#sim-swapping

French police have arrested a business student interning at Société Générale who is accused of helping a SIM-swapping fraud ring steal over €1 million (approximately $1.15 million) from 50 clients of the bank. The intern, reportedly a Master’s student at a business school, was working at the bank’s headquarters in Paris and is alleged to have abused his position to access and share sensitive…

November 15th, 2023 the United States FCC (Federal Communications Commission) adopted new rules and regulations to prevent SIM Swapping. The document was released publicly November 16th, 2023.

It is a long and lengthy report from the FCC, in collaboration with various United States-based mobile communication provides (primarily AT&T, Verizon, T-Mobile, Tracfone, and US Mobile). It is 98 pages.

The report documents new requirements by the United States government to combat SIM swapping, as well as complaints and feedback from mobile communication providers and security researchers (mainly from Princeton University).

The document also very politely calls mobile communication vendors dummies.

The super-super-super tl;dr:

- Account biographical information (payment history, call history) are no longer valid forms of authentication

- All SIM changes must notify the customer of the change prior to the SIM change being completed (presumably via SMS or phone call, unless in person?).

- All providers must offer SIM locking features.

- All customer support representatives must undergo additional training to combat fraud

- All vendors must record SIM changes and store all information on it for at minimum 3 years.

We probably missed other important parts, but this document is really boring and painful to read.

You can read the full document here: