You're not wrong, but trust is an issue here as well.
If someone convinces both Person A and Person B of their legitimacy, even if they're not legitimate, this doesn't solve anything.
If Person A and Person B trust one another personally, then _idealistically_ you're vulnerable to collusion (intentional) or abuse (unintentional).
If Person B trusts Person A because of some policy or technical attestation, that means the policy or technical criteria needs to be robust against abuse.
If you're in-person at, say, a T-Mobile store, then it's not likely that Person A and Person B don't work together, but even if they don't, the first issue still applies.
I've watched T-Mobile store employees just pass an iPad to a manager and say "can you type in your code?" Depending on the employee or what process was requiring approval, the manager might or might not have asked "what are you doing?" "Can you justify this?" etc.
You can make the higher level person liable for their passcode usage. It’ll only take a few examples to be made for them to change their approach.
This whole two person security thing being untrusted seems silly however, as that’s what nuclear missile silos typically use to avoid rogue actors. Why it won’t work here seems odd, if you put the right punishments in place.
Nuclear missile launches are a very, very far cry from phone company customer support operations.
To engage the comparison nevertheless, at least regarding silos, the two person rule is physically enforced using space itself. You could collude, but the likelihood of two people getting to that point and then going through with it is so infinitesimally small as to be, essentially, purely academic.
The risks to one or two actors fraudulently SIM swapping someone’s line are much, much different.
Proportionality matters as much here as anywhere. What would a sufficient deterring punishment look like in this case that would make others think twice? People have already lost their jobs and been tried under existing law for this and it continues to happen.
