The FCC has unveiled a set of rules aimed at safeguarding consumers against scams that seek to commandeer their cell phone accounts.
The proposed regulations, designed to protect citizens’ freedom to choose their preferred device and provider, require wireless providers to implement secure authentication methods when swapping SIM cards or porting phone numbers to another carrier.
FCC Chairwoman Jessica Rosenworcel said: “Every consumer has a right to expect that their mobile phone service providers keep their accounts secure and their data private.
“These updated rules will help protect consumers from ugly new frauds while maintaining their well-established freedom to pick their preferred device and provider. I ask my colleagues to join me in supporting these common-sense consumer protections.”
The new rules, finalised by the FCC’s Privacy and Data Protection Task Force, follow almost two years of deliberation.
One of the prevalent issues these regulations address is SIM card swapping, a technique used by scammers to persuade cell carriers to transfer service to a device they control. This method was notably employed in 2019 when an attacker gained control of Twitter CEO Jack Dorsey’s Twitter account.
Typically, criminals exploit SIM card swapping to extort ransom money or cryptocurrency from their victims. Furthermore, such attacks grant perpetrators unauthorised access to victims’ personal information, including online accounts secured with SMS verification codes.
Port-out fraud, another concern tackled by the FCC’s rules, involves the unauthorised transfer of a phone number to a different carrier and device.
Thousands of TracFone customers fell victim to port-out fraud last year. While most carriers have implemented measures to mitigate these threats, such as providing PIN numbers for securing wireless service accounts, the FCC believes that additional steps are necessary.
To combat SIM card swapping, the FCC supports the adoption of eSIMs by phone manufacturers. Embedded SIM cards can offer enhanced protection against SIM swapping attacks. However, consumers should be aware that eSIMs may introduce additional complexities and potential challenges.
The proposed regulations also emphasise the importance of wireless providers notifying customers when a SIM change or port-out request is initiated. By keeping customers informed, individuals can promptly report suspicious activity and take appropriate measures to protect their accounts and personal information.
By establishing stricter rules and encouraging the adoption of more secure authentication methods, the FCC aims to thwart fraudsters and empower individuals to safeguard their mobile devices and personal data effectively.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.