T-Mobile has made a big change to how a SIM swap is accomplished in retail stores. As of December 14th, managers are no longer able trigger an override for SIM changes.
The news comes via an internal notice to T-Mobile store reps, shared below. The new rule means that changing a SIM card will require either SMS verification via the customer or two employees must enter their credentials to verify the SIM change.
The change is great news for T-Mobile customers. T-Mobile has had a really bad time with SIM swap scams over the last few years. The T-Mobile subreddit is filled with posts from customers who have had their SIM cards changed suddenly without their consent. Many customers end up losing money and cryptocurrency, as attackers use the newly accessed phone number to receive two-factor SMS codes.
The FCC shared back in September that they would be requiring carriers to “positively identify a customer” before initiating a port-out. That was great for instances where customers had their numbers ported out to another carrier, but it didn’t help much with attacks involving changing the SIM card on the same carrier. This new SIM swap rule will hopefully prevent at least some of the SIM swap attacks going on.
The change won’t fix everything though. Support reps over the phone will likely still be able to override as necessary to initiate a SIM swap, however they do require a manager to make that override. That being said, it’s still a step in the right direction.
Despite the increase in security, some store reps might be a little frustrated with the change. The new rule means that SIM changes for lost phones/sims now require the extra step of grabbing a coworker to override, which may increase wait times. It’s a small price to pay for the added safety, though.
The change is in place now, and took place on the 14th of December.