摘要 |
A method for authorising a remote transaction is disclosed. It improves upon previous out of band authorization techniques by detecting SIM swapping or number porting. The method comprises receiving a request to complete a remote transaction from a remote user, for example over the internet. A telephone number of a telephone, in particular a mobile telephone, associated with the remote user is identified in a database 7. A subscriber identity associated with the telephone number is requested from a telephone network operator, such as HLR 6, associated with the identified telephone number. The subscriber identity received from the network operator is compared with a stored subscriber identity associated with the remote user. If the received subscriber identity matches the stored subscriber identity authentication information, such as an authorization code, is communicated with the remote user via the telephone. If the received subscriber identity does not match the stored subscriber identity additional identifying information can be requested from the remote user. The method has the advantage of preventing fraudulent authorisation of the transaction by a fraudster redirecting the telephone number to their own telephone. |