Unauthorized porting security is weak

Reply
Highlighted
I'm a Participant Level 1
I'm a Participant Level 1

Unauthorized porting security is weak

I read that a Rogers/Fido customer had her number ported while she was on hold to cancel the port-out SMS confirmation. That is absurd.

 

An SMS that defaults to "go" is not security; it's a time game that scammers can use to rob people.

 

One of the threads on this topic was convenience, mentioned by an admin. I suggest that if someone needs their number ported instantly they should go in person to a Fido store. It is foolish to reduce security for everyone for the convenience of a few.

 

I would like to see a setting in my Fido account that locks the SIM.

 

Accepted Solution

Re: Unauthorized porting security is weak

Hello @dnd047,

 

Fido has implemented measures to avoid the unauthorized porting of our numbers, see here.

View solution in context
Flag this to a Moderator
Message 1 of 11
1,861 Views
Highlighted
Moderator
Moderator

Re: Unauthorized porting security is weak

Hey @haaronl

 

We take protecting our customers’ personal information very seriously, and as fraudsters evolve their tactics, we work with other carriers to strengthen our processes to prevent unauthorized porting.  Thanks for your suggestion though!



Flag this to a Moderator
Message 2 of 11
1,753 Views
Highlighted
I'm a Participant Level 2
I'm a Participant Level 2

Re: Unauthorized porting security is weak

This answer is not helpful, and simply avoids dealing with a known problem. Please provide an option for "no porting" that remains in place until changed by the customer with a PIN or by a personal visit, with ID, to a FIDO store. 

You know that the current system is not working. 

Flag this to a Moderator
Message 3 of 11
1,651 Views
Highlighted
Solution

Re: Unauthorized porting security is weak

Hello @dnd047,

 

Fido has implemented measures to avoid the unauthorized porting of our numbers, see here.



Flag this to a Moderator
Message 4 of 11
1,644 Views
Highlighted
I'm a Participant Level 2
I'm a Participant Level 2

Re: Unauthorized porting security is weak

Thanks, this is helpful. 

Flag this to a Moderator
Message 5 of 11
1,637 Views
Highlighted
I'm a Participant Level 1
I'm a Participant Level 1

Re: Unauthorized porting security is weak

This is SIM swapping and its a completely different thing to porting.

Flag this to a Moderator
Message 6 of 11
1,340 Views
Highlighted
I'm a Participant Level 1
I'm a Participant Level 1

Re: Unauthorized porting security is weak

My Fido number was ported on July 8/9th, 2020. I got a text from Fido only July 8 around 5:50 PM telling me that there's an unauthorized request to port my number to a different provider. Call 1866-405-8694. I was a little suspicious so I called Fido main customer service number. An agent confirmed that there was indeed a porting request but don't worry, we stopped it. All is good.

 

ALL WAS NOT GOOD. Next morning, I discovered that my number was no longer in service. Both gmail and hotmail which I use often got hacked. Hacker updated alternative emails and phone number to theirs (it ends in 3953).

The text I received is different from Fido's standard text alert of this type which reads:

Fido has received a request to transfer your telephone number to another Service Provider. If you did not authorize, contact Fido urgently at 1-866-405-8694.

 

Mine was along the line of "Hi, it's Fido! There's an unauthorized request to port your number to a different provider. Call 1-866-405-8694."

 

My complaint: If the word UNAUTHORIZED was in the text, shouldn't you stop the porting until you can further confirm my identity??? the porting was still a GO???

 

This hacking attempt has perpetually put me and my family member at risk of identity theft/fraud because of what I saved (regretfully) in those accounts. I can't even describe the stress it is causing me and my family. 

To everyone, get port protection (Fido, don't fk this one up) and use 2FA on all important accounts. 

Flag this to a Moderator
Message 7 of 11
871 Views
Highlighted
Moderator
Moderator

Re: Unauthorized porting security is weak

Hey @Carpediem1.

 

We apologize for the lack of service you received from the customer service rep as we take our role in protecting our customers’ personal information very seriously. As fraudsters use evolving techniques to try to take advantage of wireless consumers, we continually strengthen processes to prevent unauthorized porting.

 

Whenever a port out is requested, you'll be advised by SMS right away for security purposes as you were in your situation. If the port out wasn't authorized, you'll be directed by the SMS to call the Validation Team.

 



Flag this to a Moderator
Message 8 of 11
848 Views
Highlighted
I'm a Participant Level 1
I'm a Participant Level 1

Re: Unauthorized porting security is weak

The same happened to me on Friday Jul 17. The hacker used the same scheme to get my # and then took control of my hotmail account. I have so much important personally info including my tax returns scans from my accountant in the email account. It is bad. Although I can finally get my # back. I can't get my hotmail back. and the hacker must have downloaded all my emails to their computer.

 

Security is only as strong as the weakest link which is the process of approving porting of our cell # and Fido has not been doing enough to prevent these unauthorized activities from happening. They knew these are happening months ago and still chose not to implement the authorization by phone in person until after the fact. They told me now a lock has been put in place to have my in person authorization before doing transfer. Is it too little too late?

Flag this to a Moderator
Message 9 of 11
806 Views
Highlighted
I'm a Participant Level 1
I'm a Participant Level 1

Re: Unauthorized porting security is weak

Sorry you were hacked, that is actually terrifying. What exactly is port protection, and why isn't it standard? From what I understand, the hacker doesn't even need to contact Fido, they just need to make a request with a new company, so Fido's voice authentication is useless. 

Flag this to a Moderator
Message 10 of 11
458 Views