Can This Patent Stop SIM Swaps?

Payfone, a software company with offices in New York and Denver, claims their latest patent can ‘eliminate’ SIM swaps. Their press release says:

Leading cryptocurrency, banking and fintech companies have eliminated SIM swap and number port-out account takeover attacks using Payfone’s patented digital identity technology

How does it work?

Called the Trust Score, the technology is already helping proactive service providers to protect their customers by detecting SIM swap and porting signals before hackers can take over accounts, and alerting companies of abnormal activity.

Sounds good. But I cannot make any sense of this promise. How does anyone detect anything before it happens? Is this a technology based specifically around the process for porting numbers in the USA, and if so, how would it prevent SIM swaps where fraudsters impersonate the customer and pretend their phone has been lost?

The announcement offers a little more detail about how the technology works.

Payfone’s Trust Score gives companies real-time insights, at the time of a transaction, by combining a check of whether a SIM swap has taken place with advanced behavioral analytics. Payfone is able to provide these services without storing or passing personally identifiable information in production environments to service providers who obtain consent to use the Trust Score.

The Trust Score has an additional benefit of creating a more seamless experience for legitimate users. One of the main complaints that consumers have about accessing online services is that proving their identities through passwords, knowledge-based authentication, and SMS one-time passcodes is cumbersome and time-consuming. Payfone overcomes this tradeoff by using advanced analytics to make logging into online accounts easy for good users and impossible for scammers.

Payfone may have something good to offer. It is just a shame that when a service is premised on the fact that we live in a world when other people cannot be trusted, there is still a reluctance to trust potential customers by explaining how the service works.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.