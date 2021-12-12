Digitization, technological advancement and the passage of the years in general have been configuring a scenario in which our mobile phone is the last identification for a multitude of services to confirm that we are who we say we are. The electronic DNI has been with us since 2006 and it continues to be nothing like something simple and universal with which to identify ourselves digitally. We even have the CL @ VE service to identify ourselves with our smartphone. In the absence of a card, good is the mobile.

This quite comfortable and convenient setting has a wicked side: leaving us in the hands of the mobile means that anyone who takes control can impersonate us. And it does not have to be physically, it is enough to have a SIM associated with our number. And that’s possibly the weakest link in the chain. Where the SIM comes in swapping.

A SIM with our number = free way in our bank

The passage of time has also left us nightmare cases in which any person suddenly ran out of coverage, without an active line (the prelude to horror), only to discover shortly afterwards that his bank account had gone to zero.

The operator store employee, the weakest link in the face of SIM swapping

All these stories have as the epicenter of evil the moment when someone impersonates us, usually in a physical store of the operator in question. An employee of the same is the one who must make sure that the DNI presented is authentic and the person who delivers it matches the one that appears in the photo of the document, but in practice, on some occasions, this control fails.

Once the identity thief has access to a SIM associated with our mobile phone, and already knows our ID, You have free access to access our digital banking by requesting the resetting of the password, via SMS. The SMS as the beginning and the end.

The intersection between security and our mobile phone has gone through several phases. The 11-M was the trigger to start demanding the identification via ID of anyone who wanted to register a phone number, then the massive implementation of the mobile phone gave wings to the banks to start replacing the now defunct coordinate cards with the Verification SMS. The rise of the SIM swapping in recent years should have served to start require much stronger security protocols when duplicating SIM cards. Treat this procedure for what it is: a process that if not done exhaustively, checking the face of the document with the same precision as in a Russian border control, can lead to identity theft that in turn lead to robberies and other serious criminal acts.

Better tools than SMS or human double verification to request a duplicate

Banking environments, which are often at the forefront when it comes to security, saw the latest package of measures around identity verification crystallize with PSD2, the second-generation payment services directive that came into effect in 2019. Something similar would not be bad in the telecommunications sector: a strategy that serves to cancel or at least complicate the SIM much more swapping, one of the great evils of our days, a macabre lottery that costs at least a few bad days for its turn, and perhaps a lot of lost euros along the way, when not having to face legal proceedings for a long time to resolve loans unsolicited.

In this sense, a practice unrelated to telecoms but which greatly facilitates the SIM swapping It is to request a photo of the DNI for any online transaction, including second-hand product purchase and sale operations. In some cases, the ultimate intention of the seller is not to sell the product, but to get the ID of some unsuspecting, for which it can help even to put a price that is too cheap for the product in question. Something that facilitates its quick sale and discourages the buyer from asking too many questions or getting pejiguero.

It would not hurt, going back to the telecos, to rely on a more secure process than SMS as a method of identity authentication. Two-step authentication tools like Google Authenticator (Microsoft, Apple, and many others have their own, too) can be a great starting point. Something that is not as passive as receiving an SMS without more.

Other idea: create the option to add more than one headline to a line. Or a holder and an authorized one, as in bank accounts, and that a double validation is necessary for something as delicate as a duplicate SIM. At least by answering by phone and giving information about the line that confirms that the authorized person is also who they say they are.

A practice, by the way, that would also serve to speed up certain procedures, such as a rate change or portability, for people who do not defend themselves well in environments like this, such as some elderly people or disabled people who cannot leave the house. The double human verification It could also be on the part of the operator, of the personnel responsible for doing it in the store, although this could be complicated in many stores with only one employee per shift or where the partner is self-employed alone. It will be for ideas and possibilities.

In short, advances that make our mobile line more secure. Especially now that we have been seeing for years the havoc that a duplicate SIM that falls into the wrong hands can cause.