Closed DT-DawidWroblewski closed 9 months ago
What about eSIM... I think moving eSIM to another device should be considered as a SIM Swap
Activate date of SIM or an MSISDN?
The very first link of an MSISDN with a SIM is hardly an indicator of any fraud. However, formally, this MSISDN could have being used before (same MNO, different user who cancelled their subscription; or MSISDN is migrated from another MNO). Therefore, it could make sense to consider first MSISDN-IMSI assignment as a SimSwap as well.
But then it must be handled as a "regular" SimSwap.
Please keep in mind that many MSISDN's are also ported between MNO's. From the perspective of an MNO this may be seen as the first association of an MSISDN with a SIM, from the perspective of an end user he may have been using the phone number already much longer, with several SIM cards. In NL, more than 50% of "new" users is actually a porting between MNO's. And note this process may be abused by fraudsters as well.
From our perspective , we dont see a need to make a distinction between a first association of a "new" MSISDN and a SIM, and an "existing" MSISDN that is being associated with a new SIM. If you ask me, the name of the API is a bit misleading. SIM Activation or SIM Activation Detection would be a better description of what the developer is trying to achieve.
@HuubAppelboom , yes number portability is a ting, therefore I explicitly mentioned it above. regarding the naming... well, SimSwap attack is a commonly used term and this API addresses it.
Sim Swap is indeed a commonly used term, but this also leads to confusion with parties who think that SIM Swap itself is the fraudulent process, which it is not. And what will you name an API that indeed does what it says (move the user to a new SIM card) ??
"And what will you name an API that indeed does what it says (move the user to a new SIM card) ??"
here I do agree :)
closing
Problem description
SIM Swap api delivers information about last MSISDN and IMSI pairing. However, there are events within telco subscription, that can be considered as a sim swap, i.e. activation date.
The problem that is addressed inside this issue is to discuss scenarios and viable solutions to consider activation date within Camara SIM Swap API response.
Expected action
Additional context This issue came from a discussion within Issue #16