So I recently upgraded from a Nexus 5 to a 5X. This necessitated moving from my older micro SIM to a nano SIM.
I headed down to my local Spark store to get this sorted. Let me be clear upfront; I was served in a professional and friendly manner by the staff, so no qualms with them personally.
In saying this, I am pretty gobsmacked by the total lack of any sort of identity verification, particularly in todays age where a lot of services use SMS as a second authentication factor, or account reset mechanism.
Here's a simplified version of how our conversation played out:
Me: I've just got a new phone, can I please move over to a new nano SIM?
Spark: Sure, what's your number?
Me: 027 xxxxxxx
*some fiddling at the PC, hands over new SIM packet*
Spark: Cool, all done. That'll be $5.
Sure enough, an hour or two later, the new SIM was up and running, and the old one was no more.
There was no check against any of my details, or even that I did in fact have the original SIM at all. I could've said any number under the sun, or less maliciously, the number may have been keyed incorrectly.
Now I am on prepaid so perhaps there would be a more robust check for an on account customer/number (they did ask if I was prepaid or account, to be fair), however I still feel some basic level of verification is definitely needed here. I've had my number for over 10 years so I'm not sure what specific details Spark will have on file, but it seems all too easy to go in and hijack some unsuspecting victims number (at least if they are a prepaid customer!).
I can understand perhaps the 'burner' nature of short term prepaid users, however with the semi-recent (and very attractive) monthly prepaid packs, I'm sure I'm not the only one who has stuck with prepaid for years.
Historically, at worst this would 'just' be grabbing someones phone number; today, we're potentially talking bank account access, and all manner of online accounts.
Has anyone else experienced this? Is this the standard Spark procedure for this sort of request?