SIM change, number portability: new rules for users, against scams

Listen to the audio version of the article

From November 14, everything changes in the methods required to carry out number portability, SIM change or take over a number telephony contract. In fact, after more than a year of gestation, the new AGCOM (Communications Authority) rules against fraud come into force. Therefore, new protections, but also new methods that will be good to know for all mobile phone users.

The sim swap risk

We begin to understand why this step was necessary. Credit fraud is worth about 125 million euros a year, to the detriment of consumers (according to the Crif observatory). The figure has been stable over the past year, but has boomed during the pandemic, especially in 2020. Credit fraud is often based on identity theft. The scammer may be able to make transfers from the victim’s account to his or her own account or to divert an incoming transfer (for example from the pension) to his own account. To do this, he needs to steal not only his bank login credentials but also his one-time password. If you can receive it via text message, just get the victim’s number checked and that’s it.

How you do it?

“The scammers succeed by obtaining a sim change from the operator, ie transferring the victim’s number to a sim in their possession. They do it with false documents or with the complicity of the shopkeeper they turn to ”, explains Paolo Dal Checco, one of the leading experts in computer forensics in Italy and mobile fraud. Of course, there have been sentences that have forced telephone operators to reimburse users for theft caused by sim swaps, because it is their responsibility for not having supervised properly. They got fooled by a fake ID or didn’t ask for it. But getting refunds wasn’t guaranteed and still forced the user into a judicial battle. The new rules will serve to reduce the risk of scams and clarify the responsibilities in a more strict way.The theft of the temporary password via sms also allows the theft of the email or social account (if protected by double authentication).

The new rules

The holder must request the passage of the SIM card (the proxy is no longer valid), who will also be required to present: a copy of the identification document; a copy of the tax code or health card; (except in cases of lost or stolen sim) the copy of the sim of the current operator. The big news is that for all portability, SIM change, the operator will have to send a text message to the number concerned, as stated in the Agcom resolution. The user, receiving the sms, will have to confirm the sim change. In this way, procedures done without his knowledge are avoided. In the case of a faulty sim, however, it becomes mandatory to deliver it to have a change. The most critical point concerns sim changes due to loss or theft. In this case, of course, it is not possible to confirm via text message or to bring the old sim, as a guarantee of the authenticity of the operation. The new rules then provide for the sending of the SMS in any case to the number whose sim is presumed lost. The user can thus be notified and possibly stop the fraud. If there is no answer, however, there is silent assent and it is assumed that the sim has really been lost (which is why the user does not respond to the alert). And the procedure can go on. The risk is that the text message escapes us, perhaps because it arrives on a secondary number that we use little. The advice is to be careful with text messages. Better still, where possible, disable the text message option for double authentication and bind them only to the use of specific mobile apps.