Community

@kb_mv of course many take the proper precautions like you stated but as you know many don't. Look at all the people that post on these forums with all their personal information thinking they are talking to Public Mobile.

---

@Jb456 wrote:

Think how many online accounts you have attached to your phone number. Plus banking accounts / credit cards with 2 factor identification attached to the phone number.

---

@Jb456 I have exactly ZERO accounts tied to my phone number. Anyone that uses their phone number in this way should take steps to change it. Authenticator apps, password managers, security questions, email notification etc are all better. Perhaps not as convenient but we are seeing how this convenience is coming home to roost. You may manage to somehow steal my number but it won't get you anywhere. I will still have my phone and all the protections I have built into my online presence.

@Pawprints1986 there are two things going on.

• Port outs
• Sim card change

Its a lucrative business for fraudsters. Think how many online accounts you have attached to your phone number. Plus banking accounts / credit cards with 2 factor identification attached to the phone number.

When they gain access by one of those methods they can easily get into emails, , banking information, you name it.

I went and double checked my email, and you're right I was part of the koodo amount compromised people

..But even still why can't port lock become standard like how I had mentioned being the only way to release the lock by calling?

Why do people want to take phone numbers in the first place? 

@gpixel  been quite the few sim swaps lately.

Considering PCgeek mentioned the downfalls of asking for the pin code before the change sim maybe some of your idea can still be used?

Something like:

• A 24 hour delay on the change
• A text message sent to original sim on account "did you request a sim change yes or no" Of course there are legitimate sim swaps (example lost phone and person will not receive the text message) so they can contact moderators with all the appropriate information to get the 24 delay removed if moderators get to ticket in time. (Maybe something like port request in the chat bot so it gives the ticket priority)
• An email sent to the person's account notifying them of a potential swap (although email is likely compromised)
• A notice on the account when you log into the account. (Like the suspended notice at renewal time)

It's not a sure fire fix and likely still ways around that but maybe delaying the sim swap by 24 hours just might help lower amount of swaps that have been happening lately. I don't know 🤔

@Pawprints1986 the port lock was for customers who's accounts were compromised in February 2020 from Koodo. 

I know they're "different companies" but I came up with a solution a while ago. They could make us have to call the main telus port line if we wish to port out or replace sim cards. Have us set up a unique verbal password or even a phrase when signing up that will only ever be used if you need to call to port out or sim switch, along with name, billing address, etc. 

Even if someone gets into our selfserve and accesses all our other info, that verbal password or phrase would still be safe. Only in the event of telus itself being hacked would anyone else ever be able to know these verbal passwords or phrases. This could be our "password" to even proceed with the call at all. 

Why can't this become a thing? 

In koodos case I know they have a port lock as I had to call to authorize my port out, but I'm not sure if Sim cards are any more safe with them currently

If someone forgets their verbal password, no port or Sim swap unless they go in person to a kiosk and provide their account information along with ID so they can prove that you are you. And then in person reset your verbal password. 

Would this be a pain for legit customers ?Yes... But it would save aLOT of people too

Just my 2 cents... Or maybe more like 12 cents but that is my idea

---

@gpixel wrote:

@Alan_K @Catherine_T 

 

would it be possible to add our pin to the "change the sim card" option in the self serve account, as a verification process. this will give added protection to our accounts as we are the only ones with this code.

 

if the pin is entered incorrectly, a text message from pm will be sent notifying the customer.(this will also give indication something fraudulent may be happening on their account) then after 3 failed attempts that option becomes locked. with only mods having the option to unlock it again for the customer.

---

Once again, the person having access to the self serve acount means that they have access to all information needed to get the PIN changed.  The only security against that is a good password.

