November 2019
I recently heard about a new problem of people having their phone numbers ported fraudulently to unauthorized criminals. What is the best way to protect my Fido phone number from this type of illegal activity. I use the normal 2 factor verification all of my sensitive email and banking. However most these 2 step verification request go by text to my phone. This practice becomes useless if the unauthorized user has taken control of my phone number.
Does Fido have a procedure in place that protects me from having my number ported to a new carrier without my being aware of the transfer.
Solved! Go to Solution.
February 2020
With the new number porting to authenticate with your financial institution to steal your money by fraudsters everyone is pointing fingers at the phone providers when you should be looking at the security your financial institution is providing.
These fraudsters are not porting your number because they want the number, they are doing it in order to steal your money because your financial institution if relying on your cellphone provider for security, it’s not the phone providers job to secure your finances.
Fraudsters have no rules or laws to obey, the phone providers, on the other hand, have rules and laws to abide by. Once a phone provider gets a request by another provider to port a number and once the info is correct which the fraudsters already got from the financial institution account that they already compromise but just need to authenticate, the phone provider has no choice but to port the number you can read more about such rules here specifically section 27, here and here.
Instead of blaming your phone provider you should be getting your financial intuition to provide better security, If your financial institution implements something like the Google Titan Security Key this would be a much safer way to authenticate your financial accounts.
Everyone wants convenience and even a security key might not be as convenient for some simply because you will need to have that key handy.
February 2020
February 2020
Hello @Nancy20,
The problem does not start with the phone number, the fraudsters do not pick a random number to port then go after your money they already have enough of your info and porting the number is the last step to authenticate your finances and take your money.
For the last 15+ years, we have the ability to port our number and the way it is done was never a problem because like I said before no one wants your number. What has changed is people rely on their cell number for 2-factor authentication simply for convenience. Even Kevin Mitnick said two-factor authentication can be vulnerable, you can see that here.
It's simple if you don't want your number ported and your money stolen do not rely on your phone number as security. Your phone provider is in the telecom business, not security the burden of securing all our other accounts should not be put on the phone carriers.
Phone providers have to operate within the standards the CRTC set they can't just do whatever they want.
If you want changes you need to reach out to the CRTC. I'm sure they will eventually come up with new standards to protect against SIM-Swap but that will come at a cost, it will be the consumer that will have to pay for that.
If you really want to protect your finances you should be reaching out to your financial institution to see what they are doing to better secure your money.
February 2020
February 2020
30. When a new service provider acts on a customer’s behalf to cancel services, the new service provider must be able to provide proof that the customer has authorized the transfer of service to ensure accuracy of information and to prevent unauthorized transfers.
I might be missing something while reading your references. The regulation does not specify the authorization method, and seems like it's the old and new providers' responsibility to implement proper security mechanism ?
December 2019
Hi Nick,
As I understand Fido's current policy, if someone tries to port out my number, Fido will send me a warning text before acting, and if I don't respond, Fido will go ahead with the 'porting out'. The problem with this policy is that if I don't see the text because I am in a meeting or if I don't have my phone with me for the day, Fido will go ahead and do as the scammer has requested. You are allowing a non response to your text to your customer to be your trigger for doing what the scammer wants. In my opinion, you need to require some alternative form of verification and a clear positive response from your verified customer in order to eliminate this kind of scam activity.
December 2019
I totally agree with Robh11. Unless you (Fido) get a clear and unequivacable response from us (customer), you should not proceed with the number porting. Actually, I would like to see Fido impose something more robust than the current SMS process. Ideally, a porting request should be challenged with a PIN confirmation from the client. Or alternatively, have a "Do Not Port Out Number" setting in our account profile that we can enable or disable ourselves.
Cheers,
Carl
November 2019
Hello @access and welcome to the Community.
I can totally understand why you are concerned about this. We would be happy to go over your options with you.
I'm sending you a PM now to get this looked into. Hope to talk to you soon.
September 2020
Can you send me info on how to better protect myself. I don't want to be scammed or have my bank scammed. How do I request port protection? Can I just add a note to my file?
September 2020
November 2019
Hey @FidoKenny, can you please message me as well? I'd like to find out options for locking down my account.
November 2019
Hey @nickgx,
We take our role of protecting our customers’ personal information very seriously. As fraudsters use evolving techniques to try to take advantage of wireless consumers, we continually strengthen processes to prevent unauthorized porting.
Whenever a port out is requested, you'll receive an notification SMS right away for security purposes. If you've requested the port out, you'll need to authorize it within 90 minutes, If not, after 90 minutes, the request will expire and no changes will be made.
Hope this helps!
*Updated on 2021-08-28
February 2020
Hi
This is not really helpful, the same thing happened to me first of all when u get the SMS, even if you notice at the same time, there is no way to respond directly to that, so you have to call the number provided rather than directly respond to the SMS, the number provided is 1-866-405-8694 which is the answering machine for fraud detection team, so rather than someone helping you they decided to just take the message and who knows when they get back to you! so technically I someone decides to take your number FIDO has no procedure to protect you and they can't do jack **bleep** about it, you will have 3 days with no number, have to find a way to call the customer service, go through the hassle of following up, if you lucky enough the could retrieve your number after 4 days and you have to go to FIDO store in person to get a new sim card and old number , if you unlucky like me they don't even give u a simple apology and ask you to go to store and get a new sim card and new number , this is ridiculous, I have decided to go with another provider after this happened.
December 2019
Hi FidoClaudia,
Has this SMS validation been applied to all Fido customers or do we have to set it up first?
If we have to request to receive this SMS first, how should I go about doing that for myself?
December 2019
Hey @Ann8554,
When a port-out is requested you will receive an SMS with the alert right away. There is nothing to set up or to request on your end.
I hope that clarifies things! 🙂
December 2019
Thanks for your response. Like many commented, if it is simply an alert it might not be enough as I may be at work or busy and miss the sms. Is there a way to simply prevent the port-out or put a restriction on my account to prevent it unless I confirm by SMS or in person with ID *before* the port is allowed/completed?
December 2019
If you don't respond to the text request for verification does that stop the process or does not responding implicitly approve the process?