Earlier this month, Apple made headlines when it announced its plan to ditch the traditional SIM card in the iPhone 14. Since the announcement, we’ve received a ton of questions from customers about what, if any, implications this will have on Prove specifically and cybersecurity generally. To get the answers to these critical questions, I spoke with Prove’s VP of Authentication Bill Fish.
So what’s happening exactly?
Bill Fish: Since 2018, Apple has had a hybrid approach to SIM cards, meaning that iPhones contain both a traditional SIM card that you can remove as well as support for eSIM cards. Moving forward, however, Apple plans to ditch the physical SIM card entirely and embrace a full eSIM model. Long story short: the iPhone 14 will be the first of its kind to have only eSIM capability.
What’s an eSIM?
Bill Fish: In many respects, the eSIM works exactly like the traditional SIM card with one major exception. Because the eSIM is embedded into the actual hardware of the phone, you can’t remove it with a paper clip or replace it manually when you travel.
Why is Apple switching to eSIM?
Bill Fish: An eSIM allows users to activate a new cellular plan digitally. This means you don’t have to purchase a new SIM card at the airport the next time you are going on an international trip. It also means that you can switch cellular service carriers almost instantly. T-Mobile is leveraging the eSIM to offer prospective customers a free 3-month free trial and smaller carriers are feeling bullish about the change to eSIM as well. Beyond adding user convenience, embracing the eSIM gives Apple some much-needed space in the next iPhone. Because Apple is always on a mission to build thinner phones, every bit of hardware they can consolidate is a good thing in their eyes.
What are the security implications of this transition?
Bill Fish: Apple is feeling optimistic when it comes to eSIM’s impact on security. Kaiann Drance, Apple’s VP of iPhone marketing, explained that the eSIM makes devices ``more secure” because they can’t physically be removed if the device is stolen. While this is true, it is important to note that this is not the most common fraud vector. The bigger concern is traditional SIM swaps that take place remotely.
Do you think the switch to eSIM will have an impact on the rate of SIM swaps?
Bill Fish: This is the million-dollar question. The logic behind the concern is sound: if the eSIM really makes it easier and faster for users to switch cellular plans, will fraudsters be able to conduct SIM swaps faster? Only time will tell but I think it’s important to underscore the fact that iPhones today already have eSIM capabilities so fraudsters can do this already.
On the other hand, there are some experts in the cybersecurity industry who believe that this change will actually decrease SIM swaps:
“Since there is no physical SIM card in an eSIM system, no one can fraudulently claim that their SIM card got lost or damaged as all the identity details reside in the owner's phone. eSIMs prevent cybercriminals from acquiring another SIM card or re-registering the number in their name.”
This narrative makes sense but fraudsters are an innovative bunch so you can be sure they will continue to wreak havoc regardless of Apple’s change in technology.
What can companies do to fortify OTPs to reduce the impact of SIM swaps?
Bill Fish: Prove’s Trust Score™ is a real-time measure of phone number reputation that can be leveraged for identity verification and authentication purposes. Trust Score analyzes behavioral and Phone-Centric Identity™ signals from authoritative sources at the time of a potential transaction to mitigate fraud such as SIM swap fraud and other account takeover schemes. The important thing to emphasize about Trust Score is that it detects eSIM swaps as effectively as it detects the swap of old-school SIM cards. The main message for Prove customers who use Trust Score either as a standalone API or as a component of our Pre-Fill and Prove Identity solutions is simple: you're still protected from SIM swaps.
Keep reading
Learn how Prove Pre-Fill® streamlines user onboarding by auto-filling verified personal information, improving user experience, and mitigating fraud.
Because gig economy companies, digital marketplaces, and online platforms increasingly connect users for real-world interactions, identity verification is essential to ensure safety and trust.
The stakes for businesses in ensuring trust and security in digital interactions are higher than ever.