Personally Identifiable Information or PII is leaking out of companies faster than ever. Equifax had two major hacks in a matter of months, Yahoo had three-billion emails stolen and so on. We could devote this entire post to various hacks but suffice it to say, each moment, more damaging information is leaked out onto the internet and dark web.
A hacker can go to the dark web, buy iTunes account credentials, find the associated mobile account and socially engineer phone number port to their phone. They then reenroll in Apple Pay with the person’s iTunes credentials. This results in a PIN code being sent to the phone which they control. Once received, they have control of the victim’s Apple Pay credit cards.
With so many companies relying on phones to ensure identity, this sort of hack is a major problem for consumers, banks, Apple and pretty much most companies in tech.
In a meeting with Chris Drake of iconectiv, they told me their company can stop this sort of attack. They are a specialist in fraud and identity management and they receive 45 million signals a quarter from carriers allowing them to determine when a number port looks suspicious. The carrier can be alerted to stop the port or to send it to a fraud specialist who can investigate.
The company is well-positioned as a middle-man in the carrier space and since carriers are careful about sharing PII with other carriers due to murky laws, a solution like this makes a lot of sense. A carrier could monetize the service by charging 99 cents a month as an example or bundle it into a business plan or even tier the pricing based on a bucket of phone numbers.
While identity fraud is a big problem, allowing the opening of a credit card in another person’s name, this sort of fraud issue is currently under the radar. This means a hacked user could find out much later that their accounts have been cleaned out and their credit maxed.