The FCC has introduced new rules intended to protect consumers from scams that take over mobile phone accounts.
These proposed regulations, aimed at preserving consumers’ ability to choose their devices and carriers, would require wireless providers to use stronger authentication measures when swapping SIM cards or porting phone numbers to another carrier.
FCC Chairwoman Jessica Rosenworcel said, “Every consumer has entitled to expect that their mobile service providers secure their accounts and protect their privacy. These updated rules will help shield consumers from increasingly aggressive fraud while preserving their freedom to choose devices and providers. I urge my colleagues to support these common-sense protections.”
The rules, developed by the FCC’s Privacy and Data Protection Task Force, come after nearly two years of review and deliberation.
A primary focus of the regulations is SIM card swapping, a tactic where fraudsters convince carriers to move service to a device they control. High-profile incidents, such as the 2019 takeover of Twitter CEO Jack Dorsey’s account, have highlighted the risks posed by this attack vector.
Criminals often use SIM swapping to demand ransom or steal cryptocurrency, and the technique can also give attackers access to victims’ personal data and online accounts that rely on SMS-based verification codes.
Port-out fraud is another problem the FCC seeks to address. In a port-out attack, a phone number is illicitly transferred to a different carrier and device, enabling unauthorized access to calls and messages.
Last year, thousands of TracFone customers were affected by port-out fraud. While many carriers already offer protections such as PINs for account security, the FCC concludes that additional mandatory measures are necessary to reduce risk.
To help prevent SIM swapping, the FCC supports wider adoption of eSIM technology by device manufacturers. Embedded SIMs can be more resistant to traditional SIM swap tactics, although consumers should be aware that eSIMs bring different technical considerations and potential complications.
The proposed rules also stress that wireless providers should promptly notify customers whenever a SIM change or port-out request is initiated. Timely alerts would allow subscribers to detect suspicious activity quickly and take steps to secure their accounts and personal information.
By setting stricter standards and encouraging more secure authentication practices, the FCC aims to make it harder for fraudsters to hijack mobile accounts and to give consumers clearer tools to protect their devices and data.
(Photo by Kai Pilger on Unsplash)
See also: FCC to ‘consider something different’ for 42 GHz band
Interested in cybersecurity and cloud topics from industry experts? Consider attending industry events such as Cyber Security & Cloud Expo, which takes place in Amsterdam, California, and London, and is co-located with Digital Transformation Week. These events offer sessions on current security challenges, emerging technologies, and practical strategies for protecting enterprise infrastructure.
You can also explore upcoming enterprise technology events and webinars organized by TechForge to stay informed about developments in security, cloud computing, and digital transformation.