Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




202 posts

Master Geek


#195434 20-Apr-2016 10:07
Send private message

Hey guys,

 

So I recently upgraded from a Nexus 5 to a 5X. This necessitated moving from my older micro SIM to a nano SIM.

 

I headed down to my local Spark store to get this sorted. Let me be clear upfront; I was served in a professional and friendly manner by the staff, so no qualms with them personally.

 

In saying this, I am pretty gobsmacked by the total lack of any sort of identity verification, particularly in todays age where a lot of services use SMS as a second authentication factor, or account reset mechanism.

 

Here's a simplified version of how our conversation played out:

 

Me: I've just got a new phone, can I please move over to a new nano SIM?

 

Spark: Sure, what's your number?

 

Me: 027 xxxxxxx

 

*some fiddling at the PC, hands over new SIM packet*

 

Spark: Cool, all done. That'll be $5.

 

Sure enough, an hour or two later, the new SIM was up and running, and the old one was no more.

 

There was no check against any of my details, or even that I did in fact have the original SIM at all. I could've said any number under the sun, or less maliciously, the number may have been keyed incorrectly.

 

Now I am on prepaid so perhaps there would be a more robust check for an on account customer/number (they did ask if I was prepaid or account, to be fair), however I still feel some basic level of verification is definitely needed here. I've had my number for over 10 years so I'm not sure what specific details Spark will have on file, but it seems all too easy to go in and hijack some unsuspecting victims number (at least if they are a prepaid customer!).

 

I can understand perhaps the 'burner' nature of short term prepaid users, however with the semi-recent (and very attractive) monthly prepaid packs, I'm sure I'm not the only one who has stuck with prepaid for years.

 

Historically, at worst this would 'just' be grabbing someones phone number; today, we're potentially talking bank account access, and all manner of online accounts.

 

Has anyone else experienced this? Is this the standard Spark procedure for this sort of request?

 

 


Create new topic

xpd

Arrma Basher
10335 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  #1536318 20-Apr-2016 10:12
One person supports this post
Send private message

I've had it with Vodafone and 2D - sometimes you get asked for ID/verification, but more often than not, nothing asked.

 

 





XPD / Gavin / DemiseNZ

 

Arrma RC Owner ? Check out Arrma Addicts Auckland


1056 posts

Uber Geek


  #1536325 20-Apr-2016 10:16
Send private message

I don't think that is the usual process. 

 

I recently had done this for someone and they have asked a Photo Identification and the person said the only acceptable photo identification is a Drivers License or a Passport. 

 

 

 

So, my guess is the person doing the swap was not aware of the process or missed it somehow. 

 

 


 
 
 
 


1506 posts

Uber Geek

Trusted

  #1536327 20-Apr-2016 10:18
Send private message

Had same experience at 2degrees store also.


15690 posts

Uber Geek

Trusted
Subscriber

  #1536340 20-Apr-2016 10:26
Send private message

Anyone know the name and phone number of the Spark CEO?


4329 posts

Uber Geek


  #1536391 20-Apr-2016 10:48
Send private message

timmmay:

 

Anyone know the name and phone number of the Spark CEO?

 

 

No idea,

 

but Details for people like the Head of Corporate Comms are in places like this

 

https://nzx.com/companies/SPK/announcements/280837


23011 posts

Uber Geek

Trusted
Subscriber

  #1536431 20-Apr-2016 11:47
One person supports this post
Send private message

Yup, totally absurd how easy it is to move over to a new sim.

 

A phone bill has all the details you need to initiate a port to another provider on them, so if instore fails and you can get hold of someones account number then just get a $5 2 degrees sim, log in, and port to that, then you can 2 factor to your hearts content as someone else.

 

That is why I dont really trust SMS 2 factor as a second factor. So more like 1.5 factor.





Richard rich.ms

159 posts

Master Geek


  #1536509 20-Apr-2016 12:36
Send private message

Had the same with vodafone :) Even more, dude make some mistake and I've got somebody's else number. I didn't notice until strange people started calling me and ask for some Bob :) Then checked and yeap - I had different than my number, and looks like unlucky Bob sim was unregistered.


 
 
 
 


2977 posts

Uber Geek

Trusted
Lifetime subscriber

  #1536779 20-Apr-2016 15:48
Send private message

It different between prepaid and postpaid.

Prepaid there is no easy way to validate apart from pulling the sim.

With postpaid you should have been asked for your name and probably address. As that's what I was asked for last time I did a sim swap.




and


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Vodafone mobile data plans with unlimited data
Posted 26-Feb-2020 06:55


Vodafone launches innovation initiatives to help businesses use 5G
Posted 26-Feb-2020 05:00


Ultimate Ears HYPERBOOM brings massive sound and extreme bass
Posted 25-Feb-2020 09:00


Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.