The technical method of protection against unlawful issuance of duplicate SIM cards (and in general personal data), implemented at the operator level
Over the past couple of weeks, I've been watching how the RuNet makes noise on the topic of fraud with duplicate sims. On a habr here too already wrote about it . Moreover, this problem is not new at all, but it pops up constantly and more and more intensely.
In this regard, I would like to talk about how Deutsche Telekom (and other German operators) is dealing with this situation. It should be noted right away that the situation with the points of sale in Germany is very similar: almost any point can open, i.e. the circle of people who may have access to data is quite wide in advance. But a very sober technical method of protection is used.
When a client comes to any operator’s office and calls his phone number, the employee drives it to his terminal, and the client immediately receives an SMS with the content “In order for our employee to be able to access your data, give him a one-time password XXXXXX”. Only after the employee enters the password, he is shown to whom the number is registered and he asks for an identity card that checks with his data. Those. without this one-time code in the office no one can even look at who the number is registered. Therefore, there have never been any leaks of “databases”.
At the same time, if the client comes with a request to replace the lost SIM card, then he is asked to wait 15-30 minutes. At this time, a notification is sent to all the client’s contacts (SMS, email), informing that the SIM card will be replaced. It also tells how to immediately stop this process (as a rule, just reply to SMS and the operation will be blocked).
In Germany, de facto, the corruption component is much lower, but this approach is used everywhere. It is surprising why in Russian reality this still has not found application. It would be great if the operators paid attention to this and put an end to this madhouse.
In this regard, I would like to talk about how Deutsche Telekom (and other German operators) is dealing with this situation. It should be noted right away that the situation with the points of sale in Germany is very similar: almost any point can open, i.e. the circle of people who may have access to data is quite wide in advance. But a very sober technical method of protection is used.
When a client comes to any operator’s office and calls his phone number, the employee drives it to his terminal, and the client immediately receives an SMS with the content “In order for our employee to be able to access your data, give him a one-time password XXXXXX”. Only after the employee enters the password, he is shown to whom the number is registered and he asks for an identity card that checks with his data. Those. without this one-time code in the office no one can even look at who the number is registered. Therefore, there have never been any leaks of “databases”.
At the same time, if the client comes with a request to replace the lost SIM card, then he is asked to wait 15-30 minutes. At this time, a notification is sent to all the client’s contacts (SMS, email), informing that the SIM card will be replaced. It also tells how to immediately stop this process (as a rule, just reply to SMS and the operation will be blocked).
In Germany, de facto, the corruption component is much lower, but this approach is used everywhere. It is surprising why in Russian reality this still has not found application. It would be great if the operators paid attention to this and put an end to this madhouse.