- The threat of SIM swap fraud looms large over South Africa’s telecommunications landscape.
- Strengthening identity verification practices is paramount to safeguarding consumers and preserving trust in the digital ecosystem.
- Operators need to define practical, robust security solutions that adhere to and surpass current telco legislation.
In today’s digital age, where mobile phones have become an indispensable part of everyday life, the threat of SIM swap fraud looms large over South Africa’s telecommunications landscape.
Gur Geva, founder and CEO of face authentication and identity verification platform , iiDENTIFii, underscores the critical importance for mobile networks to prioritize customer protection and combat this pervasive menace.
“While there has been a slight decline in reported SIM swap fraud cases, mobile service providers must remain vigilant and bolster their data security measures,” asserts Geva.
Despite strides in mitigating fraud, fraudsters continue to exploit vulnerabilities in identity verification processes, underscoring the imperative for enhanced security protocols.
The symbiotic relationship between telecommunications and banking sectors amplifies the stakes, as mobile operators increasingly offer financial services.
Combating SIM swap and identity fraud
This convergence mandates a cohesive approach to regulatory compliance, particularly concerning the Financial Intelligence Centre Act (FICA) and the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA).
Strengthening identity verification practices is paramount to safeguarding consumers and preserving trust in the digital ecosystem.
Operators need to define practical, robust security solutions that adhere to and surpass current telco legislation.
Geva says, “In order to combat SIM swap and identity fraud, networks should focus on the provision of simple, scalable, and safe digital identity. This has a far-reaching impact, not only on safer mobile use and the protection of consumers from fraud, but also on the ability of consumers to access mobile, financial, and governmental services through their phones.”
The current state of SIM swap fraud
According to SABRIC’s 2022 crime report, there was a 9 per cent decrease in reported mobile banking fraud incidents in 2022. Specifically, SIM swap incidents decreased from 87 per cent in 2021 to 76 per cent (7,657 cases) in 2022.
While this reduction is a positive development, it’s crucial to note that thousands of SIM swap fraud incidents are still reported annually.
Geva emphasizes the need for vigilance in light of the evolving landscape of cyber-crime. “Cyber-crime will continue to evolve, and networks need to be prepared for increasingly sophisticated SIM swap attacks,” he remarks.
He underscores the importance of securing individuals’ identities to each SIM as the strongest line of defense against such attacks.
The efficacy of this strategy has been validated in countries like Kenya, Namibia, Pakistan, and Russia. These nations have implemented varying levels of biometric SIM registration, effectively deterring fraudsters and enhancing security measures.
Increasing legislation to prevent attacks
The nature of these SIM-related crimes extends beyond financial crimes and SIM swap fraud.
“For the cost of a few unregistered SIM cards at R5 each from a roadside vendor, planning a murder becomes untraceable by police through RICA, and thus virtually risk-free,” says Natasha Mazzone, the DA’s Shadow Minister of Communications and Digital Technologies in an article on RICA legislation.
In response to these alarming trends, ICASA introduced draft regulations in 2022 mandating mobile network operators to gather subscriber biometric data. The rationale behind these regulations was to mitigate instances of mobile number hijacking through fraudulent SIM swaps and number porting.
However, the proposed regulations encountered resistance from both consumers and organizations like the Communications Risk Information Centre (COMRiC).
Consumers expressed apprehensions regarding the potential compromise of their privacy due to the collection of biometric data. Additionally, COMRiC argued that relying solely on biometrics as a solution was overly restrictive and logistically challenging to implement on a large scale.
What can telecom networks can do?
Mobile networks, being the proprietors of SIM cards and the underlying technology, ought to contemplate the adoption of transparent strategies and cutting-edge technologies to mitigate SIM swap fraud and safeguard their clientele.
While SIM swaps pose a significant challenge, the threat of identity fraud looms even larger.
“When it comes to securing a person’s identity, we believe that face biometrics offer the most secure solution,” adds Geva.
In the context of South Africa, facial biometrics possess the capability to authenticate whether the individual registering a SIM card is physically present at the time of registration.
Additionally, it binds the SIM card to the applicant’s identity and facial characteristics, thereby validating barcoded identification documents, RICA or FICA details, and facial images authenticated by the Department of Home Affairs.
This proactive approach not only prevents identity fraud but also confirms the legitimacy of individuals seeking online services. Consequently, SIM swaps lose their relevance, as all SIM cards are securely linked to authentic individuals, meeting precise RICA requirements.
The Question of Surveillance
While biometrics are inherently personal, opting into biometric authentication does not expose consumers to surveillance.
“Because biometric technology only started making its way into the mainstream relatively recently, consumers are still unsure of what the technology entails and how it may be used. This, naturally, leads to some misconceptions and fears.
“The reality is that opt-in biometrics are the most secure way to identify someone – and keep their information and identity safe from misuse – and these differ a great deal from biometrics used for surveillance,” says Geva.
Remote biometric onboarding securely links an individual’s biometric data, such as their facial features or fingerprints, to their account. This ensures that only the authorized user can access the account, offering protection against fraudulent activities.
The Question of Implementation
To effectively implement biometric identity for mobile phones in Africa and combat SIM-related crimes, two crucial factors must be addressed: scalability and accessibility.
“I urge network providers in Africa to invest in enterprise-grade identity platforms that are robust, scalable, and built to handle growing subscribers and fraud-prevention demands,” says Geva.
“For example, most of South Africa’s leading banks have relied on our own enterprise-grade platform at iiDENTIFI to roll out fast and effective mobile banking verification initiatives at scale. This has proven that, with a simple, fast and friction-free tool, consumers are willing to pass through an extra layer of digital protection.”
Despite advancements, SIM swaps remain a significant challenge, highlighting the ongoing need for enhanced consumer protection measures. By ensuring identity verification for all SIM cards at the point of registration, significant strides can be made in combating SIM-related crimes.
The urgency to address SIM swap fraud in South Africa cannot be overstated. Mobile networks must uphold their commitment to safeguarding customers by adopting innovative technologies and regulatory frameworks to counter evolving cyber threats.
Through a concerted focus on security and the adoption of robust identity verification solutions, South Africa can reinforce its digital infrastructure and pave the way for a safer and more resilient digital landscape.