TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Directory
  • Smart Studio
  • Surveys
  • Debates
  • Perspectives
  • DSP Leaders World Forum
  • DSP Leaders
  • Great Telco Debate
    • |
    • Follow
    • |
    • Subscribe
  • |
  • More
  • Webcasts
  • Surveys
  • Debates
  • Perspectives
  • Great Telco Debate
  • |
  • Follow TelecomTV
  • |
    • Subscribe
    • |
  • About
  • Privacy
  • Help
  • Contact
  • Follow TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Security

Security

Three UK takes on SIM-swappers with CallSign deal

Nick Wood
By Nick Wood

Apr 10, 2019

via Flickr ©  shoe_scraper_of_death (CC BY-ND 2.0)

via Flickr © shoe_scraper_of_death (CC BY-ND 2.0)

  • Operator to takes extra measures to verify customers' identity
  • Sector expected to spend $6bn on security solutions this year
  • In cat-and-mouse game of cybersecurity, CSPs are the mice

Three UK has ramped up efforts to thwart fraudsters and protect customers by partnering with authentication specialist CallSign.

CallSign builds a profile of an end user that incorporates information like their handset model, approximate location, and typical behaviour. The information can be provided to banks to use as another means of authenticating a customer's identity. If someone phones the bank posing as a Three customer, that bank is much better equipped to detect when something fishy – or phishy, if you like – is going on.

The telecoms industry is one of the biggest spenders when it comes to security. IDC expects telco spending on security-related hardware, software and services to top $6 billion this year, and grow at a CAGR of 11.8 percent between 2018 and 2022.

Authentication is a major issue for mobile operators and online service providers, because the latter has been encouraging people to use their phone number as a means of verifying their identity. This is naïve for many reasons, the obvious one being that phone numbers can be recycled without the bank/social media company/email provider/e-commerce Website's knowledge.

Phone numbers can also be obtained fraudulently via SIM-swap attacks. Once a ne'er-do-well has control of a phone number they can attempt to authenticate with the bank, or Instagram etc. by getting it to send an SMS verification code to their illicitly-gained number. This could grant them access to the victim's various online accounts, then all they have to do is change the passwords.

Aspiring SIM-swappers can use phishing emails or phone calls as a means to dupe customers into disclosing enough personal information for them to contact the victim's operator and order a new SIM. In the past they have also bribed telco employees to do their dirty work, transferring a customer's phone number to a new SIM, then transferring it back again once the attacker is finished with it.

Three UK dodged a bullet a few years ago when it emerged that criminals gained unauthorised access to customer information. They used it in an attempt to fraudulently obtain new handsets, rather than steal phone numbers, but it doubtless came as a nasty surprise to the operator.

Risks worth taking

Telcos that want to make the leap from CSP to DSP – that's digital service provider – in all likelihood don't want to abdicate responsibility for their customers' identity, which is why partnerships like those announced by Three and CallSign this week are significant.

It won't stop criminals from trying to steal customer data though, it will merely divert their efforts towards another attack vector, and this is the point that is worth remembering when companies make pronouncements about stopping fraud in its tracks.

In the cat-and-mouse game of cybersecurity, the companies are the mice, constantly trying to fend off whatever crafty attempt the attacker might make next. They aren't the ones hunting down the criminals, they're the ones trying to stay one step ahead of them. Sometimes, as evidenced by all the high-profile data breaches we've seen in recent years, they are caught.

Related Topics
  • Analysis & Opinion,
  • Announcement,
  • Business Models,
  • Europe,
  • Mobile,
  • News,
  • Security,
  • Telco & CSP,
  • Three UK

More Like This

Security

Increasing need for device management security pushes IoT security services to US$16.8 Billion by 2026

Jan 27, 2021

Digital Platforms & Services

TIM takes a Noovle approach to cloud and the edge

Jan 25, 2021

Security

Samsung 5G base stations achieve Common Criteria certification in North America

Jan 22, 2021

Security

What’s up with… Xiaomi, Bouygues Telecom, Qualcomm

Jan 15, 2021

Security

Versa Networks records strongest year ever of rapidly growing SASE and secure SD-WAN sales

Jan 14, 2021

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

1:4:29

Great Telco Debate: Live Debate – Day 2 (On-demand)

1:18:20

Great Telco Debate: Live Debate – Day 3 (On-demand)

43:08

Developing an ecosystem for vRAN

2:23

The TelecomTV Snapshot: The Great Telco Debate 2020 - CSP Highlights

  • TelecomTV
  • Decisive Media

TelecomTV is produced by the team at Decisive Media

Menu
  • News
  • Videos
  • Channels
  • Directory
  • Smart Studio
 
  • Surveys
  • Debates
  • Perspectives
  • Events
  • About Us
Our Brands
  • TelecomTV Tracker
  • TelecomTV Perspectives
  • DSP Leaders
  • DSP Leaders World Forum
  • The Great Telco Debate
Get In Touch
[email protected]
+44 (0) 207 448 1070

Request a Media Pack

Follow
  • © Decisive Media Limited 2021. All rights reserved. All brands and products are the trademarks of their respective holder(s).
  • Privacy
  • Terms
  • Legal Notices