This article sheds light on the eSIM technology
According to Statista, over 360 million eSIM-based devices were shipped globally in 2018. Shipment numbers are projected to grow with a compound annual growth rate of 27%, reaching approximately two billion units by 2025. Until then, a hardware chip-based eSIM solution is expected to be deployed in most eSIM-based devices, whereas after 2025, the adoption of integrated SIM-based solutions may become more popular.
Since the eSIM technology has been around only for a couple of years, chances are, many people still have only a vague understanding of the concept. PaySpace Magazine Global has decided to clarify eSIM basics today.
What is that?
eSIM is an electronic re-programmable SIM card that allows you to switch between several phone numbers without replacing the SIM manually. Instead of a physical card, a SIM solution is built right into your phone. This technology is now supported by mobile network operators in more than 50 countries. The innovation is becoming popular since it is actively implemented by Apple.
You may wonder how helpful this technology is. There are several benefits to using eSIM:
- inserting new SIMs is very difficult for certain cellphone models, eSIM alleviates the pain of manual SIM changes;
- cellphones can be made sleeker if they don’t require any space for the physical SIM card (although, so far, most devices have the option for physical SIMs as well);
- wearables can preserve its miniature design while expanding the range of functions if eSIM is integrated;
- if you travel abroad, switching between local mobile plans is easy. Depending on your device and manufacturer, it’s possible to have up to 15 different eSIM plans. It makes the lives of frequent travelers less fussy. Moreover, you can’t forget your card at home before the trip or lose it, as it can happen with ordinary international SIM cards;
- if you have a dual SIM phone with an eSIM, both can stay active at the same time (if the phone model allows it),
it enables users to change operator remotely, straight from their phone, without going to the bricks-and-mortar mobile store;
- physical SIM is one of the biggest obstacles to properly connecting IoT devices. eSIM enables fast and flexible connectivity of all devices in the IoT ecosystem;
- eSIM is even more beneficial for small smart devices, such as a watch, glasses or speakers;
- cars and other vehicles may use eSIMs for automated emergency calls or navigation purposes;
- bad news for thieves is that embedded chips can’t be switched out or removed, so the stolen phone and other devices may be easier to track and harder to unlock.
How it works
The prefix “e” means “embedded”. Basically, eSIM is a 5 × 5 mm chip built into a smartphone, tablet, smartwatch, or other gadgets. It is soldered to the motherboard at the production stage and stores SIM card data. The chip works similarly to the familiar NFC technology. eSIM-enabled cell phones can work without or with a physical SIM card. The owner of a gadget with such a chip can switch between several numbers without opening the slot and changing the SIM manually. To use the technology, you need both a device with a built-in eSIM chip and a mobile operator that supports eSIM.
From the network’s side, operators currently provide two main options to activate eSIM plans: by scanning a QR-code from the paper SIM package or via the proprietary app.
eSIM safety for banking purposes
Many customers are still wondering whether eSIM is a safe mobile solution, especially considering the fact that most phones now contain mobile banking apps and m-wallets with sensitive payment details whereas wearables have NFC chips installed.
Since eSIM gives users the power to download a profile directly onto their phone, hackers might be able to create a new profile on someone else’s device and take control of it. Therefore, GSMA has proposed a solution – the use of a unique key that will seek verification through a third-party server whenever someone requests a new profile. Thus, a device that attempts to download a new profile will trigger a security request, which must be confirmed by an operator. The unique code could only have originated with the device in question.
From the fraud management perspective, embedded SIMs will make it more difficult to use them for fraudulent purposes. In theory, identity theft or the use of false identification at the point of sale will be harder since fraudsters won’t be able to download a new profile without the legitimate owner’s password. However, there are a number of criminal schemes that may overcome the eSIM obstacles.
SIM cloning is currently done using hacking software that’s widely available on the internet. Perhaps, eSIM cloning is also on the way. Besides, criminals often obtain an individual’s bank details through a phishing email, social media, spyware, or by purchasing personal information from organized crime networks on the Dark Web.
After opening an account at the same bank as their victim, fraudsters may report to the service provider that their phone number was stolen. If they are able to answer a few basic security questions, the old SIM will be canceled and a new one activated. From that point, they may perform banking transactions by accessing one-time pin codes and SMS notifications. It’s questionable whether eSIM use can prevent that. The new format changes nothing in that realm.
The security issues lie in the core mobile operators’ policies. A recent Princeton University academic study found that five major US prepaid wireless carriers are vulnerable to SIM swapping attacks. Until authentication procedures are made more secure, eSIM usage will have a similar safety level to its physical analogs. One possible solution is introducing 3F identification that will include biometrics.
Another concern is that many of the new e-SIM equipped devices are battery-based and one-time use. If such devices end up in a dumpster or a recycling center without proper deletion of the personal data, there’s a high risk of non-legal re-use, or recalibrating a device previously associated with a person’s identity. Hence, the device and its ‘identity’ can remain active in the wrong hands.
The bottom line is that eSIM has the potential to prevent one kind of fraudulent activity (downloading a new profile to the stolen phone or wearable). However, in other aspects, it’s just as safe as physical SIMs.