How would you protect your unlimited credit card from fraud?
An employee of a client (let’s call him Dan) lost his suitcase at Johannesburg Airport on a Friday evening. By Monday, it was clear to Dan that it was not lost but stolen. Dan’s mobile phone was in that suitcase, and a quick decision was made to cancel the connection. A short time later the mobile phone carrier alerted our client that the phone had exceeded $100,000 worth of calls. It turns out that the SIM card had been removed from the phone and inserted into an automatic dialer originating in Sierra Leone.
Unfortunately, a third party carrier charges the NZ mobile carrier for these calls. Understandably the NZ Mobile carrier wants to be paid, and the client, in most cases, is not protected from this type of fraud. Of course, there is an argument that the mobile carrier should be responsible and have a duty of care to the client. The mobile carrier could mitigate fraud by putting in place commercial arrangements with third parties not to pay them in the case of illegal activities and protect their customers. The solution is likely to be problematic and not achievable in all instances.
So, in the meantime, I suggest to my clients and you that preventing the situation in the first place is the best course of action.
To stop this kind of fraud and to be protected by your carrier, all employees need to put a PIN on their SIM card. When you remove the SIM from your device, or the device is turned off, a four-digit PIN needs to be entered to unlock the SIM on startup.
There are gotchas with setting up and using a SIM PIN.
1. You only get three attempts to get the PIN correct and then the SIM will lock. It would help if you could ring your carrier to unlock it. Not easy for you to do when your mobile phone is locked! You will need your PUK number to do that. You can find your PUK code on the package your SIM card came in. If you no longer have your SIM packaging, you have to contact your carrier. PUK stands for Personal Unlocking Key.
2. Sometimes when you first put a PIN on the SIM, you need to enter a default PIN to load it. If you don’t know that default number, you can lock yourself out!
3. If you want to add a SIM PIN to your organisation’s whole mobile fleet, please plan it carefully, refer 1 and 2. Do not be surprised if you get lots of SOS calls if you don’t prepare your staff. Keep a log of all PUK’s and corresponding PINs.
4. We strongly recommend that a PIN is compulsory when staff are authorised to use roaming overseas. Make sure the PIN is added before turning on roaming and the process added to your corporate mobile policy.