Myriad Connect has launched a service to counter the threat of SIM-swap fraud.
The company has developed an authentication system using Unstructured Supplementary Service Data (USSD).
Although USSD is still linked to your phone number, Myriad told MyBroadband it sees the International Mobile Subscriber Identity (IMSI) and SIM serial number, connecting the SIM with the telephone number.
In the event a SIM-swap is done and the IMSI-SIM serial pair changes, Myriad offers ways for banks to engage with affected clients.
“This provides the bank an opportunity to make a call on whether to freeze the account and terminate the transaction, or to ask authentication questions to verify who the customer is,” said Myriad.
Protection against inside jobs
“At no point do we disclose the IMSI [or SIM serial number] to a third party.”
It combines the two numbers using an algorithm to generate a unique numeric token.
This shielding against third-party exposure is a recurring feature in Myriad’s product.
The company promised that its authentication mechanism cannot be tampered with, even by “compromised” people inside a network operator or bank.
It can offer this because it owns, controls, and operates all of the technology in its USSD product.
No persistent data is held with any third party, providing a more secure service than an SMS-based two-factor authentication service (where data is stored and vulnerable to being intercepted), said the company.
Another benefit of using USSD is that there is no way for the authentication to be obfuscated from the user’s end, it said.
“Call and message forwarding cannot be initiated using USSD, which means the message can’t be forwarded to another device.”