~
So anybody who has eavesdropped you can successfully do this attack without having any kind of your physical identity.
a simple confirmation call from provider to old sim card should help mitigate this attack
if this can't be done, then it requires "a personal visit to store and proof of identity" like Lucius said
They should be, but they heavily rely on last 4 digit of SSN. If your last 4 digit of SSN become public a lot of attacks like (sim port), I guess can be successfully launched.
If by chance , if your all 10 digit of SSN are known, then somebody will able to take the bank loan on it. (Again no physical identity paper (SSN) required.