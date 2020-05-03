Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsNew Zealand Mobile and WirelessNumber porting fraud - some ways to fix it?


169 posts

Master Geek


#270303 3-May-2020 12:54
Send private message

I saw this article on stuff which got me thinking - what can we do to prevent number porting fraud? Ultimately my gut feeling is an SMS alone should not be enough to reset a password online, let alone one that gives you full access to a bank account. Unfortunately, ANZ, SBS and Westpac (asks for a security question first) all allow your password to be reset over SMS with fairly minimal checks involved.

 

So what checks are done before your number is ported out? Only two things are checked before your number is ported. These are:

 

  • Losing carrier, i.e. the old provider
  • Phone number;
  • Depending on the account type: 

     

    • Prepaid mobiles - SIM number
    • Postpay mobiles - account number

Without physically having the SIM card on-hand, in which case all bets are off anyway, it is relatively difficult to find the SIM number. I'm not aware of any provider that emails it or shows it in their online portal. However, for postpay customers, assuming your email or physical mail is compromised in some way it's quite likely that a hacker could find your bill which likely has your account number on it. Accordingly, if the hacker has access to your bill & you're on postpay - your number can now be ported out.

 

Some ideas to stop this: (Ordering from (IMO) best to worst)

 

     

  1. Amend the porting process so that once the port is accepted by both carriers a txt message is sent to the number with a unique link to an online portal to confirm the port. Enable does this when you switch UFB providers and it works really because it also lets you specify the date you'd like it to happen

     

    • Pros: Requires you to have physical access to the number to port it = significantly more secure, wouldn't require any changes on the carriers side, doesn't rely on any one carrier to securely implement it, i.e. no carrier weaknesses.
    • Cons: Slightly delays the porting process

  2. Require a unique security code for porting - similar to UDAI used for .nz domains.

     

    • Cons: Could be a pain to securely store & transmit the information to the customer, i.e. if their online portal account got compromised

  3. "Porting lock" on your account - similar to that used on .com domains & on credit files where any port would be automatically rejected unless you changed the flag on your account

     

    • Cons: Could be a pain to securely store & transmit the information to the customer, i.e. if their online portal account got compromised

  4. Require the SIM number for postpay, as it is currently for prepay

 

What do you think?

Create new topic
804 posts

Ultimate Geek


  #2475755 3-May-2020 13:03
Send private message quote this post

I don’t know about the others, but for ANZ you can only change your password if you know your password; and there is an opt-in 2FA-style verification step (which everyone with a registered phone should use). Hacking in using the ‘I can’t log in’ feature requires you to enter additional details, and again, the 2FA-style option exists for verification, which is not optional.

 

so you cannot reset an ANZ password using just an SMS.




BlinkyBill

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53

Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06

Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00

OPPO A91 is a high specs mid-range smartphone
Posted 23-Apr-2020 16:44

NordVPN rolling out NordLynx new generation VPN protocol based on WireGuard
Posted 23-Apr-2020 16:37

Enable places hold on wholesale fibre broadband price increases and suspension option for business services
Posted 17-Apr-2020 09:45

Dyson introduces new cordless vacuum models
Posted 16-Apr-2020 17:32

Snapchat AR shows what five dollars can do for health
Posted 16-Apr-2020 17:29

N4L makes public its DNS filter service to support remote education
Posted 14-Apr-2020 09:10

Vodafone and Imperial College London invite smartphone users to help fight diseases
Posted 9-Apr-2020 11:09

Unisys Always-On Access Powered by Stealth provides fast, encrypted remote access for workers
Posted 9-Apr-2020 10:00

Intel introduces 10th Gen Intel Core H-series for mobile devices
Posted 2-Apr-2020 21:09

COVID-19: new charitable initiative to fund remote monitoring for at-risk patients
Posted 2-Apr-2020 11:07

Huawei introduces the P40 Series of Android-based smartphones
Posted 31-Mar-2020 17:03

Samsung Galaxy Z Flip now available for pre-order in New Zealand
Posted 31-Mar-2020 16:39


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.