11. From your experience, how do we get to the real customer in case of an identified swapped SIM.

Hash is always created based on the Public IP address and Port which we are able to read from the user’s request. In case a fraudster swapped a SIM, the IMSI number will be different (and arguably IMEI as well), so the Mobile ID hash will change and Bank will detect this by comparing the expected and received Mobile ID, upon which they can do any further verifications. If it is a legit SIM Swap, the user will need to go through the process of re-assigning a new Mobile ID to their account (basically the same procedure as assigning the Mobile ID for the first time)