Security is a core part of the US Mobile experience. Building on the experience of creating the world’s most advanced hybrid network operator, we are also continuously creating one of the most secure carriers out there.
Over the past two years, Sim Swapping and unauthorized port outs have garnered a lot of attention as criminals have used these techniques to steal phone numbers from their target victims and then use them to highjack banking and other sensitive accounts. Banks and other targets have started to address these types of attacks, but carriers must do their part to protect their subscribers.
As a fully digital hybrid network operator, our view of our customers is incredibly comprehensive. When an existing customer contacts US Mobile through our Progressive Web App (PWA), we are already seeing a complete picture of the user from their current location, device, and operating system to their customer service history. Additionally, PWAs are delivered over HTTPS, meaning all content delivery within the PWA happens over HTTPS with browser-to-server encryption.
We also recognized that faceless voices cannot always be trusted, and CS reps can be prone to social engineering attacks, so we addressed that by restricting SIM swaps and other sensitive account changes from being carried out over phone calls. As a fully digital network operator, more than 90% of our interactions already happen through our app.
Restrict[ed] SIM swaps and other sensitive account changes from being carried out over phone calls.
In order for customers to request a Sim Swap at US Mobile today, they are required to send a request while signed in to our PWA or progressive web app. At that point, we have a clear view of the incoming request and can leverage machine learning across all our data points of current and past behavior to verify the request. For example, we know a subscriber is normally based out of Miami, Florida so a request for a SIM swap from somewhere in California would immediately elevate the security verification threshold. Additionally, triggered One-Time-Passcodes (OTPs) are used to aid our real-time authentication. These tools help us give a seamless authentication experience without creating further roadblocks for our customers.
Modern System and App Security
US Mobile’s website, dashboards, and apps are the most critical elements of our security framework and use a modernized technology infrastructure to make authentication smarter, more adaptive, and more user-friendly.
More secure(and faster) experience with PWA and Device Fingerprinting:
The US Mobile dashboard and apps are created with Progressive Web Apps (PWA). PWA is a powerful tool that allows us to make the US Mobile experience faster and more secure. All the information that is sent through PWAs is encrypted. As users interact with our PWAs, they progressively build a relationship with the app over time. Using that relationship the PWA has built with users, we use machine learning to identify which interactions are genuine and which are suspicious.
Encryption: On our website, dashboard and app we encrypt all the information that we send and receive, limit the number of failed sign-in attempts, monitor for fraud to identify all sorts of attacks as they occur, and regularly review our policy to help adapt to any new threats to our subscribers’ security, using cutting edge technologies like Progressive Web Apps, and device fingerprinting to mitigate risk.
Advanced security services
We also built a robust set of services that make it easy for users to securely & conveniently authenticate themselves and prevent any unauthorized access to their accounts—all without impacting usability.
We have created additional safeguards within our custom-built CRM, where customers can add another level of security by choosing security features such as “NeverSIMSwap” and “Account Lockdown.” When any of these feature is enabled, extra layers of the security protocols are implemented within the CRM to silo them off behind authentication walls.
Definition of Services
A feature that restricts all SIM swaps on the account and enables users to request additional verifications to authorize any SIM swaps in their accounts.
No Port Out
A feature that can be enabled to require extra verifications before any ports are authorized.
In addition, users can request their account be locked down such that any significant changes to the account will have to be authenticated and verified before changes are made.
Users can request any of the above features free of charge just by reaching out to us on chat, email, or phone.
US Mobile notifies users via email or push notifications when changes are made to their account. If anything looks suspicious, we instruct users to change their password immediately.