Hey - I am Haseeb Founder of Efani. So we deploy atleast 11 ways to authenticate a user over couple of weeks to make sure that this is a legitimate request + use some manual & automated processes to kill any illegal attempt
Can you be more specific with your question ?
All the port out are blocked by default & no have access to your account # + our UI & our system is in different silos . Finally we've a $5M insurance policy
For most users the problem is someone intercepting their text messages and then using that access to rob them. Port-outs are one way to accomplish this, but certainly not the only way.
Can you defend against sim swap attacks if your MNO is compromised, how?
Where can I read more about your insurance policy? I can’t find any specific details on your website.
I am updating the website within a week so that'll have the complete information. Just rebuilding it to aspire some more confidence in the product honestly.
We do defend against SIM swap attacks because MNOs can't access our account
I'll give you a very simple explain. Imagine you're ATT customer & you're roaming in Canada on Rogers network. Would the roger employee be able to SIM Swap you ? No because you're not his customer and even the kiosk guy can't look into the account either
I'm guessing he's talking about SS7 attacks. Sure, you do everything on your side to prevent sim swaps or the numbers from being ported out, but all of those measures are moot if they're bypassed at the carrier level.
Not really SS7 attacks, it seems that this service is just built on top of regular MVNO/reseller APIs offered by the big carriers that we already know to have serious trouble with not getting hacked.
They might be able to protect you against regular port-outs, but not SIM swap attacks performed by people who’ve compromised carrier infrastructure.
Sure, you can make porting difficult. That doesn’t get you very far.