CTIA Urges FCC Extension for Implementing SIM Swap Safeguards
The wireless association is asking for more time because of technical complexities of new rules.
WASHINGTON, January 10, 2024 – The Cellular Telephone Industries Association has formally petitioned the Federal Communications Commission for an extended deadline regarding the implementation of newly adopted rules aimed at safeguarding cell phone consumers from SIM swap and port-out fraud.
The petition, filed on Monday, challenges the feasibility of wireless providers complying within the current six-month timeframe set by the FCC.
At the heart of the issue is the industry’s need for additional time to enact the protocols outlined in the FCC’s recent regulations. These rules mandate wireless providers to adopt more secure authentication methods before redirecting a customer’s phone number to a new device or provider. Additionally, providers are required to promptly notify customers about any SIM changes or port-out requests made on their accounts, further fortifying protection against fraudulent activities.
SIM swapping and port-out fraud have become rampant forms of identity theft, enabling perpetrators to wrest control of consumers’ cell phones by persuading carriers to transfer service to the fraudster’s possession or a new carrier’s account.
The crux of CTIA’s argument centers on the technical complexities involved in implementing these security measures across their systems. It emphasizes that the development of an account lock feature for customer use, a pivotal requirement of the new regulations, necessitates substantial system and database updates that will be both operationally intricate and costly.
In its petition, CTIA highlights the industry’s operational reality, pointing out that the standard time frame for IT-intensive system updates typically spans a full 18 months. They underscore that while this duration is customary, legacy systems pose even more substantial challenges.
The FCC’s rules, adopted during its November 15, 2023 open meeting, were intended to offer consumers enhanced protection by necessitating stricter authentication processes and immediate notifications regarding SIM changes and port-out requests.
However, the final version of these rules differed from the initial proposals, veering toward additional provisions such as customer notification for failed authentication in SIM swap requests and broadening limits on employee access to Customer Proprietary Network Information to apply to all telecommunications service providers, not solely wireless entities.
The FCC has the option to issue a memorandum or order that modifies the rules or confirms that there will be no changes made.
