Recognize The Crime Of SIM Swap Fraud, Operators Must Apply This

Commissioner of the Indonesian Telecommunications Regulatory Body (BRTI), I Ketut Prihadi Kresna (Tachta Citra Elfira / VOI)

JAKARTA - Crimes with stolen cellphone numbers or commonly known as SIM Card Swaps, have recently been rampant. Because of the ingenuity of rogue individuals, cellphone numbers and related information can be taken over by someone to get valuable data.

This one cyber crime mode, occurs randomly. But before carrying out a SIM swap, the perpetrator usually throws traps to get the data of potential victims to take advantage of security holes from account authentication.

"The perpetrator will access services connected to the cell phone number used by the victim. SIM Swap is not intended for cellular-based services, but uses cell phone numbers as a verification step," said Commissioner of the Indonesian Telecommunications Regulatory Body, I Ketut Prihadi Kresna Murti in a webinar on Monday , 24 August.

Ketut explained, SIM swap crime is a hacking mode by replacing a phone card or Subscriber Identity Module (SIM) Card without rights or against the law. This action can also be called simjacking or SIM hijacking to commit fraud with the aim of taking advantage of authentication weaknesses via text messages (SMS) or via calls to cellphone numbers.

There are several ways used to illegally penetrate personal data, including social engineering to trick victims into providing other data or through phishing, hacking social media accounts such as Facebook and Twitter. To hack online shopping applications and infiltrate through malware applications with the aim of stealing data.

But most commonly, the perpetrator will create a fake identity and go to the mobile operator's outlet, pretending to be the victim to change the SIM card. This method allows the perpetrator to take over the victim's data and communication via a SIM card with the victim's number.

In this case, said Ketut, cellular operators are obliged to carry out various procedures and mechanisms to keep data and user number identity from falling to other people.

For example, by knowing your customer (KYC) in the SIM change process, users are required to come to the operator's booth to bring their original ID card and other personal identities required by the cellular operator.

“Come to the booth, show your original KTP and other required identities. This step is the most important way to prevent SIM Swap Fraud, in order to ensure that the person who comes to the outlet meets my requirements, "said Ketut.

Ketut argues that the SIM swap case will not occur when the mobile operator officers have implemented operational standards properly and correctly, moreover cellular operators have ISO 27001 certification regarding information security management systems. Because the mechanism for re-registration of SIM card numbers has been regulated in the Minister of Communication and Informatics Regulation Number 12 of 2016.

Ketut also urged the need to use an additional layer of protection that can help keep accounts and personal identities more secure. On the other hand, he also asked regulators such as the Ministry of Communication and Information Technology, BRTI, the Financial Services Authority (OJK), Bank Indonesia, the police, to cooperate with cellular operators and related parties, namely banks, fintech, and others.