Unauthorized number porting

Unauthorized number porting

Unauthorized number porting

SOLVED
I'm a Participant Level 1

Unauthorized number porting

I recently heard about a new problem of people having their phone numbers ported fraudulently to unauthorized criminals. What is the best way to protect my Fido phone number from this type of illegal activity. I use the normal 2 factor verification all of my sensitive email and banking. However most these 2 step verification request go by text to my phone. This practice becomes useless if the unauthorized user has taken control of my phone number. 

Does Fido have a procedure in place that protects me from having my number ported to a new carrier without my being aware of the transfer.

Accepted Solution

Re: Unauthorized number porting

Solved by Moderator

Hey @nickgx,

 

We take our role of protecting our customers’ personal information very seriously. As fraudsters use evolving techniques to try to take advantage of wireless consumers, we continually strengthen processes to prevent unauthorized porting.

 

Whenever a port out is requested, you'll be advised by SMS right away for security purposes. If the port out wasn't authorized, you'll be directed by the SMS to call the Validation Team.

 

Hope this helps! 

 

 

View solution in context
31 REPLIES 31
I'm a Participant Level 1

A newspaper article today (June 03) on unauthorized porting mentions Rogers offers a service called "port protection" and recommends calling your provider and having it added.

I cannot find anything on the Fido website that mentions this "service".

Does Fido have this service?

 

Hey there @Geprge

 

We offer different options to secure your account and your lines. Have you had the chance to contact us to go over them with our agents?

 

You can do so by reaching out to us at these channels. Hope this helps Smiley



I'm a Participant Level 1

 

Hello

 

I have to assume this may be a perfectly fine answer - I saw this post & have further questions

 

If a cell # was already ported- would the SMS actually be received by the original cell phone ?

 

has fido tested this ?

 

Please advise

 

 

Hello Meinwinnipeg,

 

  Welcome to the community!

 

  The SMS to which the solution above refers would be sent to the original SIM prior to the port-out. That would allow the owner to contact the verification team to prevent any port-out.

 

  If a number has already been ported-out then the original SIM would be deactivated. Any SMS would be received by the new SIM with that phone number.

 

Hope this helps 😀

 

Cheers

 


I'm a Participant Level 2

This porting scam is gaining momentum in Canada and your way of dealing withit does not protect your subscribers.

There needs to be a better stronger safeguard put in place on our accounts where its takes more than a simple warning text that as you have already heard is easily missed. You should at least send multiple texts and have a 2 week waiting period. If the porting request is for real your subscriber will have time to get back to you.

You are treating this like a " who cares their leaving" scenario when in fact loyal customers identities are being put at risk. Help us please,

 

 

Hello Mocco,

 

  Welcome to the community!

 


@mocco wrote:.. You should at least send multiple texts and have a 2 week waiting period. If the porting request is for real your subscriber will have time to get back to you.

  I agree the SIM swapping SCAM is a serious issue. However, how about legitimate number porting? Customers wanting to change providers would want a fast and efficient process.

 

  The simpler solution (probably also plagued with its own issues) would be to not allow any porting until a confirmation reply SMS is received from the original SIM. Without the original SIM, scammers wouldn't be able to provide the confirmation reply. On the other hand, customers wishing to port the numbers to a different provider could confirm they wish to port the number without delay.

 

  One obvious issue with my suggested solution is that scammers could find a way to provide a confirmation reply by spoofing the phone number in consideration.

 

  I don't know if there is a perfect solution. However, any possible solution needs to take into account both possible scammers as well as legitimate customers.

 

Cheers

 


I'm a Participant Level 2

So what is FIDO going to officially do about it?

 

Thanks

I'm a Participant Level 1

This needs to be addressed immediately! Very similar to a domain name lock, you should instigate a phone number port lock. 

 

If you don't, more and more unlawful porting scams are going to plague the system, including hacked accounts, banking, credit cards, etc. 

 

This is a huge deal! 

 

An sms message *after* the port has completed is not good enough, the scammers can take control of accounts before you have time to act!! 

Hey @Wdan7rx

We hear your concerns and we definitely understand how this can be a worrisome situation. Rest assured that is the last thing we want for anyone. 


To clarify, we also send an SMS while the port-out is requested and not only after it is completed. This SMS in question is meant to help our customers stay informed that this transaction has taken place, also giving them the opportunity to cancel the request if it wasn't their doing. 


Customers’ privacy and security will always be a #1 priority for us and we're always working to combat these kinds of fraudulent activities and implementing steps to reduce them.

 



I'm a Participant Level 2

Can you let us know how long the porting process takes after the SMS is sent? How long do we have to get back to you in order to stop the process from happening?

