It's still very trivial to tell a customer rep that you lost your SIM card and have the rep send all new communication to the phone number to a separate SIM card with a pre paid phone.
If you only use this pre-paid phone for authentication, then the fraudster has to discover that phone number before they launch their attack. For additional security, you can rotate this pre-paid phone number every few months, and only use it for authentication to online services.