Sim swap attacks

Where do Zevvle stand on Sim swap attacks, by way of what can Zevvle do to mitigate the risk?
I understand that zevvle are still (for the moment :wink:) a small mvno perhaps now is the time to put something in place.

Article on /. where some one lost $1m

2 Likes

Hi Wayne! To request a SIM swap you’ll need to be logged-in to the app with proof of ID, and we also ask for proof for changing your address as well (i.e., we don’t sent swaps to a random address without verification).

Hope that helps :slight_smile:

Nick

5 Likes

That’s great thanks

I wouldn’t be too concerned about Zevvle themselves doing a fraudulent SIM swap, but I am worried someone higher up (the enabler, EE, etc) might be convinced to do so.

The reality is that SIM swap and number port fraud will happen, and there’s no sense in trying to prevent it. Sure, Zevvle may be safer for now, by nature of being tiny, but the structure of phone networks just means it’ll happen.

Focus on making it useless by using FIDO/WebAuthn for everything :slight_smile:

1 Like

While I agree that phone numbers alone shouldn’t be used for authentication, I disagree with just accepting the status-quo that SIM swap and porting fraud is a thing. There are easy ways to mitigate this and we should be pushing for change.

Giving SIM swap & number port privileges to underpaid idiots in some third-world call centres or teenagers paid minimum wage in a phone shop is just asking for trouble. This however won’t change until the carriers themselves are held complicit in the crimes that the SIM swap fraud achieved.

2 Likes

A fair point, I guess I was just being more cynical about the possibility of it ever changing - not saying it was okay. Just, pragmatically, phone numbers are unsafe.