LoginID offers FIDO2 biometric authentication SDKs and APIs that are free to try. Get started HERE.
What is a Traditional SIM and how Does it Work?
In the telecommunications space, a SIM (Subscriber Identity Module) Card is traditionally a little price of plastic that fits into a subscriber’s mobile phone. It holds personally identifying information (PII) like the subscriber’s name and mobile phone number and allows the mobile phone owner to make calls, receive texts, and use data.
SIMs can also hold contact information and phone numbers. This allows the owner of the SIM card, when switching phones, to simply remove the SIM card from their old phone and put it in a new one. Before the cloud, this was the easiest way to ensure you did not lose your contact information and data when switching phones.
What is an eSIM and How is it Different from a Traditional SIM?
An eSIM (embedded SIM) is a small chip that is built into the device itself and cannot be removed and placed in another phone. These chips are not only designed to take the place of traditional SIMs in newer phone models that are rolling out, but are also a key element of IoT (Internet of Things) devices. A distinguishing factor of eSIMs is that they are remotely rewritable, this means a subscriber does not need to physically replace their SIM card in order to change carriers.
What are the Advantages of eSIMs?
Where eSIMs offer a real advantage over traditional SIMs is in terms of convenience. The fact that they are remotely rewritable means a subscriber can switch carriers with a phone call or via an online portal.
They also offer an advantage in terms of flexibility. A single eSIM can store up to 5 different virtual SIM cards simultaneously allowing users to temporarily switch between network providers. This could be important if critical data needs to be transferred or an essential phone call made but one provider does not have good coverage in an area while another does.
An eSIM can also make switching to a local network simpler when traveling. A traveler would no longer need to find a local SIM card and physically insert it into their device, risking losing or misplacing their original SIM card in the process. Using the local network can also be far cheaper than paying international roaming costs. Using an eSIM could also mean fewer devices to keep track of. Many people have both a personal phone number and a business phone number. Before eSIM, this meant either carrying two separate devices or buying a dual-SIM device. With an eSIM, you can have the same two phone numbers on the same device. This allows the user to easily use both phone numbers to make calls, send texts, and transfer data without changing devices.
Not having to replace the physical card in a device to make changes allows for remote reprogramming at scale. This can be critical for IoT devices and business owners. If a business owner has dozens or hundreds of IoT devices in multiple locations they would be able to change their carrier with the push of a button instead of having to individually replace each physical SIM card.
Finally, the fact that eSIMs are small and hardwired into the device means they can be fitted into devices like wearables and drones or devices where size and weight are critical.
What are the Disadvantages?
A broken phone with an eSIM can pose some significant problems. You will not be able to simply remove the SIM card from your broken phone and put it in a new one and restore your data almost immediately. With an eSIM, you will have to restore your device using the cloud.This can be a very time consuming process which can pose risks especially if you break your device at a critical moment.
With a regular SIM anyone who does not want to be able to be tracked by their provider can simply remove the physical card from their device. An eSIM, by design, cannot be removed and therefore can always be tracked. This is not an issue for the vast majority of mobile device users in the western world. However, if you are a member of a politically targeted group, you may not want the government to be able to track your movements at all times.
The fact that eSIMs are a relatively new development means that many devices, especially those made before 2018, do not support eSIM.
What are the Security Risks?
Being remotely rewritable is one of the great advantages that eSIMs provide, but this advantage also opens the door to certain security risks. Hackers will go to great lengths to take over an account via a SIM Swap attack. eSIMs, just like traditional SIMs, are vulnerable to this kind of attack especially if the account is protected by a weak security method like a password.
If a hacker is able to gain access to a user’s SIM card they could wreak untold havoc by stealing personal identifying information and money. Hackers are highly motivated and exploit any security weaknesses they can for their own gain. Protecting your eSIM with advanced real time fraud prevention measures is crucial.
How LoginID’s FIDO2 Passwordless Authentication Can Help Protect your eSIM
LoginID and Oasis recently announced a partnership agreement to integrate LoginID’s FIDO2 passwordless authentication into Oasis’s Digital Connect eSIM provisioning platform. By adding FIDO2 biometric authentication to the onboarding process, Oasis will be able to ensure the identity of their customers when they open an account.
This goes beyond just onboarding, the customer will also be able to more easily authorize new accounts and devices using their biometric. The eSIM carrier will also benefit by having confidence that these requests are in fact coming from the customer and not a hacker pretending to be them.