressive that thieves/fraudsters managed to take something which was intended to increase our security and protection, and use it against us.

Need Help? Let's chat.