The usage and application areas of mobile phones are expanding, and more and more applications are using the mobile phone for authentication, payments, 2-factor authentication, fraud prevention measures and the like. To ensure that the mobile phone belongs to the subscriber is becoming increasingly important.
The term Service provider is used throughout the description of the invention to describe any organisation that is delivering a service that is either calling a user's mobile phone or sending a text to a user's mobile phone. A service provider can for example be, but is not limited to, a bank that is sending out 3D secure codes to access a bank account over the web, or it can be a credit card company sending out transaction information to their users using SMS text messages to their mobile phone. A service provider can also include, any user care organisation trying to contact a user by calling their mobile phone.
In relation to the described invention the term credit card can refer to any source of payment mechanism, for example; credit card, debit card, charge card, prepaid card, mobile wallet or even a bank account.
The Mobile Subscriber Integrated Services Digital Network Number (MSISDN) is a number that uniquely identifies a subscription in GSM, UMTS, LTE and future mobile networks. The MSISDN is the telephone number attached to the Subscriber Identity Module (SIM) card in a mobile/cellular phone. The SIM card contains a microchip that stores data that identifies the subscriber to the carrier. The data is also used to encrypt voice and data transmissions, making it nearly impossible to listen in on calls. Every mobile phone Subscriber Identity Module (SIM) card has a unique identifier called an International Mobile Subscriber Identity (IMSI), and the recent Universal Integrated Circuit Card (UICC) and existing Universal Subscriber Identity Module (USIM) technologies also contain an IMSI.
The International Mobile Subscriber Identity (IMSI) is a globally unique code number that identifies a GSM subscriber in the telecom network. The IMSI is linked to the account information with the carrier. The IMSI resides in the SIM card, which can be moved from one GSM phone to a different one.
The MSISDN together with IMSI are two important numbers used for identifying a mobile subscriber. The IMSI identifies the SIM, i.e. the SIM card is inserted into the mobile phone, while the MSISDN is used for routing calls to the subscriber. IMSI is often used as a key in the Home Location Register (HLR) (or similar database such as a Home Subscriber Server (HSS)). The MSISDN is normally the phone number that is entered to dial or send a text a mobile phone.
A SIM is uniquely associated to an IMSI, while the MSISDN can change in time (e.g. due to number portability), i.e. different MSISDN's can be associated to the SIM. Multiple MSISDNs can also be associated with one SIM card.
The Mobile Application Part (MAP) is a Signalling System number 7 (SS7) protocol which provides an application layer for the various nodes in GSM and UMTS mobile core networks and GPRS core networks to communicate with each other, in order to provide services to mobile phone users. The MAP specifications were originally defined by the GSM Association, but are now controlled by ETSI/3GPP.
MAP is defined by different standards, depending upon the mobile network type. For example:                MAP for GSM (prior to Release 4) is specified by 3GPP TS 09.02.        MAP for UMTS (“3G”) and GSM (Release 99 and later) is specified by 3GPP TS 29.002.        
The MAP is an application—layer protocol used to access the Home Location Register (HLR), Home Subscriber Server (HSS), Visitor Location Register (VLR), Mobile Switching Center (MSC), Equipment Identity Register, Authentication Centre, Short Message Service Center and Serving GPRS Support Node.
The primary functions of MAP are to provide mobility services, such as location management (roaming), authentication, managing service subscription information, etc.
But MAP also provides functionality for subscriber tracing and retrieving a subscriber's International Mobile Subscriber Identity (IMSI), described hereafter. A MAP service of particular relevance is the MAP_SEND_ROUTING_INFORMATION service (referred to as SRI herein). It is understood that any MAP service which is capable of returning a subscribers IMSI can be used in place of SRI. For example, MAP-SEND-IMSI. Depending on the traffic case of which the service is used, different information can be provided in its request/invoke and response/result messages. All the parameters available in the request and the response for the MAP_SEND_ROUTING_INFORMATION are listed in the following table.
