SIM cards could soon be the future of online fraud protection following telecoms industry body, the GSMA’s, unveiling of a new ‘SIM swap’ application programmable interface (API) as part of its open gateway initiative to help businesses and developers protect their clients’ online identities. 

The GSMA unveiled this API in partnership with Spanish telecom operators Orange and Telefónica as well as Vodafone

The API allows businesses to confirm a smartphone user’s identity through the SIM card inserted into the device, rather than relying upon one-time passwords (OTPs). 

This API can check whether a mobile device’s SIM card has been changed recently, making it easier to safely determine the correct identity of the user. 

Analysts at research company GlobalData Emma Mohr-McClune and Gary Barton are positive about the future of this API, stating that it intelligently addresses real-time fraud concerns. 

“This launch is a European-first and very much a pioneer case study for the entire GSMA Open Gateway initiative,” write Mohr-McClune and Barton in an analyst blog dated 6 February, “….. Linking the mobile device identity request directly to the SIM takes away the need for user to receive and input OTPs.” 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

“The process is smoother and quicker for the end user, but on its own, it does not protect against identity theft,” they write, explaining that SIM cards can be cloned and then wrongly associated with an individual user. 

This concern about cloned SIMs can be alleviated by cross-referencing identity requests against any recent SIM changes to add a further security check point. 

“It is interesting to note that of the pioneer universal API launches to date, security and fraud offset for financial or commerce platforms, institutions and banks and are clearly a popular use case choice,” they wrote, referring to demos during the 2023 Mobile World Congress which primarily targeted industrial enterprises and the media. 

Whilst they state that no singular API can entirely eradicate the threat of identity fraud, the GSMA’s new SIM API offers a vital ounce of security at the point that is often the most vulnerable in fraud- the human level.  

“Many of the biggest cases of fraud and corporate data theft have occurred as a result of bad actors gaining access to systems through the use of illegally obtained but legitimate user credentials,” explain Mohr-McClune and Barton. 

Overall, both Mohr-McClune and Barton concluded that the GSMA’s new SIM API was a “powerful showcase” for its open gateway initiative and had good timing for its release just ahead of the 2024 Mobile World Congress in Barcelona. 

“Security matters, and online fraud is one of the biggest – and growing – drag factors on the global economy,” they concluded, “This level of relevance will grab the attention of developers and enterprise customers.”