FCC adopts new rules for wireless providers to rein in SIM swapping

The Federal Communications Commission (FCC) has adopted new rules designed to stop the practice of SIM swapping.

The tactic involves convincing a target’s wireless carrier to transfer the victim’s service to a cell phone controlled by hackers, giving them access to passwords and other personal information. It has caused billions in losses and continues to be a go-to tactic for some of the most prolific hacking groups.

The FCC’s new rules, announced this week, will force wireless providers to “adopt secure methods of authenticating a customer before redirecting a customer’s phone number to a new device or provider.”

“The new rules require wireless providers to immediately notify customers whenever a SIM change or port-out request is made on customers’ accounts, and take additional steps to protect customers from SIM swap and port-out fraud,” the FCC said.

“These new rules set baseline requirements that establish a uniform framework across the mobile wireless industry while giving wireless providers the flexibility to deliver the most advanced and appropriate fraud protection measures available.”

The rules adopted by the FCC are an update to the Customer Proprietary Network Information (CPNI) and Local Number Portability rules previously in place.

The FCC also asked for the public to reach out about other ways to stop SIM swap and port-out fraud — a similar scam where hackers pose as a victim and open accounts with another carrier under their name.

The bad actor then arranges for the victim’s phone number to be transferred — or “ported out” — to a new account controlled by the bad actor

The FBI said last year that Americans had lost more than $68 million to SIM-swapping attacks in 2021, a number that has been exponentially increasing since 2018 when the agency first began tracking this threat.

FCC chairwoman Jessica Rosenworcel said they are getting more and more complaints from consumers who have suffered losses due to SIM-swapping fraud and noted that the Department of Homeland Security has released reports on multiple gangs that have become experts at carrying out the scheme.

“We require wireless carriers to give subscribers more control over their accounts and provide notice to consumers whenever there is a SIM transfer request, in order to protect against fraudulent requests made by bad actors,” she explained.

“We also revise our customer proprietary network information and local number portability rules to make it harder for scam artists to make requests that get them access to your sensitive subscriber information. We take these steps to improve consumer privacy and put an end to SIM scams. Because we know our phones know a lot about us. They are an entry to our records, our accounts, and so much that we value.”

She added that the FCC earlier this year created the first-ever Privacy and Data Protection Task Force to address issues like SIM swapping and more.