Managing eSIM migration, without SIM swap fraud

Managing eSIM migration, without SIM swap fraud

The eSIM is the next step in the evolution of SIM cards. In other words, soon all phones will be using eSIM and therein lies both opportunity and danger. When introducing eSIM, it is important that telcos take measures to provide the best possible customer experience, while also eliminating the risk of SIM swap fraud. 

 

The adoption of the eSIM is a sure thing. It’s simply the next step in the natural evolution of the SIM. The eSIM brings many long sought-after benefits to phone manufacturers, mobile operators and consumers alike. Nowadays, all major phone manufacturers are producing devices with eSIM technology and many mobile operators are offering eSIM deals.

What is an eSIM?

The eSIM is smaller than the micro SIM and isn’t physically issued to customers when they subscribe to a mobile phone. This new type of SIM is a programmable chip that comes already embedded within the phone’s hardware. 

Pros and Cons of eSIM over traditional SIM cards for telcos

The benefits of the eSIM are myriad. Phone manufacturers are now able to either produce thinner phones or make better use of the space previously taken up by a traditional SIM card. 

Mobile operators and retail shops, on the other hand, will no longer need to issue physical SIM cards to every individual user, which is not only easier for all parties involved, but also better for the environment.

Despite the many benefits of the eSIM, the evolution is also bittersweet. For consumers, there’s no longer an opportunity cost associated with switching providers. Traditionally, SIM cards have been very good for telcos. When the phone number is linked to the physical card, it makes customers more sticky. As a result, many customers saw switching from one provider to the other as a complicated task they’d rather not undertake.

Still, the major advantage of the eSIM is its programmability. The fact that the customer’s phone number now exists ‘in the cloud’ can be seen as a huge customer acquisition opportunity. With eSIM, the switch from one provider to the next and the transition from prepaid to postpaid are easier than ever, if the telco has a user-friendly process in place. 

eSIM Online – A proper eSIM solution for customer migration

At Alphacomm, we have been monitoring the developments around eSIM technology quite closely. We’ve anticipated the needs of customers, as well as the challenges that telecom providers will face as eSIM adoption becomes more widespread. Therefore, to aid telcos in their effort to offer eSIM users frictionless customer experiences, we have expanded our top-up services by building an advanced eSIM solution from the ground up.

We’re well aware that Alphacomm is known for reducing churn, increasing ARPU and boosting the customer lifetime value of prepaid customers. So, in the development of eSIM Online, our new eSIM solution, we played to our strengths.

The result is eSIM Online, a platform, through which new eSIM customers can easily transition from their previous provider via a short, step-by-step online process. Moreover, we made it very easy for customers to consider automatic top-up by including the option as part of a seamless migration process.

The connection between eSIM and SIM swap fraud

As society moves towards the eSIM, millions of mobile users will find themselves swapping their SIMs. It is this very process of activating a new SIM card that is highly susceptible to fraud. 

So called ‘SIM swap fraud’ is when a hacker gains access to a user’s personal accounts via their mobile phone’s SIM card. In essence, a hacker tricks a mobile network provider to switch a user’s number over onto a new SIM card that the hacker controls. 

In the United Kingdom, over 10 million British pounds have been lost between 2015 and mid-2020, as a direct result of SIM swap fraud. Globally, the fraud is especially problematic in emerging markets.

Without proper measures in place, every transition from physical to electronic SIM is a potential fraud case waiting to happen.

How SIM swap fraud works

The SIM swap fraudster’s modus operandi requires some investigative work and data crunching, but today’s fraudsters are brazen, smart and least of all afraid of getting their hands dirty.

The process is generally set in motion by first gathering personal information on a user, usually from online sources such as public data leaks or phishing attacks. Information that isn’t available, is imagined through social engineering.

Secondly, with this ‘personal profile’ in hand, criminals are able to impersonate the user, contact the user’s mobile network provider, and claim that they are moving to another mobile carrier or that their SIM card has either been damaged or stolen. Generally, they ask for a Porting Authorization Code (PAC). A PAC is needed when a user wants to take their old phone number to a new provider.

Before handing over the code, call centre employees are required to ask a number of questions to verify the identity of the user. Thanks to the personal information gathered through scraping the web, phishing and social engineering, fraudsters are able to impersonate the user accurately enough to convince the mobile network they are who they say they are.

Finally, once the imposter receives the PAC and activates the new SIM card, the old SIM card is deactivated. While the unsuspecting user is figuring out what might have happened to their phone, the fraudster is able to request the SMS verification and Authenticator codes needed to gain access to the user’s email and financial accounts (e.g., banking, stocks, crypto wallets). In a matter of minutes, life’s savings are stolen. By the time the user figures out what happened, there’s very little that can be done.

How to prevent SIM swap fraud

Thanks to our decades of experience in working with telcos and banks, we’ve developed a very deep understanding of fraud and the methods employed by criminals. This understanding enables us to identify and stop fraud at various points in the process.

For telcos, the solution to stopping SIM swap fraud without hurting the user experience is by implementing fraud scoring checks that aid the help desk in deciding when or not to grant the caller’s request to switch SIM cards.

At Alphacomm, we have designed a system that is able to detect suspicious activity early on in the process. Our platform is constantly aware of the status of the customer’s SIM card, including whether it is brand new or recently been reported stolen. When a request for a SIM swap comes in, we’re able to relay a yes/no recommendation to the customer support staff in real time, stopping SIM swap fraudsters dead in their tracks.

Help telcos launch eSIM the right way

Many telcos are thinking about offering eSIM in the short-term, but don’t have a proper in plan in place to make the adoption frictionless and secure for both existing and new customers. 

For telecom providers, it is important to offer customers a quality customer experience as they migrate to eSIM and eventually transition between prepaid and postpaid eSIM plans. Also, telcos must bear in mind that the massive adoption of eSIM by users is also an opportunity for fraudsters looking to commit SIM swap fraud. 

At Alphacomm, we have developed new tools for facilitating the great migration to eSIM while protecting telco’s customers in the process. Our Checkmaxx Reloads & Top-up platform, trusted by the leading telcos in Europe, increases ARPU, secures revenues and boosts profits. 

 

For more information on how our platform works and how to become a reseller, contact Lourens Badenhorst, Checkmaxx Product Owner at Alphacomm.