Since the first mobile phone hit the market in 1983, these devices have evolved from simple communication tools to indispensable extensions of our professional and personal lives.
Whether for managing finances, storing digital IDs, or conducting business, smartphones keep us connected and productive. But as their capabilities expand, so do the risks. Cybercriminals recognise their value – not just for accessing personal data but as gateways to business secrets. According to Thales’ 2025 Cyber Trends Report, the exploitation of connected devices remains a top security threat, highlighting the urgent need to protect mobile communications from evolving cyberattacks.
The Rapid Growth of Mobile Devices and Emerging Security Risks
It’s expected that the number of mobile devices will reach 18.22 billion by the end of the year. These devices are no longer just tools for calling and browsing—they’ve evolved into AI-powered assistants, authentication hubs, and digital wallets.
At the same time, cybercriminals are industrialising attacks, using more sophisticated malware, phishing scams, and identity theft tactics to gain access to sensitive data. As mobile usage grows, so do the risks—especially for businesses, financial services, and government institutions.
A Spotlight on Mobile Banking & Digital Identity
Nowhere is this shift more apparent – or more consequential – than in mobile banking and digital identity.
Mobile devices are now central to how individuals engage with financial services. From balance inquiries and peer-to-peer transfers, to onboarding and biometric authentication, smartphones function as fully integrated banking terminals and digital identity carriers.
This increased dependency has made mobile banking a high-value target for cybercriminals. According to Cifas, identity fraud now accounts for nearly two-thirds of reported financial crime in the UK, underscoring the systemic risk posed by unsecured digital identities and mobile access points.
Threat actors are exploiting this channel through a combination of:
- Synthetic identity generation, often powered by generative AI, to circumvent KYC controls
- Credential harvesting via phishing, smishing, and malware-laced applications
- SIM swap attacks, which undermine two-factor authentication by redirecting OTPs and account recovery flows
- Mobile app repackaging, where legitimate financial apps are cloned, injected with malicious code, and redistributed
The convergence of mobile banking and digital identity services introduces complex security challenges. Financial institutions must now defend not only the transaction layer, but also the identity lifecycle—verifying that users are who they claim to be, continuously and securely.
At the same time, customer expectations for low-friction, high-availability experiences are at an all-time high. According to Experian’s Global Identity & Fraud Report, financial services firms are struggling to reconcile seamless access with robust fraud prevention.
Thales supports financial organisations in bridging this divide with a layered, hardware-rooted security model. Key components include:
- Embedded secure elements (eSE) and eSIMs for tamper-resistant authentication and secure mobile identity provisioning.
- FIDO-compliant biometrics and strong device binding to validate user identity without relying on vulnerable SMS channels.
- Real-time risk analytics that detect anomalies in usage patterns and apply adaptive authentication responses.
The rise of digital ID wallets, often embedded within banking apps or mobile OS ecosystems, further raises the stakes. These wallets consolidate everything from government-issued credentials to private-sector identity proofs. Their security must be built on end-to-end encryption, dynamic key management, and zero-trust principles.
Looking ahead, financial institutions must harden their mobile channels with security architecture that’s agile enough to withstand emerging threats—particularly as mobile banking platforms scale across 5G and increasingly virtualised infrastructures.
This elevated threat landscape—and the increasingly critical role of identity in mobile ecosystems—makes securing the mobile connectivity layer itself, including SIM and eSIM technologies, more important than ever.
The Rise of eSIM Technology and Its Security Advantages
The global proliferation of smartphones is leading to an increase in sophisticated cyber threats, particularly via physical SIM cards. One of the most widespread attacks today is SIM card hijacking, where the attacker impersonates the victim, to the telecom operator and persuades them to transfer the victim’s mobile phone number to a new SIM card. This can lead to identity theft, or smishing (SMS phishing) and vishing (voice phishing).
Unlike traditional SIM cards, the eSIM is embedded in an integrated circuit directly soldered to the mobile device. Remotely programmable, eSIMs allow businesses to change their package or operator without handling a physical card. While eSIMs offer greater flexibility and prevent theft or loss of the card, they are not immune to other types of cyber-attacks, such as SIM swapping.
How to Secure Mobile Communications in 2025
With these growing threats in mind, our cybersecurity experts have highlighted some best practices to secure mobile communications in 2025:
- Implement strong encryption: Use robust encryption methods with adequate key lengths to protect data in transit and at rest. This ensures that even if data is intercepted, it remains unreadable to unauthorised parties.
- Adopt post-quantum cryptography: Prepare for the future by integrating PQC algorithms into your security protocols. This will safeguard your data against the potential threats posed by quantum computing.
- Enable multi-factor authentication: Strengthen your authentication processes by requiring multiple forms of verification. This adds an extra layer of security, making it more difficult for attackers to gain unauthorised access and thus mitigating SIM / eSIM swapping attacks.
- Regular security audits: Conduct regular security assessments to identify and address vulnerabilities in your mobile communication systems. More specifically, rely on the full power of security that SIM or eSIM provide to further protect your data and communications over 5G networks such as:
- Algorithms / key rotation: capability to swap over time the security keys and cryptographic algorithm used, a key step towards meeting crypto-agility recommendations.
- Privacy protection: SIM or eSIM provide the capability to encrypt the subscribers’ mobile identity over the networks (the so-called SUPI) for a high-grade privacy protection.
- Secured networks slicing: the authentication to network slices, which are a key 5G capability, can be reinforced by leveraging the SIM / eSIM (the so-called Slice SIM application).
By implementing the above best practices, businesses can protect their mobile communications and ensure the integrity of their data.
