Background

Fraud by way of taking over accounts is the leading SIM/wireless attack vector impacting the financial services industry. This type of attack costs banks hundreds of millions of dollars each year. It is important to understand how SIM swap fraud takes place before explaining the features of the app that help prevent it.

Fraudsters typically study their target victim and obtain a lot of information about them before they perpetrate the attack. The fraudster uses the information to engineer a customer care representative from the victim’s wireless carrier. They then swap the victim's SIM card. Then they call the mobile carrier's customer service representative and dupe them into believing the SIM was damaged or lost, and they provide the necessary recovery information to restore service. This might entail moving the victim's phone number from SIM 1 and associating it with the fraudster's SIM 2. The thief then attempts to log into the victim's bank account using the stolen username and password where they face the bank's challenge for 2nd-factor authentication. Upon success, the bank sends an SMS OTP to the new SIM card. The fraudster enters the 2FA challenge response and successfully logs into the victim's bank account.

ZenKey provides SIM swap protection that enables a stark contrast in the outcome of such an attack. However, for mobile users to benefit from this protection, they must have ZenKey installed on their device and the ZenKey app linked to the merchant's app or website.

Whenever a SIM swap occurs on a ZenKey user's mobile device, a recovery flow is triggered and the user must respond to regain access to the account. This is easy for legitimate ZenKey users, but not so for criminals needing to download and install ZenKey and provide at least two out of the following four alternate factors of authentication as part of a built-in recovery flow:

  • PIN/biometric
  • Recovery code (setup during ZenKey sign-up)
  • Trusted device (registered during ZenKey sign-up)
  • Carrier username/password

ZenKey Trust Services provides a suite of fraud prevention services that sit atop the ZenKey authentication platform.


What’s Next
Did this page help you?