Sim Swap Hero

SIM swapping and stolen devices

SIM swapping and device theft allow a fraudster to gain access to the SIM card and exploit the data stored on the device, including usernames, passwords, banking details,
and other personal information.

Learn more

Problem overview

Financial fraud involving SIM swapping is growing in several regions around the world. SIM swapping is done in two ways. Steal the victim’s device and swap the SIM card on to a device controlled by the fraudster or call the victim’s mobile provider and convince them to switch the number to a new device controlled by the fraudster.

Not all cases of stolen device fraud require a SIM swap. In these cases, often carried out by highly organized criminal gangs, fraudsters use password engineering to unlock the device. For iOS/Apple, the fingerprint and FaceID on the device are changed allowing fraudsters unlimited access to any apps on the device that use these biometric features.

Trying to solve the case of financial fraud on a stolen device is extremely difficult as it is not a traditional account takeover. As new fraud types emerge, using behavioral and device intelligence to build innovative risk models that solve complex challenges in critical. Behavioral biometrics intelligence can be leveraged in cases of SIM swaps or stolen devices to uncover anomalies such as changes in device orientation, swipe patterns, and typing cadence. Device intelligence can also be leveraged to identify risky behaviors such as login anomalies (e.g. the genuine user always uses a passcode and suddenly changes to a biometric mode) or recent changes to biometric information (fingerprint or FaceID).

View Solution Brief

Fast facts on SIM swapping and stolen devices

65 %

Percentage of account takeover fraud cases that involve stolen devices and occur on iOS/Apple devices

$ 68 M

Total losses to victims of SIM swapping attacks in the U.S. each year

15 K

Number of mobile devices stolen each day in Brazil

Additional account takeover
use cases

Remote access attacks

Legacy fraud prevention controls have limited or no ability to detect remote access attacks. When a RAT is present on a user’s device, the bank’s systems detect a genuine device fingerprint, with no traces of proxy, code injections, or malware, and with the proper IP and geo-location. 

Learn More  >

Credential stuffing

Most organizations have bot mitigation controls in place to detect credential stuffing and other automated attacks. To circumvent these controls, fraudsters have started to abuse legitimate open banking platform providers to test batches of credentials and reverted to testing smaller, more frequent batches instead of testing at scale. 

Learn More  >

Phishing site detection

Over 90% of all cyber attacks start with some form of phishing via email, text message, or phone call. While phishing attempts used to be easy to spot due to multiple spelling errors and poor grammar, fraudsters now have access to AI tools such as ChatGPT to help them craft well-written messages capable of tricking even the savviest users. 

Learn More  >

Request an intelligence briefing

Join us for a 30-minute deep dive with a BioCatch expert to learn the latest tactics, techniques, and procedures (TTPs) fraudsters use to scam your customers
and harm your brand.

Request a Briefing