Double Trouble: When Thieves Swipe Both Your Bank Account and Your Phone Number
Staff Editor Imagine, for a moment, the unsettling realization that someone else controls your phone number. That’s right, your entire digital life hinges on that little string of digits that can easily be hijacked by a crafty thief. This nightmare scenario became all too real for me when my phone number was commandeered by a scammer, leading to a whirlwind of chaos and frustration. By the time I managed to wrest back control, the damage was done.
The crux of the problem lies in our reliance on two-factor authentication (2FA) as a linchpin of online security. While 2FA sounds secure in theory—requiring a second form of verification like a text message to your phone—it’s woefully outdated. When the phone receiving the verification text is in the hands of the very crook trying to impersonate you, it’s quite literally like handing the keys to the kingdom to a thief. Despite my best efforts to secure my accounts, including removing my number from my bank account, freezing my credit, and changing passwords, the scammer still accessed my bank account three times and managed to siphon off a staggering $19,000.
The ease with which phone numbers can be switched from one device to another exacerbates the problem. A simple online or over-the-phone request is often all it takes to port a number to a new device. This lax security makes it an open invitation for fraudsters. Recognizing this vulnerability, the Federal Communications Commission (FCC) stepped in this year with new rulemaking aimed at bolstering the security of our phone numbers.
Among the new rules, wireless providers will be required to adopt more secure methods for authenticating customers before redirecting a phone number to a new device or provider. This could involve requiring government-issued identification, voice verification, or additional security questions. The rules were poised to take effect on July 8, 2023, but just a few days prior, the FCC granted companies a waiver that delays implementation. The delay is due to the need for further review by the White House Office of Management.
The delay, of course, is a bone of contention. The CTIA, a group that lobbies on behalf of the wireless industry, has argued that these new rules necessitate significant changes in technology and procedures. This isn’t just a matter of flipping a switch; it requires coordination between wireless companies and phone manufacturers. Still, had these measures been in place earlier, experts believe it would have been much harder for my phone number to be stolen.
So, while the FCC’s new rules offer a glimmer of hope for a more secure digital future, the current state of affairs leaves much to be desired. Until these rules are fully implemented, consumers remain vulnerable to phone number hijacking and the cascading effects it causes. As technology evolves, so too must our methods for protecting it, lest we find ourselves perpetually playing catch-up with increasingly sophisticated scammers.
