Sim card related fraudulent activity and legal provisions

Abstract:

SIM card fraud is the new form of cyber fraud that permits hackers to gain access to bank accounts, credit card numbers and other personal data. Now a day’s most of the banking services are easily available on phones. Consumer linked their bank accounts with mobile number for online transactions it needs One Time Passwords? (OTP), unique registration number etc. which is all proved through registered phone numbers of users. SIM fraud attacks are usually targeted at profitable victims that have been specifically aimed through successful social engineering. According to RSA research 65% of all fraud in 2018 is mobile based. This is a popular method among hackers and SIM SWAP fraudsters alone have made citizens lose more than Rs 200 crores. This paper explains what SIM swap fraud is, how does it work and how an individual can be protecting themselves from SIM swap fraud?

Within a month Govt received over 61k complaints of digital payment fraud, Out of them more than half of these complaints related to the Unified Payments Interface (UPD. followed by 10.898 complaints of frauds involving debit or credit cards or those involving swapping of mobile phone SIM cards. The remaining involved internet banking-related frauds , voice phishing calls , e-wallet thefts, demat account frauds, and email takeovers.

Keywords: Sim swap fraud, Financial fraud, Virtual sim card

What is SIM Card?

SIM cards are necessarily the brain of phone. It helps keep you in touch with telecom service providers. They store information required for user authentication in a mobile device.

The first SIM card was developed in 1991. The first SIM card was about the size of a credit card. Since then, there have been several updates, making these SIM cards smaller and smaller. However, the purpose of the SIM has not changed by any of the technological evolutions. SIM’s have always been and will always be a way for people to have a secure method of accessing a phone company network.

A subscriber identity module or a subscriber identification module, widely known as a SIM card, is an integrated circuit that securely stores the International Mobile Subscriber Identity or the IMSI number and its related key. These are used to identify and authenticate subscribers on mobile telephony devices like mobile phones and computers.

A SIM card contains its Unique Serial Number or ICCID, International Mobile Subscriber Identity Number (IMSI) number, security authentication, a list of the services the user has access to, a Personal Identification Number (PIN), and a Personal Unblocking Code (PUC) for PIN unlocking. It is also possible to store contact information on several SIM cards.

SIM cards are used on GSM and CDMA phones. They can also be used in satellite phones, smart watches, computers and cameras. SIM cards in the form of full, mini, micro and nano are still prevalent. But, in a world that is increasingly digital and virtual, the use of embedded SIM’s or e-SIM’s and virtual SIM’s are starting to gather pace.

Virtual SIM Cards:

Virtual SIM cards are not attached to a mobile phone and are created online to help in communication.

It is a cloud-based number that can be used from any device via an App. To use this, customers sign up for a serviceby installing an App on their mobile phones. This App generates a phone number without linking it to a physical SIM and syncs it with an email account or a social network. The App also lets users link multiple numbers with a singleaccount.

What is E-SIM?

Many telecom service operators are offering E SIM service in expensive mobiles. It is available only in some models of iPhone and One Plus mobiles. An e-SIM facility is provided to save space on mobile. Actually, it is not a SIM but a virtual SIM, which is operated by the software of the mobile itself. You can also issue numbers from the same SIM. It is called an Embedded SIM card. This SIM can be activated on the mobile after filling in the scanner and details of the telecom company. The biggest problem starts with the SIM activation itself.?

What is fraud?

Frud is the wrongful or criminal deception intended to result in financial or personal gain. It can also be defined as deceit, trickery, intentional perversion of truth aimed at inducing another person to part with something of value or to surrender a legal right.

Sim Card related Fraud:

SIM swap fraud

Sim swapping is when you make a request to your service provider to swap your sim, who deactivates your old sim and gives you a new one. For example, when you want to upgrade your 3G sim card to a 4G one. This is a legitimate sim swap transaction. However, in the case of sim swap frauds, the fraudster makes a sim swap request to the service provider using fake papers and pretends to be a genuine cardholder. The service provider deactivates your old sim and the fraudster gets a new sim card. He is then able to access all your financial information such as OTPS, card alerts, etc., and can manipulate the same in innumerable ways. For instance, in August 2021, a man lost Rs. 84 lakhs due to SIM swap fraud committed by some unidentified cyber criminals who cloned the victim’s sim card to get his bank details.

Cyber fraud by SIM reactivation:

"The E-SIM users are easily cheated by the cyber thugs due to lack of technical knowledge. Actually, expensive mobiles have the option of only one physical SIM. For the convenience of the user, an E-SIM service is provided to activate the second SIM. Virtual SIM can be activated from network provider companies like- Airtel, Jio, BSNL, and Vodafone. E-SIM can be turned on and off remotely. After turning off, the QR code is needed to turn on, which is obtained by operator companies. This QR code is sent to the mail id of the customer. Users have to scan this code to get their E-sim started." The fraud is done through a message sent to the E sim users. Cybercriminals send a normal message to the people from a number that looks like a company. It is told in the message that your E-SIM is going to be disabled and have to get your KYC updated. In 2021, a 48-year-old former bank loan agent was arrested for allegedly duping people and transferring amounts from their account by linking his mobile number, the police said that he had forged documents to get 500 SIM cards that were used in committing the crime.Investigation authority blamed that investigation of the banking fraud executed by the conman has turned the spotlight on the irregularities in issuing SIM cards by a leading telecom company.?

Legal Provision:

The Central government has issued an order to disconnect the phone connections of people with more than nine SIM cards. Sim card related fraudulent activities registered under sections 419 (cheating personation), 420 (cheating), 468 (forgery) and 471 (using forged document) of the Indian Penal Code at Sector 37 police station. The Department of Telecommunications (DoT) is working to frame guidelines for issuance of replacement SIM cards, in case of damage or theft. However there has been an exponential increase in cases as there is no regulatory mechanism to govern new technologies like UPI.?

Conclusion:

SIM swap is new, sophisticated method of scam that permits hackers to gain access to bank accounts, credit card numbers, and/or other personal data. It’s tough to find, and even harder to undo the resulting damage. So, protect your accounts. Do not load critical access data on your smartphones, but, if you do, maintain a constant care on account balances and transactions. SIM Swapping is actual and will not be going away quickly. Sadly, senior citizens or who are less digitally literate are the main targets of these types frauds. It is important to guide them regularly and inform them to strictly not entertain unknown callers. It is always advisable to stay alert, and don’t let your SIM card or mobile phone fall under wrong hands.