A person replacing a SIM card on a cell phone.

Shutterstock (Licensed)

FCC wants to do more to stop cellphone hijacking

The rules would require providers to notify customers when a SIM change request is made on their account.

 

Andrew Wyrich

Tech

Posted on Oct 1, 2021   Updated on Oct 1, 2021, 10:08 am CDT

The Federal Communications Commission (FCC) announced on Thursday that it wants to amend rules that would crack down on various ways scammers hijack cellphones.

The agency issued a notice of proposed rulemaking to tighten certain rules to combat SIM swapping and port-out fraud after it had “received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm” because of them.

SIM swapping is when a scammer convinces a customer’s phone provider to transfer service to a cellphone that the scammer has in their possession. This can allow them to divert messages, including two-factor authentication codes sent to them for various accounts.

Port-out fraud is when a scammer poses as a victim and opens an account with a phone provider that is different than the one they have. The scammer then has the victim’s phone number “ported out” to the account that the scammer created.

The FCC noted that “recent data breaches have exposed customer information that could potentially make it easier to pull off these kinds of attacks.”

Specifically, the FCC is looking to update rules to require phone providers to use secure methods to authenticate a customer before they redirect their phone number to a new device. It also wants to require phone providers to notify customers “immediately” when a SIM change or port request is made on a customer’s account.

“As Senator Ron Wyden has said, ‘Consumers are at the mercy of wireless carriers when it comes to being protected against SIM swaps.’ He’s right. But we have tools at this agency we can use so consumers are better protected, and their devices are more secure,” Acting FCC Chairwoman Jessica Rosenworcel said in a statement. “In fact, we have rules on the books designed to prevent your carrier from sharing personal and private information. These rules govern how carriers are supposed to protect what is known in the law as customer proprietary network information, or CPNI. But these rules need an update to address new types of fraud like SIM swapping.”

The proposed rulemaking is now open for public comment, which the FCC will take into account before it decides to change the rules. After 30 days of public comment, people can reply for an additional 60 days.


Read more about the FCC

Gigi Sohn calls Republican accusations against her a big telecom-led effort to keep the FCC deadlocked
FCC says 10 million homes have now signed up for affordable internet subsidy
ISPs won’t quit trying to derail California’s ‘gold standard’ net neutrality law
FCC agrees to crack down on ‘sweetheart deals’ that restrict broadband choice in apartments, condos
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.

Share this article
*First Published: Oct 1, 2021, 8:51 am CDT