08-03-2023 14:02 - edited 08-03-2023 14:40
08-03-2023 14:02 - edited 08-03-2023 14:40
I watched a recent YouTube video today (link at the bottom of post) of Charlotte Morgan of London who had her phone and card stolen while she was at the gym, and the thieves successfully used the card to the tune of £5,000 before the bank security suspended further transactions.
The bank would not cover her loss from the bank account as the pin number was produced, and the thieves appeared to have access to her texts which was her 2FA.
The security provisions of face unlock and 2FA were probably overcome by removing the sim from the phone and setting it up in another phone. That simple. No face unlock, no need to crack the pin number. Her contact list was transferred with the sim.
The way to prevent this is to ask a few questions and find out how to secure your sim card.
1. Turn on Sim Lock
2. Consider another form of 2FA like an authentication app.
3. If you plan to leave the phone and card together, think about how secure it is.
4. How quickly does your bank respond to "I'm locked out" request?
*Turn on sim lock.*
On o2 the default sim lock is 0000 and you can change it to another 4 digit number. Every time the phone is reset you will need this pin number.
*How do you plan to keep them securely?*
One way to consider reasonable precautions is to consider your insurance terms.
If you have insurance against phone theft, eg on the household contents, travel insurance or Applecare, look at the exclusions. Leaving your valuable card and phone in a locked car may not suffice on holiday for instance. You may need to get someone in the party to look after your stuff. When I go swimming alone, I chat with the person sunbathing nearby and may ask if they can keep an eye out till I am back. Or I don't bring them both with me if I plan to swim.
The bank in question, Santander issued access for a customer (or the registered phone number) within minutes apparently. Once into the bank app you get access to the pin number. Ask your bank how to log into your app on lost password. Try to make sure this will take as long as you may need to report it missing.
on 08-03-2023 17:43
on 08-03-2023 17:43
A sim lock wont prevent your phone been used for contactless payments, as its a phone pin you need, and preferably a finger print or facial recognition with a 6 to 8 digit pin number and not using repeating or consecutive numbers.
A SIM Lock will only work for when the phone is rebooted.
Also most banks dont offer true 2FA, as they have been repeatedly told by the FCA that SMS is not secure for it, and to not rely on the keypads either...
I would suggest that the best way to protect your data, is to make sure your notifications are hidden from the home screen or they only show the sender, and you have to unlock the phone to get the full notification.
And also all your PIN numbers are different.
Also never believe what you read in the Daily Fail, aka the worst journalism in the UK...
on 08-03-2023 17:57
Of course a sim lock will help as thieves will remove the sim and put it in another phone.
Good advice contained within @Patricia1066
I'm sure it will help many 👍
08-03-2023 18:06 - edited 08-03-2023 18:13
08-03-2023 18:06 - edited 08-03-2023 18:13
@madasaf1sh I am not sure you are disagreeing, but you don't care for the source.
Once the sim card has access to the banking app, the banking pin number is only a key press away. Ms Morgan made that point about the Santander app. No need to shoulder surf or read texts.
The original post made the point -
The security provisions of face unlock and 2FA were probably overcome by removing the sim from the phone and setting it up in another phone.
That vulnerability, plus keeping the phone and card together provides an easy route to full access to the internet banking set up on the phone number.
Many aspects of security are difficult, but changing the sim to make it secure is simple.
on 08-03-2023 18:23
For additional help to others concerned by this, we have a sim pin guide here Guide: How to set up a SIM pin on O2