TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research and Innovation
  • Security
  • More Topics
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • |
  • About
  • Contact
  • |
  • Connect with us
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research & Innovation
  • Security
  • Connect with TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Security

Security

Three UK takes on SIM-swappers with CallSign deal

Nick Wood
By Nick Wood

Apr 10, 2019

via Flickr ©  shoe_scraper_of_death (CC BY-ND 2.0)

via Flickr © shoe_scraper_of_death (CC BY-ND 2.0)

  • Operator to takes extra measures to verify customers' identity
  • Sector expected to spend $6bn on security solutions this year
  • In cat-and-mouse game of cybersecurity, CSPs are the mice

Three UK has ramped up efforts to thwart fraudsters and protect customers by partnering with authentication specialist CallSign.

CallSign builds a profile of an end user that incorporates information like their handset model, approximate location, and typical behaviour. The information can be provided to banks to use as another means of authenticating a customer's identity. If someone phones the bank posing as a Three customer, that bank is much better equipped to detect when something fishy – or phishy, if you like – is going on.

The telecoms industry is one of the biggest spenders when it comes to security. IDC expects telco spending on security-related hardware, software and services to top $6 billion this year, and grow at a CAGR of 11.8 percent between 2018 and 2022.

Authentication is a major issue for mobile operators and online service providers, because the latter has been encouraging people to use their phone number as a means of verifying their identity. This is naïve for many reasons, the obvious one being that phone numbers can be recycled without the bank/social media company/email provider/e-commerce Website's knowledge.

Phone numbers can also be obtained fraudulently via SIM-swap attacks. Once a ne'er-do-well has control of a phone number they can attempt to authenticate with the bank, or Instagram etc. by getting it to send an SMS verification code to their illicitly-gained number. This could grant them access to the victim's various online accounts, then all they have to do is change the passwords.

Aspiring SIM-swappers can use phishing emails or phone calls as a means to dupe customers into disclosing enough personal information for them to contact the victim's operator and order a new SIM. In the past they have also bribed telco employees to do their dirty work, transferring a customer's phone number to a new SIM, then transferring it back again once the attacker is finished with it.

Three UK dodged a bullet a few years ago when it emerged that criminals gained unauthorised access to customer information. They used it in an attempt to fraudulently obtain new handsets, rather than steal phone numbers, but it doubtless came as a nasty surprise to the operator.

Risks worth taking

Telcos that want to make the leap from CSP to DSP – that's digital service provider – in all likelihood don't want to abdicate responsibility for their customers' identity, which is why partnerships like those announced by Three and CallSign this week are significant.

It won't stop criminals from trying to steal customer data though, it will merely divert their efforts towards another attack vector, and this is the point that is worth remembering when companies make pronouncements about stopping fraud in its tracks.

In the cat-and-mouse game of cybersecurity, the companies are the mice, constantly trying to fend off whatever crafty attempt the attacker might make next. They aren't the ones hunting down the criminals, they're the ones trying to stay one step ahead of them. Sometimes, as evidenced by all the high-profile data breaches we've seen in recent years, they are caught.

Related Topics
  • Analysis & Opinion,
  • Announcement,
  • Business Models,
  • Europe,
  • Mobile,
  • News,
  • Security,
  • Telco & CSP,
  • Three UK

More Like This

Digital Platforms and Services

Cisco and Telenor Group sign agreement to explore new as-a-service business models and enable a more inclusive internet

Mar 17, 2023

Security

Scale and impact of online fraud revealed

Mar 17, 2023

Digital Platforms and Services

What’s up with… TikTok, GPT-4, Meta, Three

Mar 16, 2023

Security

Telxius boosts its DDoS mitigation capacity with new scrubbing centres in Latin America

Mar 15, 2023

Security

ENISA unveils the telecom cybersecurity challenges

Mar 10, 2023

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

10:43

MWC23 interview: Mari-Noëlle Jégo-Laveissière, deputy CEO of Orange

12:45

MWC23 interview: Abdu Mudesir, Group CTO, Deutsche Telekom

9:26

MWC23 interview: Greg McCall, Chief Networks Officer, BT

TelecomTV
Company
  • About Us
  • Media Kit
  • Contact Us
Our Brands
  • DSP Leaders World Forum
  • Great Telco Debate
  • TelecomTV Events
Get In Touch
[email protected]
+44 (0) 207 448 1070
Connect With Us

  • Privacy
  • Cookies
  • Terms of Use
  • Legal Notices
  • Help

TelecomTV is produced by the team at Decisive Media.

© Decisive Media Limited 2023. All rights reserved. All brands and products are the trademarks of their respective holder(s).