Washington, DC – November 15, 2023 – The Federal Communications Commission today
adopted new rules to protect consumers against scams that aim to commandeer their cell phone
accounts. The rules will help protect consumers from scammers who target data and personal
information by covertly swapping SIM cards to a new device or porting phone numbers to a
new carrier without ever gaining physical control of a consumer’s phone. These updated rules
will help protect consumers from SIM swapping scams and port-out fraud while maintaining
their well-established freedom to pick their preferred device and provider.
The Report and Order adopted today revises the FCC’s Customer Proprietary Network
Information (CPNI) and Local Number Portability rules to require wireless providers to adopt
secure methods of authenticating a customer before redirecting a customer’s phone number to a
new device or provider. The new rules require wireless providers to immediately notify
customers whenever a SIM change or port-out request is made on customers’ accounts, and
take additional steps to protect customers from SIM swap and port-out fraud.
These new rules set baseline requirements that establish a uniform framework across the
mobile wireless industry while giving wireless providers the flexibility to deliver the most
advanced and appropriate fraud protection measures available. The Commission also adopted
a Further Notice of Proposed Rulemaking to seek comment on ways to further harmonize these
rules with existing CPNI rules and additional steps the Commission can take to harmonize
government efforts to address SIM swap and port-out fraud.
The FCC is focused on protecting consumers’ data from attacks like these cell phone account
scams. The Privacy and Data Protection Task Force was created to lead the agency’s work on
privacy and data protection issues subject to the Commission’s authority under the
Communications Act. The Task Force coordinates across the agency on the rulemaking,
enforcement, and public awareness needs regarding privacy and data protection activities,
including data breaches. SIM swapping scams and port-out fraud are serious consumer privacy
and data protection threats. In addition, data breaches can increase the risk posed by these
scams by exposing consumers’ information that can make it easier for scammers to steal
consumers cell phone accounts.
What Is SIM Swapping?
SIM swapping takes place when a bad actor convinces a victim’s wireless carrier to transfer the
victim’s service from the victim’s cell phone to a cell phone in the bad actor’s possession.
More information for consumers about these scams is available at: https://go.usa.gov/xMNUF.
What Is Port-Out Fraud?
Port-out fraud takes place when the bad actor, posing as the victim, opens an account with a
carrier other than the victim’s current carrier. The bad actor then arranges for the victim’s
phone number to be transferred (or “ported out”) to the account with the new carrier controlled
by the bad actor. An FCC consumer guide on guarding against this type of fraud is available