Re-Indi-Re-Con-Parameter namequestcationsponsefirmInvoke IdMM(=)M(=)M(=)Interrogation TypeMM(=)GMSC or gsmSCF AddressMM(=)MSISDNMM(=)CC(=)OR InterrogationCC(=)OR CapabilityCC(=)CUG InterlockCC(=)CC(=)CUG Outgoing AccessCC(=)CC(=)Number of ForwardingCC(=)Network Signal InfoCC(=)Supported CAMEL PhasesCC(=)CC(=)Suppress T-CSICC(=)Offered CAMEL 4 CSIsCC(=)Suppression of AnnouncementCC(=)Call Reference NumberCC(=)Forwarding ReasonCC(=)Basic Service GroupCC(=)Basic Service Group 2CC(=)Alerting PatternCC(=)CCBS CallCC(=)Supported CCBS PhaseCC(=)Additional Signal InfoCC(=)IST Support IndicatorCC(=)Pre-paging supportedCC(=)Call Diversion TreatmentCC(=)IndicatorLong FTN SupportedCC(=)Suppress VT-CSICC(=)Suppress Incoming Call BarringCC(=)gsmSCF Initiated CallCC(=)Network Signal Info 2CC(=)IMSICC(=)MSRNCC(=)Forwarding DataCC(=)Forwarding InterrogationCC(=)RequiredVMSC addressCC(=)ReleaseResourcesSupportedCC(=)GMSC Camel Subscription InfoCC(=)Location InformationCC(=)Subscriber StateCC(=)Basic Service CodeCC(=)CUG Subscription FlagCC(=)North American Equal AccessUC(=)preferred Carrier IdUser errorCC(=)SS-ListUC(=)CCBS TargetCC(=)Keep CCBS Call IndicatorCC(=)IST Alert TimerCC(=)Number Portability StatusUC(=)Supported CAMEL Phases inCVMSCOffered CAMEL 4 CSIs in VMSCCC(=)MSRN 2CC(=)Forwarding Data 2CC(=)SS-List 2CC(=)Basic Service Code 2CC(=)Allowed ServicesCC(=)Unavailability CauseCC(=)Provider errorO
The following convention is used for categorising parameters when defining the service primitives:    M the inclusion of the parameter is mandatory.    O the inclusion of the parameter is a service-provider option.    U the inclusion of the parameter is a service-user option.    C the inclusion of the parameter is conditional and can be used for the following purposes:            to indicate that if the parameter is received from another entity it must be included for the service being considered;        to indicate that the service user must decide whether to include the parameter, based on the context on which the service is used;        to indicate that one of a number of mutually exclusive parameters must be included (e.g. parameters indicating a positive result versus parameters indicating a negative result);        to indicate that a service user optional parameter (marked “U”) or a conditional parameter (marked “C”) presented by the service user in a request or response type primitive is to be presented to the service user in the corresponding indication or confirm type primitive;            (=) when appended to one of the above, this symbol means that the parameter takes the same value as the parameter appearing immediately to its left;    “blank” means that the parameter is not present.
A Send Routing Information Request on a given mobile number will return the following information:                *Number <Mobile Number>        *IMSI <International Mobile Subscriber Identity>        *MCC <Mobile Country Code>        *MNC <Mobile Network Code>        *Operator Name <Name of the Mobile Operator in home country>        *Operator Country <Mobile handset home country>        *MSC <Mobile Switching Centre in the country of mobile handset's current location>        *MSC Operator <Operator in the country of mobile handset's current location>        *MSC Country <Current handset location country>        *MSC Location <Current handset location>        *MSC MCC <Current Mobile Country Code>        *MSC MNC <Current Mobile Network Code>Mobile Phone Hijacking        
Fraudsters will attempt to hijack a person's mobile phone to impersonate the person or to illegally obtain information, or use it for illegal authentication of monetary transactions, access to a restricted website, bank site, money laundering and more.
A fraudster could hijack or take over an owner's mobile phone number by gaining sufficient information of that user through identity theft. This information could be used to persuade the owner's mobile phone operator to perform a SIM change on the owner's mobile phone number. Once a fraudster has hijacked another owner's mobile number, the fraudster and not the rightful owner of the mobile phone would, for example, receive all text messages or phone calls made to that phone number. This would mean that the fraudster would receive any sensitive or secure information that was sent to the rightful owner's mobile phone.
A mobile phone can be taken over in multiple ways; For example; a fraudster ships a new, unused mobile phone SIM card to the country where the fraudster plans to make the fraudulent transactions on the mobile phones owner's credit card or debit card. Next the fraudster will contact the mobile operator's Customer Care and persuade the operator to make the SIM change. If the fraudster is successful in changing the SIM, the mobile phone of the owner is now in the possession of the fraudster. This means that any phone calls or SMS text messages intended for the mobile phone number will be received and responded to by the fraudster.
Recent events have shown that attackers target SIM Cards in Bank Fraud attempts. Attackers are using some new schemes that combine old phishing tactics with some newer techniques in order to steal or disable the SIM cards in the victims' mobile phones and then take them over for use in fraudulent bank transactions.
