Skip to main content

Mitigating SIM Swap and Port Out Fraud: What Wireless Carriers Need to Know About FCC Order

Fraud alert on a mobile phone

According to TransUnion, account takeovers topped the list of most common fraud types, and per Javelin’s 2024 Identity Fraud Study, this resulted in an estimated $23 billion in losses to consumers in 2023. Unauthorized SIM swaps and port outs are increasing, and communications service providers (CSP) have the immense responsibility of protecting their customers from these insidious attacks.

The Federal Communications Commission order (FCC 23 95A), adopted on November 15, 2023, introduced new rules aimed at protecting consumers from SIM swap and port-out fraud. These types of fraud involve bad actors taking control of a person's phone number by either convincing a wireless carrier to transfer the victim's service to a new SIM card (SIM swap) or by porting the number to a different carrier without authorization (port-out fraud). 

The new FCC rules require wireless carriers, including resellers and MVNOs, to implement secure authentication methods and customer alerts in an effort to enhance the security of the SIM card and port processes.  

The compliance date set by the FCC for these new rules is July 8, 2024 (conditional on Office of Management and Budget approval under the Paperwork Reduction Act). Notably, the rules focus on general requirements and outcomes, and avoid mandating specific security processes or technology to allow service providers discretion in their implementation. After all, fraudsters can and will adapt their attacks, so carriers' fraud prevention tactics will need to innovate over time. 

Additionally, the FCC has issued a Further Notice of Proposed Rulemaking (FNPRM) to seek public comment on fusing these new rules with existing regulations. This could lead to extra measures to strengthen consumer protections. Get more detailed information on the FCC's new rules here.



The FCC's new rules impose several key requirements on wireless carriers.

Enhanced authentication methods: Carriers must implement secure authentication methods before processing SIM swap and port-out requests for both post- and pre-paid accounts. These methods should be robust enough to effectively verify the identity of the requester. Additionally, carriers should initiate an annual update/review of their authentication approaches.

To comply and protect customers, use inbound and device-based authentication solutions that provide smooth, seamless experiences for legitimate customers in call center and digital channels. You’ll want to look for a data and security provider with solutions that:

  • Screen for high-risk calls and digital requests with inbound authentication and device proofing — which flag devices associated with fraud or displaying unusual behavior
  • Ensure a friction-right process that doesn’t slow customers but timeously secures data with processes like document verification or knowledge-based verification challenge questions
  • Identify if a one-time passcode (OTP) is at risk of fraudster interception

Customer notification requirements: Wireless carriers are required to notify customers of SIM swap or port-out requests. This allows customers to quickly identify and respond to unauthorized attempts to take control of their phone numbers. While recommended by the FCC, carriers are not required to have subscribers verify or acknowledge before further processing the request.

A partner like TransUnion can help propagate timely and critical subscriber alerts across multiple channels. For example, TruContact™ Phone Behavior Intelligence data not only helps carriers identify fresh and robust contact details, it also advises on best contact channel and best time to reach out, so critical alerts reach subscribers before it’s too late. Our TruContact Voice Provisioning self-service portal helps orchestrate notifications and if necessary, collect incremental information or acknowledgement from the customer.

Account locks: Wireless carriers will need to provide this feature for both pre- and post-paid subscribers. Similar to credit freezes, an account lock blocks any further SIM swap or port-out requests until the customer deactivates the feature. Carriers are expected to generate awareness and properly educate customers on making use of this feature.

Beyond authenticating subscribers, carriers could use TransUnion port-out automation to easily manage and block port outs due to account locks or mismatched number transfer details, reducing costly system or manual errors.

Safeguards on contact center access to CPNI: Carriers have to limit access to Customer Proprietary Network Information (CPNI) by call center agents until after the customer has been properly authenticated.

Beyond authenticating subscribers, carrier best practice should also include screening for internal fraud vectors through robust background checks with TruLookup Advanced People Search. As with many types of fraud, even the best fraud prevention measures will fail if insiders are collaborating with bad actors.

Tracking effectiveness of protection measures: Moving forward, carriers will have to capture tracking data for three years, including on failed authentications and fraudulent transactions. The FCC will evaluate the effectiveness of the remediation programs and monitor consumer complaints. If the current programs aren’t effective in resolving the fraud issues, the FCC may impose fines or implement more specific requirements in the future.

TransUnion can help carriers track data across all carrier touch points/channels. Specifically, we can maintain data and produce reporting in the following areas: total number of SIM change/port-out requests; successful SIM change/port-out requests; failed SIM change/port-out requests; and successful fraudulent SIM change/port-out requests.

These measures are designed to bolster consumer protections against unauthorized control of their phone numbers, significantly reducing the risk of fraud related to SIM swaps and port-out schemes.

Looking ahead: Combatting SIM swap and port-out fraud effectively

By working with the right partner, wireless carriers can enhance their security protocols to sufficiently meet the FCC's requirements on time.

TransUnion can provide the necessary tools and expertise to create a secure and reliable verification process, thus helping prevent fraud while better ensuring compliance with regulatory mandates, including:

  • Enhanced security — using advanced identity verification and fraud detection tools
  • Meeting the FCC's requirements for secure authentication methods
  • Providing consumers with alerts and safeguarding their accounts against unauthorized changes

Our solutions help wireless carriers implement the FCC's new rules by enhancing their identity verification processes and fraud detection capabilities, thereby protecting consumers from SIM swap and port-out fraud.

Criminals are hijacking consumers' numbers to infiltrate bank accounts and PII. Now is the time to up your fraud game and comply with FCC Order 23-95.

Do you have questions? Our team is ready to help.