A nefarious scheme has emerged to potentially defeat two-factor authentication (2FA), which has become the gold standard in online security. Fortunately, for those of us responsible for securing consumer transactions, this isn’t a quick snatch-and-grab type of attack—and succeeding in the attack often involves significant planning, social engineering, (and possibly some inside help). At its core, this scheme is based on stealing the use of someone’s mobile phone number.