Mobile phones have become high-value targets for attackers in many different kinds of schemes, including fake online banking applications, compromised legitimate applications and phishing scams. The most recent fraud schemes in this field rely on some classic phishing tactics adapted for the mobile platform as well as some real-world physical techniques in order to separate victims from their money. SIM card theft is a serious problem in some countries where it is common for users to buy unlocked phones rather than committing to a contract with a carrier. Two such typical scams are schematically illustrated in FIG. 1.
The first scam involves attackers using trojans as part of a phishing attack aimed at stealing the user's mobile phone IMEI number. That number is a unique identifier for the phone itself. The attackers are using code injection to show users a prompt from their online banking site asking them to enter their IMEI numbers in order to access their accounts. Once the attackers have the IMEI number, they then call the victim's carrier and report the phone lost or stolen and ask for a new SIM card. With that in hand, the attackers then receive the one-time passwords meant for the victim for her bank account and the victim is then relieved of her money.
The second scheme is somewhat related to the first in that it is aimed at getting hold of the victim's SIM card. In this case, the attacker uses a phishing attack to get a victim's personal information, including bank details and name and address. He then goes to the police and reports the phone stolen and follows up by going to the victim's wireless carrier and making the same report, saying the SIM card was stolen. With that done, the carrier may issue the attacker a new SIM card and the attacker will again get access to the victim's one-time passwords.
The common thread in both schemes is that they are made possible by compromising the web browser with a trojan attack to steal the victim's credentials. By combining stolen personally identifiable information with misrepresentation techniques, criminals using these attacks do not need to trick users into verifying fraudulent transactions. They are able to bypass out of band authentication mechanisms like SMS-delivered One-Time-Passwords by authorizing these transactions themselves.
Churn
In the telecommunications industry, churn is the term used to describe user attrition or loss. In short, it refers to the tendency of Internet and cell-phone subscribers to switch telecom providers. There are different types of churn such as voluntary, involuntary and internal. The most common reasons for churn are dissatisfaction with an existing provider, the lure of a lower price for equivalent service from a different provider, and the lure of better service for the same price from a different provider.
Churn can also result from a change in the subscriber's geographic location, the desire for increased connection speed, or a need for different or enhanced cell-phone coverage.
In the context of the invention, churn refers to the situation where a user's mobile number has either become inactive through cancellation or expiry, and the mobile number is then re-assigned to a different user. The essential part is that either the Mobile number has been re-assigned to another person (knowingly or unknowingly), and any services or applications using this mobile number to send information, service access (authentication) or similar has not been updated with this change. This exposes the previous owner of the mobile phone number to potential fraud on their account.
Take the following example from a Bank or Credit Card fraud prevention scenario, illustrated schematically in FIG. 2:                A user provides their Issuer with their mobile phone number.        Over time the user's mobile phone subscription is cancelled.        Eventually their mobile operator will place the number in “quarantine”.        After a period of time, the mobile phone number will be taken out of quarantine and then reassigned to a new mobile user.        The user details is then never updated in the service providers system, so the service provider still believes that the mobile number belongs to the user.        Should the service provider now try to contact their user by phone or SMS text message, the service provider may be unaware that they are actually communicating with someone other than their user as the mobile number has been reallocated to a different person.Service Access/2-Factor Authentication        
Mobile Phones can be used to gain access to a service or webpage. For example as part of 2-factor authentication a user would typically log in with some known login details, and then he/she would be prompted to enter a authentication code that was sent to the user's mobile number. By entering login details and the authentication code that was sent to the user's mobile, access can for example be gained to an online banking webpage, or similar.
Where mobile phones are used for 2-Factor Authentication, authorisation, sending of sensitive information, only the MSISDN is used. The IMSI is never checked. It is possible to hijack a mobile number by getting a new SIM card and impersonate a person to switch an existing number to the new SIM card. Institutions using the mobile phone number to send information or authentication codes will never know that the IMSI or SIM card changed, and will therefore keep sending sensitive information to the Mobile number (MSISDN). Alternatively, if an organisation is trying to call their user on the mobile phone to discuss personal details, e.g. account information, the organisation will not know for sure that they are speaking to the correct person if the mobile number has been hijacked.
It is therefore vital that the application issuing the authentication code to the user's mobile phone is certain that the mobile number the authentication code is sent to the right person and mobile handset.
3D Secure
Sending a dynamic secure code to a 3D Secure user for 3D secure transaction is an inexpensive and efficient way for a bank to implement dynamic 3D Secure techniques.
However, the risk of SIM takeover forces many banks to avoid using SMS as means to communicate dynamic secure code for 3D Secure transactions.
This invention aims to eliminate the above risks by targeting any fraud related to the above areas, to ensure that the mobile phone number has not been compromised in any way or form and to ensure delivery of the secure code to the correct mobile phone/SIM card.