Utilization of Mobile Network Infrastructure to Prevent Financial Mobile Application Account Takeover

The Covid-19 pandemic has kept almost everyone at home and forced them to perform online activities using their mobile gadgets. Penetration of the Internet and mobile use is increased as lockdowns or restrictions on meeting face to face are getting used to. This has become a new market for cyber criminals to carry out their actions, such as spreading Social Engineering, sending Phishing, doing Account Takeover, and ending in theft of money in Financial Mobile Applications. Application protection with OTP SMS and Magic Link SMS still has vulnerabilities, with several examples of cases that have occurred. For this reason, this problem was raised to find a solution using the Mobile Network Infrastructure. The method used is to compare the congruence between the phone numbers registered in the application and the phone numbers used. Every time a user signs in or signs up, the Financial Mobile Application will perform Mobile Network Verification to cellular operators via API. Verification is carried out by utilizing the header enrichment in the background of the application process that was installed on the user's smartphone or tablet to the Mobile Network Verification Server. The Financial Mobile Applications can then determine whether the user is using a valid or invalid telephone number. Therefore, the target account cannot be taken over because the cyber criminal's mobile device does not have the phone number attached to the victim’s mobile device. This proof is carried out with four test case scenarios with the sign-up and sign-in processes on the same phone number and different phone numbers between devices and applications. It is hoped that this kind of protection model can reduce losses experienced by users of Financial Mobile Applications due to Account Takeover.