I recently heard about a new problem of people having their phone numbers ported fraudulently to unauthorized criminals. What is the best way to protect my Fido phone number from this type of illegal activity. I use the normal 2 factor verification all of my sensitive email and banking. However most these 2 step verification request go by text to my phone. This practice becomes useless if the unauthorized user has taken control of my phone number.
Does Fido have a procedure in place that protects me from having my number ported to a new carrier without my being aware of the transfer.
Solved! Go to Solution.
We take our role of protecting our customers’ personal information very seriously. As fraudsters use evolving techniques to try to take advantage of wireless consumers, we continually strengthen processes to prevent unauthorized porting.
Whenever a port out is requested, you'll be advised by SMS right away for security purposes. If the port out wasn't authorized, you'll be directed by the SMS to call the Validation Team.
Hope this helps!
You are getting good feedback from your subscribers with ways to solve your problem. Why not send our concerns to your manager instead of skirting the question. It seems to me like your subscribers want a proper safeguard in place to protect their identities. Clearly the one you have in place now has holes in it.
With the new number porting to authenticate with your financial institution to steal your money by fraudsters everyone is pointing fingers at the phone providers when you should be looking at the security your financial institution is providing.
These fraudsters are not porting your number because they want the number, they are doing it in order to steal your money because your financial institution if relying on your cellphone provider for security, it’s not the phone providers job to secure your finances.
Fraudsters have no rules or laws to obey, the phone providers, on the other hand, have rules and laws to abide by. Once a phone provider gets a request by another provider to port a number and once the info is correct which the fraudsters already got from the financial institution account that they already compromise but just need to authenticate, the phone provider has no choice but to port the number you can read more about such rules here specifically section 27, here and here.
Instead of blaming your phone provider you should be getting your financial intuition to provide better security, If your financial institution implements something like the Google Titan Security Key this would be a much safer way to authenticate your financial accounts.
Everyone wants convenience and even a security key might not be as convenient for some simply because you will need to have that key handy.
30. When a new service provider acts on a customer’s behalf to cancel services, the new service provider must be able to provide proof that the customer has authorized the transfer of service to ensure accuracy of information and to prevent unauthorized transfers.
I might be missing something while reading your references. The regulation does not specify the authorization method, and seems like it's the old and new providers' responsibility to implement proper security mechanism ?
The problem does not start with the phone number, the fraudsters do not pick a random number to port then go after your money they already have enough of your info and porting the number is the last step to authenticate your finances and take your money.
For the last 15+ years, we have the ability to port our number and the way it is done was never a problem because like I said before no one wants your number. What has changed is people rely on their cell number for 2-factor authentication simply for convenience. Even Kevin Mitnick said two-factor authentication can be vulnerable, you can see that here.
It's simple if you don't want your number ported and your money stolen do not rely on your phone number as security. Your phone provider is in the telecom business, not security the burden of securing all our other accounts should not be put on the phone carriers.
Phone providers have to operate within the standards the CRTC set they can't just do whatever they want.
If you want changes you need to reach out to the CRTC. I'm sure they will eventually come up with new standards to protect against SIM-Swap but that will come at a cost, it will be the consumer that will have to pay for that.
If you really want to protect your finances you should be reaching out to your financial institution to see what they are doing to better secure your money.
This is not really helpful, the same thing happened to me first of all when u get the SMS, even if you notice at the same time, there is no way to respond directly to that, so you have to call the number provided rather than directly respond to the SMS, the number provided is 1-866-405-8694 which is the answering machine for fraud detection team, so rather than someone helping you they decided to just take the message and who knows when they get back to you! so technically I someone decides to take your number FIDO has no procedure to protect you and they can't do jack **bleep** about it, you will have 3 days with no number, have to find a way to call the customer service, go through the hassle of following up, if you lucky enough the could retrieve your number after 4 days and you have to go to FIDO store in person to get a new sim card and old number , if you unlucky like me they don't even give u a simple apology and ask you to go to store and get a new sim card and new number , this is ridiculous, I have decided to go with another provider after this happened.