As for sending a text message to the customer, this could cause some difficulties for someone legitimately trying to change the sim card. The PIN is so seldomly used that I suspect that many customers don't know it,

@Alan_K @Catherine_T 

would it be possible to add our pin to the "change the sim card" option in the self serve account, as a verification process. this will give added protection to our accounts as we are the only ones with this code.

if the pin is entered incorrectly, a text message from pm will be sent notifying the customer.(this will also give indication something fraudulent may be happening on their account) then after 3 failed attempts that option becomes locked. with only mods having the option to unlock it again for the customer.

@gpixel Only mod can change account PIN

is there any way to change your pin through self serve or 611? or can only a mod change it?

---

@computergeek541 wrote:

This won't work. Porting is done automatically. Nobody will see the note when port out is approved by Public.

---

I understand the number porting rules are set up in a way which obstruct this. A customer has the right to request number port through a new carrier without any requirement to inform the old carrier. Some guy named @computergeek541 recently reminded me of this.

PM certainly won't defy the CRTC Wireless Code number porting regulations. Meaning that if somebody else requests a number port on your number then PM itself can be uninformed until things have reached the point where PM must release the number to another carrier. Not much they could do to protect customers in that situation.

What PM can do, however, is allow customers to deliberately waive some of their rights under the number porting rules. A port protection option which breaks (or rather, delays) the normal rules from taking effect - where PM informs the customer of the existing rules and allows the customer to consciously agree to certain allowable conditions and exceptions of the rules.

I think that if this is implemented correctly then it can provide effective port protection. Delay the port request (as previously "instructed" by the customer) until the customer takes action which authorizes PM to proceed with the request. The opposite of automatically proceeding with the port request because no timely action by the customer unauthorizes it. As in replace "click this chatbot link quickly if you didn't request the number port" with "reply AUTHORIZE then login to Self-Serve to confirm within 24 hours or the port request will be denied, as you instructed".

The barrier is not technical, it's legal and regulatory. If PM covers the legal requirements and PM's customer explicitly agrees to the terms of actively selecting this "option" then it's not breaking any rules at all, it's extending them. And while it might cause small delay for normal customer-approved number ports, it's able to provide more effective port protection against fraudulent customer-victimizing number ports. I can't imagine any scenario where customers would be extremely reluctant to communicate when abandoning PM - there's no way they can be in a situation where they owe money or face contractual obligations, at worst they (or their AutoPay) didn't put enough funds into account to buy another cycle of prepaid plan so their service got suspended.

The CRTC rules are meant to install fair policies which protect wireless carriers and protect wireless customers. But as written, they are failing to adequately protect the customers against number port predations. So it's up to carriers to provide their customers an option which augments these inadequate rules.

I would tick the box to enable this option if PM offered it to me.

It seems obvious that many other PM customers would as well. Here's a few of the other threads about the same topic:

https://productioncommunity.publicmobile.ca/t5/Using-Your-Service/How-To-Protect-Yourself-From-quot-...

https://productioncommunity.publicmobile.ca/t5/Using-Your-Service/port-protection/m-p/566646

https://productioncommunity.publicmobile.ca/t5/Using-Your-Service/Does-PM-have-Port-Protection-Plan/...

https://productioncommunity.publicmobile.ca/t5/Self-Serve/Port-protection/m-p/589177

https://productioncommunity.publicmobile.ca/t5/Using-Your-Service/Port-Protection/m-p/591210

https://productioncommunity.publicmobile.ca/t5/Using-Your-Service/Porting-protection/m-p/492548

https://productioncommunity.publicmobile.ca/t5/Using-Your-Service/Public-Mobile-Porting-Protection/m...

https://productioncommunity.publicmobile.ca/t5/Using-Your-Service/What-port-protection-does-PM-have/...

lol don't tell them how to do it .. it should be an added step.

at least it doesn't require the rest of the other providers to be involved. it could help slow it down and then maybe add a lock where if you enter the pin incorrectly 3 times you will then need to contact moderators. and a text is also sent to the number. maybe a text right away when the first attempt has failed. then that will notify the user that someone is trying something fishy in their account

@narjispanjwani 

The best protection against fraudulent porting is to slightly change the spelling of your name or have completely different name on your account.....Marilyn Monroe or Harry Houdini and keep it completely secret.

