While a phone number is increasingly being used to add more security – such as two-factor authentication through text – that same number can be used against you. Phone fraud is becoming a big security challenge, with voice security company Hiya registering 7.5 billion(!) instances of phone fraud and spam in the final quarter of 2022.
Imposter scams and number theft
The ways a criminal could use a phone number to do damage are virtually endless. Seeing how almost everyone owns a smartphone, the attack surface of scammers is wide. Through automated calling (or texting) millions of numbers a day it’s relatively easy to make money from scamming. These criminals are well aware a lot of people won’t fall for their attacks, but the small percentage that bites make for a decent revenue.
Imposter scamming is the most common example of phone fraud, where a criminal will call or text pretending to be a relative or friend in need of money. Another example is a scammer posing as a credit card company, telling the victim there is a problem with his account to gain sensitive information. These attacks try to trick a victim into transferring money or look to steal logins and access personal accounts.
Another form of phone fraud would be to steal a phone number altogether. This is nothing less than identity fraud – a criminal will collect personal information on the victim to trick the phone company in porting the number to another telecom operator (known as a port-out scam). With the phone number in his possession, the attacker can now try to access personal accounts.
That leaves the criminal activity that has less financial consequence but causes damage to society. Emergency services have been plagued by pranking from day one, with frequent fake calls bringing the national emergency number in jeopardy. They need an automated system to identify and block scammers fast.
Prevent damage through simplified solutions
Phone scamming can never be banned out completely, but we can limit the damage significantly through more awareness and preventative technical solutions. A solid and effective number porting solution can prevent unauthorized number porting and ban the theft of phone numbers. This comes down to implementing a system that prioritizes secure end user validation and minimizes personal data processing.
Unfortunately, regulations in some countries still require sensitive information to be exchanged to port a number – such as a name, address, city of residence, or even an identification document. Of course, that information is being used to properly authenticate the customer. But in the end, this works counter-productive, with sensitive information being shared in multiple places – on the recipient operator side, in the portability system, and at the donor operator’s side. This not only complicates the number switching process – for customers and operators alike – it also makes it more unsafe and prone to human error, with a higher risk of data breaches.
An effective and automated porting solution, focused on data privacy, is recommended. The most successful number portability implementations are based on that principle. A recipient operator will register customer information but won’t exchange these details with the porting system and donor operator. In turn the end user will have to validate a porting request – to prove that he or she really wants to switch his number and owns the number in question. Validation best practices could involve a text message or interactive voice-response.
The system relays all messages between operators in one secure environment, enabling a mostly automated process that allows porting to be securely completed in minutes. And in case something goes wrong, this centralized approach makes it easy to reverse the porting process as well.
More insights with a central information register
A central number information register provides more insights on caller identity, connecting numbers to personal details in a secure environment. This empowers directory services, and the information can be accessed by emergency services, allowing them to see which subscribers prank call the number. This could also work the other way: in case of legitimate calls response services can access subscriber’s details for faster emergency assistance.
This number register can also serve as a so-called ‘do not call me’ database. Subscribers can register their phone number there, which binds commercial parties to remove them from their calling roster.
Lastly, a number information register allows end users to see which of their personal information is being shared with directory services and emergency services. This conforms to the data privacy regulations, such as the GDPR, which guidelines that a data subject should be able to check or review which of their personal data is being stored.
PXS simplifies and secures number solutions
Get ahead of phone scams, fraud, and spam through the numbering services of PXS. Number Portability Clearinghouse (NPC) lets you provide end users with secure, fast, and effective number switching. No personal details are processed, and porting is always validated through the end user – according to industry best practices.
Our Number Information Register (NIR) solution offers you a central register to deploy for directory listing services, and to be used by emergency services and law enforcement agencies. In turn, this solution empowers subscribers to manage unsolicited call preferences and to review which of their personal data is being stored and shared.
The human factor is essential to prevent phone number fraud. That’s why PXS offers a tailored onboarding process, to ensure your teammates employ all features our solution shave to offer – and can support your customers to do the same.
Want to know more about the proven, cost-effective, and secure solutions of PXS? Request your demo here.