A new 2-factor authentication port in system has been implemented to all Canadian mobile carriers. Why go through the extra steps?

It all started a year ago, when IT executive Erynn Tomlinson lost $30,000 in cryptocurrency after hackers targeted her Rogers account. The scammers used charm and persuasion to convince the Rogers customer service representative that they were the actual owner of the account, and were able to convince them to activate a new SIM card linked to Tomlinson’s account. They then performed a SIM swap, allowing the hackers to use their own phone to gain access to a number of Tomlinson’s sensitive accounts since her cell phone number was the

Shortly later, CBC Marketplace tested the security of Rogers phone reps with their own social engineering experiment and was able to bypass and gain access to a staffer’s account, only using information found online. Rogers then admitted the company’s authentication steps weren’t properly followed. After numerous cases of this form of fraud, carriers are moving to a 2-Factor Authentication system.

Effective November 3, 2020 to further improve security and reduce risk of fraud, an additional layer of security with be added in the number porting authorization process where customers who wish to port their phone number to a different carrier will be prompted to validate their port request. This enhancement is only being implemented by Bell, Rogers, TELUS, Eastlink, SaskTel and Xplornet.

How it works:

The device user requesting the number port will receive an SMS on their original device which they will be required to respond to within 90 minutes to approve or decline the port.

An example of how this would look like is:

Bell à “We have received a request to transfer your phone number <xxx xxx-xxxx> from your account to another service provider. Your approval is required to complete the transfer. To proceed, please reply YES. If you did not request this transfer, please reply NO. For security purposes, you have 90 minutes to respond or the transfer will be cancelled. If you have any concerns, call 1 866-756-7039. (bell.ca/reach-us)”

Rogers à “Rogers svc msg: We received a request to transfer your wireless number to another service provider. To approve this request, please reply YES. To cancel it, simply reply NO. For security reasons, you only have 90 minutes to send us your reply. If you don’t answer within this time, the transfer request will automatically be cancelled. Questions? Give us a call at 1877-327-8503.”

Other ways to protect yourself:

  1. Set up a passcode/PIN with your service provider to access your phone for any online or phone interactions. Do not use the same PIN as you use for other personal accounts
  2. Don’t publish your phone number on any of your social media profiles and limit the amount of personal information you post online like your birthday, elementary school names, or your pet’s name
  3. Don’t use the same passwords or usernames across multiple accounts