The best protection against sim jacking your service is a strong password, a separate account specific email and keeping your personal information private.

---

@gpixel wrote:

I think I may have a solution to the sim swap fraud scam. pm should add the pin code verification step before the swap is authorized. 

---

That's an interesting idea, but I don't see it working. To change sim cards on the Public Mobile account, the person would need access to the Public Mobile self serve account. Wihth the informaiton in there, that person would simply need to open a ticket to have the account PIN changed.

I think I may have a solution to the sim swap fraud scam. pm should add the pin code verification step before the swap is authorized. 

---

@gpixel wrote:

@RosieR unfortunately sim switching is unstoppable. if the fraudster can login to your account it's already too late.

 

it would be nice if PM would inform customers of data breaches. or if the Koodo data breach in February also involves pm and Telus accounts. which it seems like it does...

---

@gpixel thank you for your reply.  Yes, it would definitely be nice if PM would inform their customer of data breaches.  😊

---

@cavemantoronto wrote:

---

@RosieR wrote:

---

@gpixel wrote:

I see, thanks for clarifying. I guess we'll just have to wait for the telcos to fix their port protection solution

---

Hi @gpixel will port protection prevent sim jacking?

---

No, it won't. Port protection prevents porting to another carrier. Swapping sim steals the service.

---

@cavemantoronto thank you for the reply.  😊

@RosieR unfortunately sim switching is unstoppable. if the fraudster can login to your account it's already too late.

it would be nice if PM would inform customers of data breaches. or if the Koodo data breach in February also involves pm and Telus accounts. which it seems like it does...

---

@RosieR wrote:

---

@gpixel wrote:

I see, thanks for clarifying. I guess we'll just have to wait for the telcos to fix their port protection solution

---

Hi @gpixel will port protection prevent sim jacking?

---

No, it won't. Port protection prevents porting to another carrier. Swapping sim steals the service.

---

@gpixel wrote:

I see, thanks for clarifying. I guess we'll just have to wait for the telcos to fix their port protection solution

---

Hi @gpixel will port protection prevent sim jacking?

I see, thanks for clarifying. I guess we'll just have to wait for the telcos to fix their port protection solution

---

@gpixel wrote:

I'm wondering if pm mods have the ability to add comments/notes on a customers file? I believe they can. 

 

@narjispanjwani you could possibly contact customer support mods to see if they can add a note to your file. and ask them not to port your number unless you private message them

---

This won't work. Porting is done automatically. Nobody will see the note when port out is approved by Public.

"Hey, it’s Public Mobile. We received a request to cancel your account and transfer your phone number to another carrier. If you requested the transfer, no action is required. If you did not make this request, please immediately open our chatbot via this link bit.ly/2GF1pHW and type in “unauthorized port”. This will put you in touch with our moderator team. Free msg."

So it's 3:30 am even if you wanted to respond you can't. Your number is gone and your accounts are cleaned out!! Totally useless!! Please bring back port protection!!

---

@Anonymous wrote:

---

@Luddite wrote:

@gblackma 90% sure that port protection plan is on hold for now, and we're back to the simply warning.

---

Who am I to correct the exultant Oracle from on high 🙂 but that IS the negative option port text. Pathetically useless as it is. It's very unfortunate they got rid of the final positive confirmation text.

---

'ta; now I'm 100% certain of the correct messaging from PM. 🙄

@Luddite I though this was the warning the one that required you to come here asap and contact the moderators to stop the port.

The pro one that was cancelled required you to type Yes to allow the port. 

I'm wondering if pm mods have the ability to add comments/notes on a customers file? I believe they can. 

@narjispanjwani you could possibly contact customer support mods to see if they can add a note to your file. and ask them not to port your number unless you private message them