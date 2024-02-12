SIM swapping works largely as the result of vulnerabilities in the telecom’s anti-fraud and identification protocols, and as the result of relatively weak anti-fraud and identification verification procedures used as the default for all too many online service providers, including financial services firms. Recently, in December of 2023, the Federal Communications Commission issued a Report and Order adopting measures designed to address wireless’ providers’ SIM swap vulnerabilities. The Report and Order includes a requirement that wireless providers use secure methods of authenticating customers prior to performing SIM changes of the kind described in the Powell indictment, while seeking to maintain the relative ease that customers enjoy when legitimately porting a phone number to a new device. In the face of a growing awareness of the ease with which SIM swap perpetrators exploit basic MFA and less secure 2FA, particularly over unsecure SMS messaging rails , that balancing act will continue to pose challenges to both telecoms and to the service providers – including crypto companies – that rely on them.