The Federal Communications Commission (FCC) has announced the introduction of a new set of rules aimed at protecting consumers from scams that attempt to take control of their cell phone accounts. FCC Chair Jessica Rosenworcel stated that these rules will ensure individuals maintain their freedom to choose their preferred device and provider while safeguarding them against fraudulent activities.
The proposed regulations would require wireless providers to implement secure authentication methods when customers swap SIM cards to a new device or transfer their phone number to another carrier. Additionally, providers would be obligated to notify customers whenever a SIM change or port-out request is initiated. These measures aim to protect customers from phone hijacking fraud and enhance their security.
The FCC initiated discussions on strengthening cellphone regulations nearly two years ago, and the proposal put forth now largely aligns with the language presented during that time. The Privacy and Data Protection Task Force of the FCC has now finalized these rules and seeks their approval.
SIM card swapping poses a genuine threat wherein attackers convince a cell carrier to transfer service to a device under their control. In a notable incident from 2019, this technique was employed to gain control of then-Twitter CEO Jack Dorsey’s Twitter account. Typically, such actions are carried out to extort ransom money or demand cryptocurrency from victims. Moreover, this gives attackers potential access to the victims’ personal information, as they can then exploit online accounts secured with SMS verification codes, which are considered less secure than other authentication methods.
Similarly, port-out fraud involves the unauthorized transfer of a phone number to a different carrier and device. This type of fraud affected numerous TracFone customers in early 2022.
While most carriers have implemented measures to prevent or hinder these types of fraud, some steps have been taken to enhance security. For instance, T-Mobile, AT&T, and Verizon began offering PIN numbers in March of the previous year to secure customers’ wireless service accounts. The FCC also supports the use of phones with embedded SIMs (eSIMs), which provide additional protection against SIM swapping.
As the FCC proposes these new rules, consumers are encouraged to remain vigilant against potential scams and take advantage of the security measures provided by their wireless providers, such as PIN numbers and eSIM technology.
