Sim Swap Overview
Fraudsters can use social engineering techniques to get users to give them control of a mobile number. Sim Swap fraud is also known as Unauthorised Account Takeover.
The SIM Swap API enables you to act before fraudsters have the chance to change passwords or withdraw funds from your customers' accounts.
Partners can use the API to verify that the SIM card has not recently been swapped (and potentially under the control of a fraudster).
sim swap detection
- Verify your users in the background via a sensitive feature to ensure that the SIM card has not changed.
- It secures the SMS OTP (one-time pins).
Sim Swap provides information (a timestamp) of the last time the SIM was swapped or ported.
How it works
- A customer tried to re-activate their banking app.
- The website (or app) sends a SIM Swap request to Vodafone.
- Vodafone responds with information (a timestamp) on the last time the SIM was changed, e.g. "sim_change": "2010-05-08T13:30:04Z".
- The website (or app) can allow or deny the user's actions based on the timestamp information provided by the API.
Use Case Examples
Customers typically call the SIM Swap API when their end customers:
- Initiate password reset via mobile,
- Install a mobile banking app,
- Set up a new payee, or
- Make any mobile-originated transaction where there’s a transfer of funds