On September 30, 2021, the Federal Communications Commission (“FCC”) adopted a Notice of Proposed Rulemaking (“NPRM”) proposing new requirements for mobile wireless carriers to protect consumers from two practices that nefarious actors use to take control of a subscriber’s cell phone service without gaining control of the subscriber’s device. With “SIM swap fraud” a bad actor fraudulently convinces a carrier to transfer wireless services from a cell phone associated with a subscriber’s subscriber identity module (“SIM”) to a cell phone associated with another SIM and controlled by the bad actor. “Port-out fraud” is the practice of arranging for a phone number to be transferred from a subscriber’s wireless carrier account to an account the bad actor has opened with another carrier. In both cases, the bad actor gains access to customer account information and can start sending and receiving calls and text messages using the victim’s account or phone number, including text messages customers receive for two-factor authentication.
The Commission’s consumer protection action arises from numerous complaints from consumers who have suffered harm as a result of these practices, and from concerns that consumers are vulnerable to these acts because wireless carriers have not implemented adequate protocols to verify that SIM swap and port-out fraud requests. To mitigate them, the agency suggests revisions to its Customer Proprietary Network Information (“CPNI”) and Local Number Portability (“LNP”) rules.