A person replacing a SIM card on a cell phone.

Shutterstock (Licensed)

FCC wants to do more to stop cellphone hijacking

The rules would require providers to notify customers when a SIM change request is made on their account.

 

Andrew Wyrich

Tech

Published Oct 1, 2021   Updated Oct 1, 2021, 10:08 am CDT

The Federal Communications Commission (FCC) announced on Thursday that it wants to amend rules that would crack down on various ways scammers hijack cellphones.

The agency issued a notice of proposed rulemaking to tighten certain rules to combat SIM swapping and port-out fraud after it had “received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm” because of them.

SIM swapping is when a scammer convinces a customer’s phone provider to transfer service to a cellphone that the scammer has in their possession. This can allow them to divert messages, including two-factor authentication codes sent to them for various accounts.

Port-out fraud is when a scammer poses as a victim and opens an account with a phone provider that is different than the one they have. The scammer then has the victim’s phone number “ported out” to the account that the scammer created.

The FCC noted that “recent data breaches have exposed customer information that could potentially make it easier to pull off these kinds of attacks.”

Specifically, the FCC is looking to update rules to require phone providers to use secure methods to authenticate a customer before they redirect their phone number to a new device. It also wants to require phone providers to notify customers “immediately” when a SIM change or port request is made on a customer’s account.

“As Senator Ron Wyden has said, ‘Consumers are at the mercy of wireless carriers when it comes to being protected against SIM swaps.’ He’s right. But we have tools at this agency we can use so consumers are better protected, and their devices are more secure,” Acting FCC Chairwoman Jessica Rosenworcel said in a statement. “In fact, we have rules on the books designed to prevent your carrier from sharing personal and private information. These rules govern how carriers are supposed to protect what is known in the law as customer proprietary network information, or CPNI. But these rules need an update to address new types of fraud like SIM swapping.”

The proposed rulemaking is now open for public comment, which the FCC will take into account before it decides to change the rules. After 30 days of public comment, people can reply for an additional 60 days.


Read more about the FCC

‘Nightmare scenario’: Biden’s delay in appointing FCC leaders could lead to a Republican takeover
Even Republicans are stunned at Biden’s delay in filling out the FCC
6 million households have signed up for FCC’s broadband benefit program
Senators push for Biden to name Rosenworcel as permanent FCC chair
FCC wants to do more to stop cellphone hijacking

Share this article
*First Published: Oct 1, 2021, 8:51 am CDT