Identify and Defeat SIM Swap Fraud With Vonage Network APIs

In December 2023, the Privacy and Data Protection Task Force of the Federal Communications Commission (FCC) in the U.S., issued a warning to mobile service providers to ensure they are protecting customers from the increased threat of SIM fraud. The European Union Agency for Cybersecurity has put out a similar alert two years prior.

Governments are not the only ones going on record on the threat of SIM fraud. Media has been quick to pick up hair-raising stories of regular people and businesses falling victim to this new trick of scammers. For example, in January 2024, the U.S. charged a Chicago man and co-conspirators with the largest SIM swap scheme yet. The crime? Allegedly stealing $400 million in cryptocurrency by targeting over 50 victims in more than a dozen states.

The scariest thing about SIM fraud is that it’s “silent” — taking advantage of a weakness in two-factor authentication and using the victim’s phone number to access their accounts. 

What is SIM swap fraud? 

The FCC warning highlights that consumers use cell phone numbers to authenticate their identities across a variety of accounts, including with wireless providers, financial institutions, healthcare providers, and retail websites. 

SIM swap fraud is a process through which a mobile device user's current SIM card is deactivated and replaced with a new one without their knowledge. A bad actor would contact the mobile user’s service provider and request a new SIM card for various credible reasons, such as a lost or damaged SIM card or an upgrade to a new phone. 

After a “successful” fraudulent SIM swap, the bad actor is able to intercept SMS messages, reset passwords, or receive verification codes that allow them to access protected accounts.

Tools for application developers 

Fighting fraud becomes an increasingly challenging task for the application providers when countermeasures, like two-factor authentication, are at risk of creating new opportunities for the bad actors. This has become a global issue, which is why the GSMA — the mobile industry’s standards body, with over 1,000 operators — have aligned behind the common CAMARA-based network API standard. CAMARA is an open-source project within Linux Foundation to define, develop, and test network APIs. Vonage is an active contributor to the project, making user-friendly communications and network APIs available to a broad community of developers.

Ultimately, this is very good news for application developers. Thanks to the CAMARA standardizations and the new Vonage SIM Swap Network API, it’s possible to detect if a wireless device has recently issued a new SIM to an existing account, which allows for quick detection of potential fraud. 

What is the Vonage SIM Swap Network API?

With this latest Vonage API, an application developer can easily integrate this detection capability and use it to answer two distinct questions:

• When did the last SIM swap occur?
• Has a SIM swap occurred during the last (specific number) hours?

By empowering application developers to verify if a phone number has undergone recent SIM card changes, the Vonage SIM Swap Network API helps significantly reduce the impact of account takeover fraud — mitigating negative impacts on both service providers and their customers.