Now that said: in the EU (well in France at least), the biggest operators are teaming up and coming up with an interesting system called "SIM Verify" which is specifically crafted to make the life of SIM-swappers sad [1].
Basically companies relying on SMS can verify if a SIM card has been recently swapped and then act accordingly (like, for example, not allowing a password reset by SMS 30 minutes after a card has been SIM swapped).
I'm not saying it's a panacea, but it's a start (and it's all compliant with the EU's GDPR).
That is pointless in the days of eSIM, and even before that it would result in a lot of trouble as a lot of countries don't require people to register a new residence at some government entity that can act as a source of truth.
Now that said: in the EU (well in France at least), the biggest operators are teaming up and coming up with an interesting system called "SIM Verify" which is specifically crafted to make the life of SIM-swappers sad [1].
Basically companies relying on SMS can verify if a SIM card has been recently swapped and then act accordingly (like, for example, not allowing a password reset by SMS 30 minutes after a card has been SIM swapped).
I'm not saying it's a panacea, but it's a start (and it's all compliant with the EU's GDPR).
https://www.sfrpay.fr/Nos-solutions/Mobile-ID/SIM-Verify