I'm concerned about the possibility of fraud perpetrated by criminals who contact mobile operators to request replacement SIMs and then go on to access bank accounts, because having a phone effectively enables them to impersonate the owner.
I have similar concerns, I use my phone for security for several financial institutions. Many of them using Authy but many British banks use SMS on our phones for two factor authentification.
I have heard of individuals in the Bitcoin space lose millions when subject to SIM Swap Fraud.
Ideally I would have to provide a password before Virgin accepted a request to issue a PAC code.
I had someone phone me this morning saying he had a call from me, I denied it, he phoned me up a couple of minutes later to say that he checked the number and it was mine but it was a Chinese sounding voice and suggested I contact my mobile service provider.
I have also spent some time today to see how Virgin Media protect me from having my SIM swapped out without my permission. In the current desperate financial situation I would expect this sort of crime to increase and it would be good to know how we can protect ourselves from it !!
The banks don't believe that username and password are good enough or they would not bother with adding 2fa as a layer on top of username and password. I am very careful with security but am aware that some of my details may be out there. The reason I wish to tighten up security of my SIM is because I am careful about security.
They do get past Virgin security (we have had 2 cases recently) usually, a lax password or memorable data. Mothers maiden name, first school, favourite place etc can often be worked out by what you post on social media.
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
Thanks MasterGroat - apparently in the USA all operators give the facility to put a PIN on your account to avoid third parties trying to get a duplicate SIM but that doesn't seem to be the case in the UK. Like you I use an authenticator app when available but not all orgs permit this.
My current idea is to use the second SIM in my phone with a payg card in it as the SMS security number, but that will be known only to me - and the respective financial organisations. My 'regular' SIM can be in the public domain without it being much so use for identity theft.