Financial fraud involving SIM swapping is growing in several regions around the world. SIM swapping is done in two ways. Steal the victim’s device and swap the SIM card on to a device controlled by the fraudster or call the victim’s mobile provider and convince them to switch the number to a new device controlled by the fraudster.
Not all cases of stolen device fraud require a SIM swap. In these cases, often carried out by highly organized criminal gangs, fraudsters use password engineering to unlock the device. For iOS/Apple, the fingerprint and FaceID on the device are changed allowing fraudsters unlimited access to any apps on the device that use these biometric features.
Trying to solve the case of financial fraud on a stolen device is extremely difficult as it is not a traditional account takeover. As new fraud types emerge, using behavioral and device intelligence to build innovative risk models that solve complex challenges in critical. Behavioral biometrics intelligence can be leveraged in cases of SIM swaps or stolen devices to uncover anomalies such as changes in device orientation, swipe patterns, and typing cadence. Device intelligence can also be leveraged to identify risky behaviors such as login anomalies (e.g. the genuine user always uses a passcode and suddenly changes to a biometric mode) or recent changes to biometric information (fingerprint or FaceID).
Fast facts on SIM swapping and stolen devices
Percentage of account takeover fraud cases that involve stolen devices and occur on iOS/Apple devices
$ 68 M
Total losses to victims of SIM swapping attacks in the U.S. each year
Number of mobile devices stolen each day in Brazil
Remote access attacks
Phishing site detection