Visitor
•
3 Messages
Security to prevent unauthorized SIM swaps?
Does Xfinity Mobile provide solid security options to prevent Port-out fraud/unauthorized SIM swaps? This is particularly worrisome to those who trade/own cryptocurrency as your mobile phone is often (unfortunately) a single point of failure, with many well-reported attacks via SIM swaps. Passwords and 2FA are OK but each have issues. For example, Xfinity uses text messaging vs authenticator apps (Google, Microsoft) that are typically rated stronger and not subject to man-in-the-middle attacks. Also in searches on Xfinity site I see nothing about a PIN/passcode/security Q to approve an account change. I would like to see a link to an article that deals with this issue and how Xfinity does/will secure the account (per FCC recommendations). Does this exist?
rpage935
Regular Visitor
•
12 Messages
4 years ago
I would like to know the same.
0
0
CC_Tony
Retired Employee
•
1.4K Messages
4 years ago
@user_240386, for ways to help protect your account, we recommend reaching out directly to Xfinity Mobile. You can reach them by phone or text at 1 (888) 936-4968 and they would love to assist you. They will better be able to identify ways to secure your account as well as the different security measures we have. We would love to hear about the recommendations you received in this thread.
2
0
user_bea93d
Visitor
•
1 Message
4 years ago
I was wiped out through Sim Swap fraud on August 25, 2021.. Have to fill out a report.
0
0
user_f5473d
Visitor
•
2 Messages
3 years ago
Thank you for your post:)
I tried last month to find out what security measures they had and was unsuccessful after 2 chat sessions, nobody knew what sim swapping fraud was.
I also tried via a phone call and after being on the call over 40 minutes still no one had a solution and wanted to transfer to a 3rd dept, at this point I hung up. Xfinity Mobile clearly does not have any policies to safeguard against sim swapping fraud which in today's climate of data breaches is just ridiculous.
All other major carriers have options like Port freeze & Administrative Lock which does not allow a port change without calling you to verify or prevents phone number from being ported out to another carrier , so I'm just going back to one of them.
0
user_240386
Visitor
•
3 Messages
3 years ago
user_f5473d
I too had tried previously and got the runaround. Your message spurred me to try again just now. After 4 TXFRs I did get an explanation of the process.
Step 1: They verify your identity: name, address, last 4 digits of current ccard. Step 2: A security PIN is generated by their TXFR OUT team and send via SMS to your phone to facilitate the TXFR with new carrier. They say that code cannot be copied internally and is not known to other Xfinity systems. But no ability to set a "Number Lock" like VZN where there is a PIN/PW that only the current account owner knows.
Step 1 is not hard to get through. Your ccard info has likely been leaked/hacked by some merchant who doesn't encrypt sensitive data. Step 2 is not great but as long as you have possession of your phone, only you would have the generated PIN to complete the TXFR out. Of course malware on your device, MitM attack, etc and the fact that SMS is not encrypted are potential issues. At minimum, it would be some advance warning and you could call and intervene. My preference, like yours, is a PIN/PW that only the user knows to initiate the process and create additional layer of security.
I did have a note put on my account that TXFR outs must be done in person in an Xfinity office by a "manager" on the Xfinity account with photo ID. I don't change carriers very often so not a burden. Of course, that assumes a TXFR Out cust svc rep will read and abide by that.
I save $$ with Xfinity Mobile and I like the daily control over the billing rate. I did send an email to customer service recommending they match VZN security model. Maybe some day.
(edited)
0
0