Oh, that is really bad then 😞 You were almost the market leader in sim replacement security but are actually just the same as everyone else in offering not enough security.
Please feedback that you should make it clear to your customers that this option is offering an easily bypassed security gate and that three should give their customers the opportunity to turn off accepting answers to 'other security questions' so that we can have some level of actual additional security regarding sim replacements. A compromise could be to build in a cooling off period into the replacement i.e if no is selected on an account with a sim password then it takes 48 hours to process and requires the existing sim to not be used during that time frame. This allows customers to automatically reject these attempts to do bad things with a sim replacement.
Referring to "2. Select how much you would typically top up each month? 5-10, 10-20, 20-30, 30+" as a security question is being very complimentary to the difficulty in answering. It only has 4 options. Its quite possible that 20 is the answer to two of the 4 options and would be the dramatically most popular amount for most people. 50/50 chance best case or 1 in 4 chance of getting it right worse case. That doesnt really compare to the effort to guess a 4 digit pin.
You are close to offering a really strong additional layer of security and its possible to do that without impacting customer experience.
