It’s OFCOM you need to point your questions and suggestions at! All the networks follow OFCOM rules and none of them have any additional security measures in place to prevent a PAC from being requested. If they did, OFCOM would probably fine them for making it difficult to obtain a PAC.

I dont think that is completely true. OFCOM set minimum requirements, according to ChatGPT (my green highlight):

 

UK mobile providers differ in their SIM swap fraud protections, despite Ofcom setting baseline requirements. Here's a comparative overview:

🔐 UK Mobile Providers: SIM Swap Fraud Protections

🏛️ Ofcom's Role

Ofcom mandates that mobile providers:

• Verify customer identity before processing SIM swaps or number porting.

• Implement measures to detect and prevent fraud.

• Respond promptly to SIM swap fraud complaints.

However, the specific methods and technologies used to meet these requirements are determined by each provider, leading to variations in security practices.

🛡️ Recommendations for Consumers

To enhance your protection against SIM swap fraud:

• Set up an account PIN or password with your mobile provider.

• Inquire about additional security measures, such as in-store-only SIM swaps.

• Monitor your accounts for unusual activity and report any suspicious behavior immediately.

• Limit personal information shared online to reduce the risk of social engineering attacks.

Hey there ​@davidxt, thank you for reaching out.

To receive a PAC code from us, you must be able to confirm our security questions first of all for the account and all details requested. Secondly, to receive a PAC code, we will send the customer a one-time password to their SIM card that only they will have, and they must be able to quote this back to us correctly. A further measure to this can also be us requesting photo ID, to further ensure we’re speaking to the customer.

Finally, we also allow customers to set up a password for their account if they wish to do so with customer services, that only they should know. So customers can contact us via our normal platforms, and once they’ve passed security, they can request a specific password to be set up on their account to prevent anyone else from accessing it.

We will only then send a PAC code once all forms of security are passed.

Thanks,

Tyler

Thanks for the response Tyler.

So in summary at present I have for ID Mobile

Username
Plan number
Password
Customer Service PIN
PIN unlock code

Also optionally available per your message is an ‘Additional password’. From my telecon with a CS agent previously, The Additional Password is not specific to PAC change requests. It will always be mandatory for identification, even for a chat session. Once set up it cannot be withdrawn.

Have I understood that all correctly?

And

Photo ID sounds  a good step but I don’t think I have ever supplied you an image before, so I dont think it would work should a fraudster attempt to steal my account. How can I make sure you have an image, and that you will apply this step in the event of a port-out request, in order to take advantage of this security?

regards

David

Hi ​@davidxt,

We have all the steps in place and we would advise that you get in touch with us if you have any doubt or suspicion.

Kash