- The FCC unveils plans to stop SIM swapping and robocalls in the US.
- This step aims to protect smartphone users from identity theft and fraud.
The Federal Communications Commission (FCC) recently announced its intends to protect US smartphone users from identity theft and fraud. Therefore, it announced its plans to stop robocalls and SIM swapping scammers by several means, such as amending the Customer Proprietary Network Information (CPNI) and Local Number Portability rules.
These means are presented in FCC's Notice of Proposed Rulemaking, and the amendments would force carriers to securely verify a customer's true identity before moving their phone number to another SIM or device and also notify customers when a porting request is made in their name. Implicitly, this also covers the case when an attacker poses as the victim trying to open an account with another carrier and asking to redirect the target's number to the fake new contract the scammer created.
More specifically, since the victims are the last to know about this, the FCC wants carriers to be required to verify a “pre-established password” with customers before making any changes to their accounts.
In their effort to fight robocalls, the FCC set a deadline back in June 2021 for big mobile carriers to implement STIR/SHAKEN protocols, and the deadline was set for June 2023 for the smaller carriers. The telcos need to provide proof of implementing the said protocols and present a comprehensive robocall mitigation plan. However, starting today, the mobile carriers that did not submit the requested paperwork won't have their calls sent to other carrier's customers.
Most of the prominent telcos in the US have already implemented the protocols above. However, one of them already suffered because of SIM swapping this year after a massive data breach.
More details on how the government intends to act in order to combat robocalls can be found in the official FCC press release:
The FCC is using every tool we can to combat malicious robocalls and spoofing – from substantial fines on bad actors to policy changes to technical innovations like STIR/SHAKEN. Today’s deadline establishes a very powerful tool for blocking unlawful robocalls. We will continue to do everything in our power to protect consumers against scammers who flood our homes and businesses with spoofed robocalls.
Fraudsters use the SIM swapping process to get access to a victim's 2FA messages and, this way, access their online accounts as well. This technique implies getting the mobile carrier to transfer the target's number to a SIM the scammer owns.