The FCC has proposed new rules for wireless telecom carriers to require best practices for authenticating customers who are attempting to move service to a new phone or new carrier. The rules are an attempt to crack down on SIM swap fraud and port-out fraud, where a bad actor impersonates a wireless customer in order to take over their phone number. This then allows the bad actor to receive one-time passcodes intended for the victim, and access other online accounts, including email, social media, and bank accounts. The new rules require authentication by pre-established password or a one-time passcode. The rules also tighten requirements for giving out any sensitive customer information, banning authentication by "readily available biographical information, account information, recent payment information, or call detail information", and requiring photo ID for in-person interactions. The rules also require specific new customer notifications when a SIM swap or number port has occurred. The proposal now enters a 60-day comment period.
top of page
bottom of page