Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




202 posts

Master Geek
+1 received by user: 28


# 195434 20-Apr-2016 10:07
Send private message

Hey guys,

 

So I recently upgraded from a Nexus 5 to a 5X. This necessitated moving from my older micro SIM to a nano SIM.

 

I headed down to my local Spark store to get this sorted. Let me be clear upfront; I was served in a professional and friendly manner by the staff, so no qualms with them personally.

 

In saying this, I am pretty gobsmacked by the total lack of any sort of identity verification, particularly in todays age where a lot of services use SMS as a second authentication factor, or account reset mechanism.

 

Here's a simplified version of how our conversation played out:

 

Me: I've just got a new phone, can I please move over to a new nano SIM?

 

Spark: Sure, what's your number?

 

Me: 027 xxxxxxx

 

*some fiddling at the PC, hands over new SIM packet*

 

Spark: Cool, all done. That'll be $5.

 

Sure enough, an hour or two later, the new SIM was up and running, and the old one was no more.

 

There was no check against any of my details, or even that I did in fact have the original SIM at all. I could've said any number under the sun, or less maliciously, the number may have been keyed incorrectly.

 

Now I am on prepaid so perhaps there would be a more robust check for an on account customer/number (they did ask if I was prepaid or account, to be fair), however I still feel some basic level of verification is definitely needed here. I've had my number for over 10 years so I'm not sure what specific details Spark will have on file, but it seems all too easy to go in and hijack some unsuspecting victims number (at least if they are a prepaid customer!).

 

I can understand perhaps the 'burner' nature of short term prepaid users, however with the semi-recent (and very attractive) monthly prepaid packs, I'm sure I'm not the only one who has stuck with prepaid for years.

 

Historically, at worst this would 'just' be grabbing someones phone number; today, we're potentially talking bank account access, and all manner of online accounts.

 

Has anyone else experienced this? Is this the standard Spark procedure for this sort of request?

 

 


Create new topic

xpd

Chief Trash Bandit
9729 posts

Uber Geek
+1 received by user: 1681

Mod Emeritus
Trusted
Lifetime subscriber

  # 1536318 20-Apr-2016 10:12
One person supports this post
Send private message

I've had it with Vodafone and 2D - sometimes you get asked for ID/verification, but more often than not, nothing asked.

 

 





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  16GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.


986 posts

Ultimate Geek
+1 received by user: 61


  # 1536325 20-Apr-2016 10:16
Send private message

I don't think that is the usual process. 

 

I recently had done this for someone and they have asked a Photo Identification and the person said the only acceptable photo identification is a Drivers License or a Passport. 

 

 

 

So, my guess is the person doing the swap was not aware of the process or missed it somehow. 

 

 


 
 
 
 


1491 posts

Uber Geek
+1 received by user: 350

Trusted

  # 1536327 20-Apr-2016 10:18
Send private message

Had same experience at 2degrees store also.


14899 posts

Uber Geek
+1 received by user: 2795

Trusted
Subscriber

  # 1536340 20-Apr-2016 10:26
Send private message

Anyone know the name and phone number of the Spark CEO?


3912 posts

Uber Geek
+1 received by user: 1218


  # 1536391 20-Apr-2016 10:48
Send private message

timmmay:

 

Anyone know the name and phone number of the Spark CEO?

 

 

No idea,

 

but Details for people like the Head of Corporate Comms are in places like this

 

https://nzx.com/companies/SPK/announcements/280837


22264 posts

Uber Geek
+1 received by user: 4787

Trusted
Subscriber

  # 1536431 20-Apr-2016 11:47
One person supports this post
Send private message

Yup, totally absurd how easy it is to move over to a new sim.

 

A phone bill has all the details you need to initiate a port to another provider on them, so if instore fails and you can get hold of someones account number then just get a $5 2 degrees sim, log in, and port to that, then you can 2 factor to your hearts content as someone else.

 

That is why I dont really trust SMS 2 factor as a second factor. So more like 1.5 factor.





Richard rich.ms

157 posts

Master Geek
+1 received by user: 20


  # 1536509 20-Apr-2016 12:36
Send private message

Had the same with vodafone :) Even more, dude make some mistake and I've got somebody's else number. I didn't notice until strange people started calling me and ask for some Bob :) Then checked and yeap - I had different than my number, and looks like unlucky Bob sim was unregistered.


 
 
 
 


2741 posts

Uber Geek
+1 received by user: 1246

Trusted
Lifetime subscriber

  # 1536779 20-Apr-2016 15:48
Send private message

It different between prepaid and postpaid.

Prepaid there is no easy way to validate apart from pulling the sim.

With postpaid you should have been asked for your name and probably address. As that's what I was asked for last time I did a sim swap.





Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Huawei's scholarship programme showcases international business to Kiwi undergrads
Posted 22-Jul-2019 17:53


Spark Sport launches across a range of new devices
Posted 22-Jul-2019 13:19


Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.