Lawmakers say 'SIM swap' fraud endangers bank accounts, personal info
WASHINGTON (KTVZ) -- Sen. Ron Wyden, D-Ore., and five House and Senate members Thursday pressed the Federal Communications Commission to do more to protect consumers from scammers who hijack phone numbers to hack bank accounts and other personal information.
Sens. Sherrod Brown, D-Ohio, and Edward J. Markey, D-Mass., and Reps. Anna G. Eshoo, D-Calif., Yvette D. Clarke, D-N.Y., and Ted Lieu, D-Calif., joined Wyden to urge FCC Chair Ajit Pai to use the agency’s authority over wireless carriers to protect consumers against these so-called SIM swap scams.
The Federal Trade Commission has received hundreds of complaints about SIM swap fraud, which are used to steal telephone numbers and undermine cybersecurity measures that rely on text messages (known as two-factor authentication). Media reports indicate SIM fraud has caused tens of millions in damages to victims.
“Consumers have no choice but to rely on phone companies to protect them against SIM swaps — and they need to be able to count on the FCC to hold mobile carriers accountable when they fail to secure their systems and thus harm consumers,” the members wrote.
In their letter, the members urged FCC to write new rules to protect consumers against these scams.
“As the primary regulator of the wireless industry, the FCC has the responsibility and authority to secure America’s communication networks and protect consumers who rely on those networks. To that end, we urge the FCC to initiate a rulemaking to protect consumers from SIM swaps, port outs and other similar methods of account fraud,” the members wrote.
Read the full letter here. The members asked for responses to the following questions by February 14:
- Does the FCC track incidents of SIM swapping or port-out fraud, e.g., through its consumer complaints system? If so, how many reports has the FCC received in each of the last thirty-six months?
- Criminals use port outs to move numbers to their own service with a different carrier. Do you believe that the current number porting rules (e.g., 47 CFR § 52, the North American Numbering Council recommendations or the LNPA WG Local Number Portability Best Practices) or the rules for Changes in Preferred Telecommunications Service Providers (47 CFR § 64.1100 et seq., “anti-slamming” rules) are sufficient to prevent fraudulent ports?
- Criminals can use SIM swapping to access the historical call records of their victims, as the carrier online account web sites often rely on SMS for password recovery. Does the FCC believe that the carriers’ legal obligation to secure their customers’ call records under 47 USC § 222 extends to protecting customer online accounts from this form of hacking?
- Does the FCC provide consumers with information on steps they can take to reduce the risk of becoming a victim of illegal SIM swapping. If not, why not?
- In other countries, banks can obtain the most recent SIM swap date of a customer from their carrier to flag potentially suspicious log-in attempts. Does the Commission consider SIM activation dates to be customer proprietary network information or otherwise restrict carriers from providing this information to third parties with the customer’s permission?
- Do the FCC’s CPNI rules prevent mobile carriers from reporting illegal SIM swaps to law enforcement authorities?
- Has the FCC received reports of violations of CPNI involving the hacking of the wireless carriers, including computers in retail stores and those used by customer service agents?
- Has the FCC initiated investigations or taken enforcement actions related to these reports?