It uses the SIM to implement a challenge-response mechanism where a PIN is prompted by your phone.
While not perfect, it's vastly better than using SMS, without being less convenient.
I don't know if other places leverage the fact that SIMs are smart cards which are perfectly able to perform this kind of stuff given the proper infrastructure.
I'm not aware of the details, but I imagine something very similar to EMV payments.
The only difference is that you need to register your SIM with the service beforehand, using a reasonably secure process. Banks make you use their own MFA before you can enable Mobile ID (and no, it's never over SMS).
Presumably there's an applet in the SIM card that holds a key pair and allows you to sign stuff by providing the SIM PIN. You interact with it via STK which is an old standard allowing SIMs to tell the phone to draw rudimentary UIs and ask the user for input.
if you get a SIM replaced after providing proofs of identity, residence and biometrics, it would get activated after few hours.
The kicker is that it wont get SMSes for 24 hours after the SIM is activated.
In the US, won't it be cheaper as well as secure to get a virtual phone number from Twilio for purposes of two factor authentication? (In India, there is no service at the rate what Twilio offers, but there are some which charge around $30-$40/month for virtual phone numbers with incoming SMSes)
Airtel also makes you to accept that SIM Swap request on old sim if you are not coming in person to a store with ID documents; most of which is Adhaar number verification.
It uses the SIM to implement a challenge-response mechanism where a PIN is prompted by your phone. While not perfect, it's vastly better than using SMS, without being less convenient.
I don't know if other places leverage the fact that SIMs are smart cards which are perfectly able to perform this kind of stuff given the proper infrastructure.
reply