Security Alert

Somnath Sinha, a midlevel executive at a Kolkata-based FMCG company, was shocked when he received an SMS informing him in November last year that his credit card had been used to make a Rs.45,000 purchase. By the time he called his bank two hours later to block his card, it was too late.

He learnt that his mobile phone had been used to request a one-time password (OTP), which had been used to make the online purchase. The bank refused to compensate him as the OTP request had come from his registered mobile phone.

Delhi- based PK Sandell, former technical advisor, UNIDO, found his mobile phone bill to be unusually high. There were an unusually high number of calls to numbers he couldn’t recognise. Being technically qualified, he suspected that his SIM card had been cloned and was being used illegally by someone else. This was confirmed when investigations showed that most of these calls were made from the Chandni Chowk area, which he hadn’t visited for years

Fraudsters can easily clone your mobile SIM card and get a connection with your number. Grey market operators in Gaffar Market in Delhi’s Karol Bagh area, Manish Market near VT in Mumbai and practically every small town in Uttar Pradesh, Punjab and Rajasthan will “clone” any mobile number of your choice for as little as Rs.50-Rs.200.

Since many subscribers use mobile phones to access their bank accounts and get OTPs for their credit cards – and since saved passwords and other personal details can be accessed by anyone who can use the relevant software – this poses a serious risk to millions of subscribers who, like Sinha and Sandell, can, potentially, become victims of fraud.

It also raises serious national security risks as these phones can be used for terror-related communications and transactions.

The telecom ministry had informed the Lok Sabha in a written reply on August 22, 2012 that Delhi had 18,547 and Punjab 1,738 registered cases of illegal SIM card cloning. “There could be many more,” said a senior official in the telecom ministry.

There is no record of how much money subscribers have lost as a result of illegal cloning of SIM cards but bankers said the amount could be substantial.

Currently, none of the major telecom operators — Airtel, Vodafone, Idea , Reliance Communications and Tata Teleservices – can immediately track if two separate phones (one in the hands of a bona fide subscriber and the other being used by a fraudster with an illegally cloned SIM) are simultaneously using the same number. This time lag (between the time the cloned SIM starts operating and this showing up in your telco's security system) provides frauds a long-enough window to complete their operations.

In a meeting on September 3, 2013, the department of telecommunications (DoT) decided to set up a working group comprising representatives of the home and defence ministries and various national security agencies to draw up a blueprint to address loopholes in telecom security, including cloned SIMs.

"The industry will cooperate with the government in resolving it," added Pankaj Mohindroo, national president, Indian Cellular Association, the association of handset manufacturers.

That's in the l ong ter m. Meanwhile, subscribers remain vulnerable to fraud.

The only way you can avoid becoming a victim is by remaining vigilant.

Attack on the Clones

Here’s all you wanted to know about cloning SIM cards but didn’t know whom to ask

If you lose your phone, how can you get a duplicate SIM card?

You will have to file a complaint with the police Then you will have to ask your telecom service provider to give you a duplicate card with your number You will have to provide a copy of the police complaint, identity and address proof

What is SIM cloning?

It is the process of creating duplicate SIM cards, with details that are identical to the original one It’s illegal when done without the subscriber’s knowledge

How is SIM cloned?

Every SIM has a unique electronic serial number (ESN) and the mobile phone’s unique mobile identification number (IMEI). A low-cost electronic scanning device can capture these numbers This pair of serial numbers is s then written on a blank SIM card It is illegal when done without the knowledge of the subscriber

How will you know if your SIM has been cloned?

When callers tell you they are re receiving a busy signal, even when you are not on a call Your telephone bills show too many unknown numbers Accessing mobile banking/emails takes unusually longer Frequent cross connection and wrong numbers

What is the global practice to prevent cloning?

European Union has made it mandatory to use only SIMs that cannot be cloned This involves higher levels of encryption and is more expensive

Is there a legal protection, if a phone is cloned?

The IT Act and the Telegraph Act in India do not provide any specific reference to ‘clone fraud’ There is a need for a specific mobile device legislation to deal with the issue hindutsan times