When accessing a website or application, many of them require creating an account . This process is normally quite tedious, having to give email and even personal data to a website that we do not trust much. For websites, users are often lost due to the account creation process. For this reason, they have created a new verification system based on SIM cards .
Verification with emails and passwords has been the main access route to online services for decades. However, its security has been in question for more than a decade, since it is necessary to use two-step verification systems such as authentication applications or SMS to receive codes.
New SIM verification: goodbye to SIM swapping
The problem is that it is even possible to hack into this system using techniques such as SIM swapping , which is really easy to carry out and can make us lose all our accounts. Therefore, it is vital to use apps like Google Authenticator, with unique codes that are quickly renewed and that no one can intercept through this type of technique. It is also advisable to use biometric identification, such as fingerprint, as well as USB keys.
However, the tru.ID company has realized that the solution is already in our hands: use the SIM card of our mobile. SMS are not 100% secure, but the phone numbers associated with a specific SIM card are. Thanks to this, it is possible to prevent fraud and false accounts at the same time that users can be verified using the unique identifier they already have: the SIM of their mobile phones.
Checks for potential swapping attacks
Attackers typically access spoofed user accounts about 24 hours after hacking, and the new protection technique carried out by tru.ID’s SubscriberCheck analyzes SIM change activity in the last 7 days, and the check if there has been a SIM change. This period of time is usually more than enough for the user to realize that their SIM card has stopped working correctly and that something happens, since in many attacks of this type the user is left without coverage and there is no account of what happens up to several hours and even days later.
The SubscriberCheck system checks the same number that our operator checks to offer us service. First, check that the phone is active and paired with our SIM. It also checks if the SIM has been changed recently.
The API based on this system can now be integrated into apps and services, all the information being available on the official website .
