Affiliate links on Android Authority may earn us a commission. Learn more.
T-Mobile is making fraudulent SIM swaps much harder
- T-Mobile is making some important changes to its SIM change process to make SIM swap scams much harder.
- A new Account Change Engine determines the legitimacy of SIM change requests.
- Customers now also need to confirm a SIM change instead of denying the SIM change under the previous system.
SIM swap scams are on the rise, and they bank on a mix of social engineering and luck to get complete control over a consumer’s number. After that, they can easily access two-factor authentication for bank accounts and other financial instruments. However, SIM swaps can also be legitimate requests from a customer, so finding a good balance of security and convenience is essential. T-Mobile is now changing its processes to help better protect its customers against fraudulent SIM swaps while still keeping it easy for legitimate requests.
Currently, T-Mobile requires customers who need to legitimately move their number to a different physical SIM or eSIM to contact a support representative and request a SIM change. As expected, this is quite inconvenient for users, especially if they change phones frequently, as phone migrations could need a new eSIM. T-Mobile had a self-service method for online accounts, but it was disabled in 2022 for security upgrades and never returned.
But weirdly, in the name of security, customers would be notified of SIM change requests via SMS. A customer could deny the request, but they could only do so within 10 minutes of receiving the text. If the customer does not deny the request, the request would be auto-approved (!!!), and their line would be moved to a new SIM.
According to The Mobile Report, T-Mobile is thankfully changing how SIM swaps are approved, although the self-service method isn’t returning. T-Mobile will now use an internal system called “Account Change Engine,” which will try to determine if the requested SIM change is legitimate or not.
If the Account Change Engine finds any reason to doubt the legitimacy of the SIM change, the customer will be prompted to confirm with an SMS response that they want to move their line to a new SIM. The customer now needs to approve the SIM swap within 10 minutes; otherwise, it gets auto-denied.
If the customer cannot be contacted on the original SIM, there is also an option to send the verification text to a different line on the account. But if you have just one line on the account, then you need to visit a T-Mobile store with an ID to confirm the SIM swap.
There’s opacity in how the Account Change Engine works. Still, the change is overall good, as it would make fraudulent SIM swaps harder thanks to moving to an auto-deny system instead of an auto-confirm system. This new internal process will be in effect starting today, so customers can take note of the new process.