When a user’s Mobile Network Operator (MNO) issues a replacement SIM, they deactivate the old SIM (i.e. it can no longer access any MNO services) the moment the new one is activated (i.e. connects to the network). The new SIM has the same phone number as the old one. This is why Instant PhoneCheck will verify that the user is in possession of the expected phone number.
However, because this is a new SIM, Active SIMCheck and Strong SubscriberCheck will both flag that the SIM has been changed (if verified within 7 days of the new SIM being issued). From there, the action taken depends on the Level of Assurance you require at this stage. If SIM swaps are a threat, the app must present a different identity challenge which doesn’t use telephonic identity. In low-risk situations, this may not be necessary.
This combination not only provides a fast and frictionless user experience, but is much more secure than SMS alone, which verifies possession but is not be able to recognise a new SIM.
Comments
0 comments
Please sign in to leave a comment.