Activation date event considered as sim swap event

camaraproject / SimSwap

Repository to describe, develop, document and test the Sim Swap API family

https://wiki.camaraproject.org/x/DgSeAQ

Apache License 2.0

22 stars 21 forks source link

Activation date event considered as sim swap event #78

Closed DT-DawidWroblewski closed 9 months ago

DT-DawidWroblewski commented 10 months ago

Problem description

SIM Swap api delivers information about last MSISDN and IMSI pairing. However, there are events within telco subscription, that can be considered as a sim swap, i.e. activation date.

The problem that is addressed inside this issue is to discuss scenarios and viable solutions to consider activation date within Camara SIM Swap API response.

Expected action

Provide an enhanced definition of SimSwap event
Provide a description of country specific limitations to sim swap date delivery (e.g. in some countries only date within 30days period is delivered)
Use this issue to discuss other related topics

Additional context This issue came from a discussion within Issue #16

HuubAppelboom commented 10 months ago

What about eSIM... I think moving eSIM to another device should be considered as a SIM Swap

gregory1g commented 10 months ago

Activate date of SIM or an MSISDN?

The very first link of an MSISDN with a SIM is hardly an indicator of any fraud. However, formally, this MSISDN could have being used before (same MNO, different user who cancelled their subscription; or MSISDN is migrated from another MNO). Therefore, it could make sense to consider first MSISDN-IMSI assignment as a SimSwap as well.

But then it must be handled as a "regular" SimSwap.

HuubAppelboom commented 10 months ago

Please keep in mind that many MSISDN's are also ported between MNO's. From the perspective of an MNO this may be seen as the first association of an MSISDN with a SIM, from the perspective of an end user he may have been using the phone number already much longer, with several SIM cards. In NL, more than 50% of "new" users is actually a porting between MNO's. And note this process may be abused by fraudsters as well.

From our perspective , we dont see a need to make a distinction between a first association of a "new" MSISDN and a SIM, and an "existing" MSISDN that is being associated with a new SIM. If you ask me, the name of the API is a bit misleading. SIM Activation or SIM Activation Detection would be a better description of what the developer is trying to achieve.

gregory1g commented 10 months ago

@HuubAppelboom , yes number portability is a ting, therefore I explicitly mentioned it above. regarding the naming... well, SimSwap attack is a commonly used term and this API addresses it.

HuubAppelboom commented 10 months ago

Sim Swap is indeed a commonly used term, but this also leads to confusion with parties who think that SIM Swap itself is the fraudulent process, which it is not. And what will you name an API that indeed does what it says (move the user to a new SIM card) ??

gregory1g commented 10 months ago

"And what will you name an API that indeed does what it says (move the user to a new SIM card) ??"

here I do agree :)

DT-DawidWroblewski commented 9 months ago

closing