Utilization of Mobile Network Infrastructure to Prevent Financial Mobile Application Account Takeover

The Covid-19 pandemic has kept almost everyone at home and forced them to do activity online using their mobile gadgets. Penetration of internet and mobile use are increased as lockdowns or restrictions on meeting face to face are getting used to. This has become a new market for cyber criminals to carry out their actions, such as spreading Social Engineering, sending Phishing, doing Account Take Over, and ending in theft of money in Financial Mobile Applications. Application protection with OTP SMS and Magic Link SMS still has vulnerabilities with several examples of cases that have occurred. For this reason, this problem was raised to find a solution by utilizing the Mobile Network Infrastructure. The research methodology used is a quantitative experiment and literature review of previous studies to compare the uniqueness of this study. The experiment was carried out by comparing the compatibility between the phone numbers registered in the application and the phone numbers used on smartphones. Every time a user signs in or signs up, the Financial Mobile Application will perform Mobile Network Verification to cellular operators via API. Verification is carried out by utilizing the header enrichment in the background of the application process that installed on the user's smartphone or tablet to the Mobile Network Verification Server. Then the Financial Mobile Applications can find out, the user is using a valid or invalid phone number. Thus, the target account cannot be taken over, because the cyber criminal's mobile gadget does not have the phone number which is attached in the victim’s mobile gadget. This proof was carried out with four test case scenarios with 10 trials each with the sign-up and sign-in processes on the same phone number and differed between devices and applications. The results obtained from the four test case scenarios and each of the 10 trials were 100% successful as expected results. It is hoped that this kind of protection model can reduce losses experienced by Financial Mobile Application users due to Account Take Over.