Which? hired experts Pen Test Partners to test the security of the websites of the four major mobile phone providers. In this guest post Ken Munro, from the company, explains the test and what they found.
With some top-end smartphones costing nearly £800 to buy outright, and a typical contract costing around £700 over two years, it’s no wonder mobile phone fraud is a serious issue. Nearly 10,000 cases of mobile phone-related identity theft were recorded in 2014.
This type of identity theft occurs when fraudsters take out a phone, pay-as-you-go Sim card or contract in your name, using your personal details. This gives ID thieves access to free minutes, texts and data, as well as a free handset they can sell on for hundreds of pounds.
Pen Test Partners was hired by Which? to assess how secure the websites of the four major phone providers’ were against identity fraudsters. As fraudsters usually work via the internet, we wanted to see how easy it is to hijack an account.
We found most providers could do a lot more to protect customers, and are struggling to strike the right balance between a user-friendly website and one with the necessary security measures.
Convenience vs security
All of us love convenience – and the websites of phone providers are designed to be hassle-free to log into. However, this can be troublesome when you factor in security. As much as you love convenience, so does the fraudster.
When a fraud does occur, providers will cover the costs you have, but not necessarily fix the underlying insecurities that make the fraud possible.
Tougher identity fraud measures a small price to pay
Tougher security measures are a small price to pay when they’ll better protect your online phone account from being hacked. We’d like to see more stringent login pages that ask for selected characters from your password, and two-step verification.
Security questions must be trickier, too. Such measures are already offered by other online services, such as Facebook and Gmail. Bearing in mind that providers already know your phone number, two-step verification should be an easy factor to include.
Crooks would hate the hassle of improved protections against identity theft. Surely, that’s an idea we can all get behind?
In the meantime, the Which? tips below are a great way to help ensure that your personal information is safe.
Five top tips to stay safe from ID theft
1. Create a strong password with a mix of numbers, symbols and characters.
2. Set your social media profiles to private.
3. Enable two-step verification.
4. Install antivirus software on your PC.
5. Opt out of the open electoral register.
How do you remember your security passwords? Would you use a different password for every site? Are greater security checks a small price to pay for peace of mind, or are you frustrated by them?