TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • Open RAN
  • Digital Platforms and Services
  • 5G
  • Access Evolution
  • Private Networks
  • Cloud Native
  • Edge
  • Open Networking
  • Sustainability
  • AI, Analytics and Automation
  • 6G Research and Innovation
  • Security
  • More Topics
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • |
  • About
  • Contact
  • |
  • Connect with us
  • 5G
  • 6G Research and Innovation
  • Access Evolution
  • AI, Analytics and Automation
  • Cloud Native
  • Digital Platforms and Services
  • Edge
  • Open Networking
  • Open RAN
  • Private Networks
  • Security
  • Sustainability
  • Connect with TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Security

Security

Three UK takes on SIM-swappers with CallSign deal

Nick Wood
By Nick Wood

Apr 10, 2019

via Flickr ©  shoe_scraper_of_death (CC BY-ND 2.0)

via Flickr © shoe_scraper_of_death (CC BY-ND 2.0)

  • Operator to takes extra measures to verify customers' identity
  • Sector expected to spend $6bn on security solutions this year
  • In cat-and-mouse game of cybersecurity, CSPs are the mice

Three UK has ramped up efforts to thwart fraudsters and protect customers by partnering with authentication specialist CallSign.

CallSign builds a profile of an end user that incorporates information like their handset model, approximate location, and typical behaviour. The information can be provided to banks to use as another means of authenticating a customer's identity. If someone phones the bank posing as a Three customer, that bank is much better equipped to detect when something fishy – or phishy, if you like – is going on.

The telecoms industry is one of the biggest spenders when it comes to security. IDC expects telco spending on security-related hardware, software and services to top $6 billion this year, and grow at a CAGR of 11.8 percent between 2018 and 2022.

Authentication is a major issue for mobile operators and online service providers, because the latter has been encouraging people to use their phone number as a means of verifying their identity. This is naïve for many reasons, the obvious one being that phone numbers can be recycled without the bank/social media company/email provider/e-commerce Website's knowledge.

Phone numbers can also be obtained fraudulently via SIM-swap attacks. Once a ne'er-do-well has control of a phone number they can attempt to authenticate with the bank, or Instagram etc. by getting it to send an SMS verification code to their illicitly-gained number. This could grant them access to the victim's various online accounts, then all they have to do is change the passwords.

Aspiring SIM-swappers can use phishing emails or phone calls as a means to dupe customers into disclosing enough personal information for them to contact the victim's operator and order a new SIM. In the past they have also bribed telco employees to do their dirty work, transferring a customer's phone number to a new SIM, then transferring it back again once the attacker is finished with it.

Three UK dodged a bullet a few years ago when it emerged that criminals gained unauthorised access to customer information. They used it in an attempt to fraudulently obtain new handsets, rather than steal phone numbers, but it doubtless came as a nasty surprise to the operator.

Risks worth taking

Telcos that want to make the leap from CSP to DSP – that's digital service provider – in all likelihood don't want to abdicate responsibility for their customers' identity, which is why partnerships like those announced by Three and CallSign this week are significant.

It won't stop criminals from trying to steal customer data though, it will merely divert their efforts towards another attack vector, and this is the point that is worth remembering when companies make pronouncements about stopping fraud in its tracks.

In the cat-and-mouse game of cybersecurity, the companies are the mice, constantly trying to fend off whatever crafty attempt the attacker might make next. They aren't the ones hunting down the criminals, they're the ones trying to stay one step ahead of them. Sometimes, as evidenced by all the high-profile data breaches we've seen in recent years, they are caught.

Related Topics
  • Analysis & Opinion,
  • Announcement,
  • Business Models,
  • Europe,
  • Mobile,
  • News,
  • Security,
  • Telco & CSP,
  • Three UK

More Like This

Open RAN

Open RAN community needs to focus on TCO models and security: Poll result

Jun 28, 2022

Access Evolution

What’s up with… InterDigital, Tibit Communications, public cloud spending

Jun 23, 2022

Security

Dufrain warns telcos to make data governance a priority as GDPR fines hit EUR1.6 billion

Jun 21, 2022

Security

Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23

Jun 21, 2022

Digital Platforms & Services

Proximus and Howest to create 5G lab for companies and industry partners

Jun 16, 2022

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

10:14

Executive Interview: Vodafone’s Lucia De Miguel Albertos on the ultimate RAN Intelligent Controller

39:34

Figuring out the TCO of Open RAN

6:47

Dell's Role in Open RAN

4:24

Executive Interview: Neil McRae on BT's Open RAN Plans

TelecomTV
Company
  • About Us
  • Media Kit
  • Contact Us
Our Brands
  • DSP Leaders World Forum
  • Great Telco Debate
  • TelecomTV Events
Get In Touch
[email protected]
+44 (0) 207 448 1070
Connect With Us
  • Privacy
  • Cookies
  • Terms of Use
  • Legal Notices
  • Help

TelecomTV is produced by the team at Decisive Media.

© Decisive Media Limited 2022. All rights reserved. All brands and products are the trademarks of their respective holder(s).