I'm a Participant Level 1

In response to this answer- "Whenever a port out is requested, you'll be advised by SMS right away for security purposes. If the port out wasn't authorized, you'll be directed by the SMS to call the Validation Team."  - why can't there be a requirement for the actual owner of the number to provide a password or some sort of authentication code before you allow the number to be ported? Why is it up to the victim of the scammer to get in touch with the Validation Team?  From what I've been hearing, it can take a while to get through to support and the number can be ported while you're waiting on hold! The code could be set up at the time the Fido account is created by the customer, with the understanding that no future porting will be permitted without that code being provided by the original owner. Just a thought...

It's hard to say, the delay varies depending on the complexity of the request @Nancy20 . You have enough time to contact us as soon as the message is received though.

 

Thanks for your feedback and suggestions @rlmbs . We take protecting our customers’ personal information very seriously, and as fraudsters evolve their tactics, we work with other carriers to continually strengthen processes to prevent unauthorized porting. 

 

 



I'm a Participant Level 1

Can I please tell you I don't want my number ported, unless I verify my identity? If I lock down my number would that not prevent the scam from happening?

I'm a Participant Level 2

Soooo

You are getting good feedback from your subscribers with ways to solve your problem. Why not send our concerns to your manager instead of skirting the question. It seems to me like your subscribers want a proper safeguard in place to protect their identities. Clearly the one you have in place now has holes in it.

 

regards

With the new number porting to authenticate with your financial institution to steal your money by fraudsters everyone is pointing fingers at the phone providers when you should be looking at the security your financial institution is providing.

 

These fraudsters are not porting your number because they want the number, they are doing it in order to steal your money because your financial institution if relying on your cellphone provider for security, it’s not the phone providers job to secure your finances.

 

Fraudsters have no rules or laws to obey, the phone providers, on the other hand, have rules and laws to abide by. Once a phone provider gets a request by another provider to port a number and once the info is correct which the fraudsters already got from the financial institution account that they already compromise but just need to authenticate, the phone provider has no choice but to port the number you can read more about such rules here specifically section 27, here and here.

 

Instead of blaming your phone provider you should be getting your financial intuition to provide better security, If your financial institution implements something like the Google Titan Security Key this would be a much safer way to authenticate your financial accounts.

 

Everyone wants convenience and even a security key might not be as convenient for some simply because you will need to have that key handy.



I'm a Participant Level 2

@KAPABLE-K 

 

I understand where you're coming from, but it starts with the phone number, so why not try to extinguish the problem where it begins? 
 
I spoke with a representative and he said the porting process could take 1 to 2 hrs. Frankly, that's not enough time. 
 
I understand we live in an instant society that need everything done right away, but I'd be willing to wait in order to protect my identity. A 24-48 hrs porting time frame would suffice. If travelling it would be wise to have a phone number lock in place for the notified time of the trip. At least it would give us a chance to stop these crooks in their tracks. 

Hello @Nancy20,

 

The problem does not start with the phone number, the fraudsters do not pick a random number to port then go after your money they already have enough of your info and porting the number is the last step to authenticate your finances and take your money.

 

For the last 15+ years, we have the ability to port our number and the way it is done was never a problem because like I said before no one wants your number. What has changed is people rely on their cell number for 2-factor authentication simply for convenience. Even Kevin Mitnick said two-factor authentication can be vulnerable, you can see that here.

 

It's simple if you don't want your number ported and your money stolen do not rely on your phone number as security. Your phone provider is in the telecom business, not security the burden of securing all our other accounts should not be put on the phone carriers.

 

Phone providers have to operate within the standards the CRTC set they can't just do whatever they want.

If you want changes you need to reach out to the CRTC. I'm sure they will eventually come up with new standards to protect against SIM-Swap but that will come at a cost, it will be the consumer that will have to pay for that. 

 

If you really want to protect your finances you should be reaching out to your financial institution to see what they are doing to better secure your money.



Hey @Lvervaet and @Nancy20

 

Thank you very much for your suggestion. If you want to review the security of your account, you can always contact us using one of the options you'll find here.

 

 

 



I'm a Participant Level 1

 

30.  When a new service provider acts on a customer’s behalf to cancel services, the new service provider must be able to provide proof that the customer has authorized the transfer of service to ensure accuracy of information and to prevent unauthorized transfers.

I might be missing something while reading your references. The regulation does not specify the authorization method, and seems like it's the old and new providers' responsibility to implement proper security mechanism ?

I'm a Participant Level 1

Hi Nick,

As I understand Fido's current policy, if someone tries to port out my number, Fido will send me a warning text before acting, and if I don't respond, Fido will go ahead with the 'porting out'.  The problem with this policy is that if I don't see the text because I am in a meeting or if I don't have my phone with me for the day, Fido will go ahead and do as the scammer has requested.  You are allowing a non response to your text to your customer to be your trigger for doing what the scammer wants.  In my opinion, you need to require some alternative form of verification and a clear positive response from your verified customer in order to eliminate this kind of scam activity.