1Kosmos is strengthening its BlockID app with a new SIM binding feature that links a user’s BlockID account to a single registered mobile number. The feature is designed to thwart fraudsters who try to register a second device to an account to intercept SMS passcodes and execute SIM Swap attacks.
If a user binds their SIM card to their account, cybercriminals will no longer be able to perpetrate such schemes. 1Kosmos will cross-reference the phone number that the user is trying to register with the phone number registered with that person’s employer or financial services provider to make sure that the number does in fact belong to the account holder. The system will also send an SMS code to that number for one additional layer of security.
The enhanced BlockID also boasts SIM detection capabilities. Security experts have warned that SMS codes are one of the more vulnerable forms of multi-factor authentication, though comparing phone records with trusted third parties will presumably prevent fraudsters from exploiting the SIM binding system with a number that they control.
The Reserve Bank of India has already announced that it will use SIM binding to mitigate the threat of online retail fraud. 1Kosmos noted that SIM swap fraud is up 400 percent in the past five years, while SIM swap fraud losses totaled more than $100 million in the US alone in 2020.
“Mobile devices have become a popular and effective authentication mechanism for online banking, payments and ecommerce applications, but they are vulnerable to account takeover attacks if the phone number of record is changed by a fraudster,” said 1Kosmos CSO Mike Engle. “BlockID now prevents criminals from transferring a user’s authorized phone number to another device in order to access their accounts.”
BlockID received NIST SP 800-63 certification back in May, after previously achieving FIDO2 certification in October of 2020. The platform supports passwordless logins, and is available through MorganFranklin Consulting and the Auth0 Marketplace.