A leading tech company in biometrics and verification systems has warned South Africa’s mobile networks to prioritise the protection of customers through SIM swap fraud, which has raised data security concerns among industry gurus.
Gur Geva, the founder and chief executive of iiDENTIFii, an award-winning tech company which specialises in facial authentification and verification platforms, said although the SA Banking Risk Information Centre (SABRIC) had noted a slight decline in SIM swap fraud in its latest report, mobile networks such as MTN, Vodacom, Cell C and Telkom, still needed to tighten up their data security to protect against fraudsters using false identities and SIM swap scams.
This is particularly relevant as banks have started to offer mobile services, while mobile network operators are also providing financial services. This shift has led to identity theft risks that have required mobile operators to adopt strict identity verification practices inspired by the financial sector's standards.
Geva said networks should focus on the provision of simple, scalable and safe digital identity to protect consumers from fraud, while allowing them the ability to access mobile, financial and governmental services through their phones.
The current state of SIM swap fraud
SABRIC’s 2022 crime report said mobile banking fraud saw a 9% reduction in reported incidents in 2022, and that SIM swap fraud incidents declined from 87% in 2021 to 76% in 2022. While this reduction is positive, there are still a large number of SIM swap fraud incidents reported each year.
Geva said the strongest line against sophisticated SIM swap attacks lies in securing a person’s identity to each SIM which has been effectively demonstrated in countries such as Kenya, Namibia, Pakistan and Russia.
He said these countries have been enforcing varying levels of biometric SIM registration to deter fraudsters.
Increasing legislation to prevent attacks
The nature of these SIM-related crimes goes beyond financial crimes and SIM swap fraud.
In 2022, the Independent Communications Authority of SA (Icasa) published draft regulations that would require mobile network operators to collect subscriber biometric data.
Icasa said these regulations would cut down the instances of mobile number hijacking via fraudulent SIM swaps and number porting.
However, this was met by hesitance from consumers and organisations such as the Communications Risk Information Centre (COMRiC).
Consumers feared that the collection of biometric data would compromise their privacy, while COMRiC felt that biometrics as a single solution was too limited in its scope and challenging to implement at scale.
What can networks do?
Mobile networks should consider implementing clear strategies and technology to mitigate SIM swap fraud and protect their customers. While SIM swaps are problematic, identity fraud poses a whole other problem.
“When it comes to securing a person’s identity, we believe that face biometrics offer the most secure solution,” adds Geva.
In South Africa, facial biometrics would be able to verify whether the person registering a SIM is live and doing it in the present moment, as well as binding the SIM card to that applicant’s identity and facial image.
It can validate barcoded identification documents presented, RICA or FICA details and a facial image back to the Department of Home Affairs.
The question of surveillance
Biometrics are deeply personal, but opt-in biometrics do not open consumers up to surveillance.
According to Geva, opt-in biometrics are the most secure way to identify someone and keep their information and identity safe from fraud which is different from biometrics used for surveillance.
“Remote biometric on-boarding links a person’s biometric data, whether their face or fingerprint, to their account so that they, and only they, can access the account safely and securely. This protects them from fraud,” Geva said.
The question of implementation
In terms of successfully rolling out biometric identity for mobile phones in Africa to protect consumers and companies from SIM-related crime, two key criteria need to be met
– scalability and
Geva urges network providers in Africa to invest in enterprise-grade identity platforms that are robust, scalable and built to handle growing subscribers and fraud-prevention demands.