As identity fraud mitigation has evolved on the internet, two-factor Authentication (2FA) has become the gold standard for account creation and identity management. SIM swap fraud, a hardware hack that bypasses SMS 2FA, adds a new security wrinkle that must be solved. Tru.ID claims to solve this problem via a new API.
2FA is a strong identity management solution as long as access to SMS capabilities via your account are well secured. This is where SIM swap fraud poses a significant risk. Bad actors seek out enough personal information to be able to request a new SIM card from an individual's service provider. Once this new SIM card is activated, the fraudster is allowed a small window of time where they can intercept SMS messages and gain access to accounts without authorization.
Tru.ID’s Mobile Authentication APIs solve for this problem by referencing an individual’s SIM International Mobile Subscriber Identity, or IMSI. This number is unique to each SIM card and wouldn’t allow for a quick swap to provide access to accounts. The company notes that this technology is already used by mobile networks operators to verify billing information.
The company has published documentation for the API and supporting SDKs. This Documentation includes a quick start guide and Integration guide.