NatWest and Royal Bank of Scotland are going to change their security procedures as a direct consequence of an online break-in by BBC journalists who were investigating SIM swap fraud.
The BBC Radio 4 programme You and Yours has been contacted by people complaining that they have been victims of this SIM-swap fraud and decided to investigate for itself.
What is SIM swap fraud?
SIM swap fraud is when the criminal manages to divert a user’s phone number to a SIM in their control. They do that by pretending to be the user – with personal information acquired through everything from social media to the black market – and convince the phone provider to transfer the phone number from a user’s SIM, and re-activate it on one in their control. This means that all calls and texts now go through the fraudster’s phone.
This is where we get to the banking: since all texts will now go through the fraudster’s phone, that will also include one-time secure (now ironically named so) codes that the bank texts for transactions. This is all happening without the legitimate user’s knowledge.
The You and Yours investigation involved using one of the programme producer’s bank account as part of the experiment.
“I was able to break to her account without knowing her banking customer number, PIN or any passwords. I did not know her mother’s maiden name, her pet’s name or her first school, and yet I was still able to change her PIN and password to lock her out of her own account. That allowed me to transfer £1.50 to my own bank account, all because I had control of Natalie’s mobile phone.”
Chris Popple, managing director of NatWest Digital, said: “This is a cross-industry problem, particularly with us, and the telecom companies. We working with Financial Fraud Action UK to make sure we’re communicating with each other … to make sure mobile phone security is as strong as it possibly can be.”
Smishing – another issue?
This week, NatWest published a blogpost warning about the dangers of Smishing – a seemingly unrelated security issue.
“SMiShing is a form of phishing, when fraudsters send spoof text messages and emails to try and get your personal information. It’s not a new technique, but with the rise of smartphone use, it’s something we all need to look out for!”
We've had reports of phishing texts (smishing). Be on the lookout for anything suspicious popping up on your mobile https://t.co/CNnduWAVZC
— NatWest Help (@NatWest_Help) March 2, 2016
@NatWest_Help I just got one too… Shouldn't you be stopping this?! It comes from the same origin as genuine messages you've sent me
— Emily Brinley (@emilybrinley) March 3, 2016
Daniel Smith, Director of Relationship Management, Basset and Gold interview: “Consumer demand for new and innovative forms of finance is soaring”
Basset and Gold has announced the launch of its new Innovative Finance ISA (IFISA).
CEO and Co-Founder of Payworks Christian Deger explains how developing partnerships between SMBs and VARs is benefiting the industry.
Amin Lalani, CIO Executive at Huawei Western Europe, explores the rise of self-serving banks.
A new case study by Payment21 payout solutions explores how gaming merchants can expand market shares and realize the potential of a new target group.