Mobile networks must not be complacent about SIM swap fraud and they need to prioritise the protection of customers.

This is according to Gur Geva, founder and CEO of iiDentifii, who adds: “Although SABRIC has noted a slight decline in reported SIM swap fraud in its latest report, mobile service providers still need to tighten up their data security to protect against fraudsters using false identities and SIM swap scams.”

This is particularly relevant as telecommunications and banking industries become increasingly intertwined. Banks now offer mobile services, while mobile network operators provide financial services, and so there is a convergence between the regulatory requirements of FICA and RICA.

This shift has led to heightened identity theft risks, requiring mobile operators to adopt stringent identity verification practices inspired by the financial sector’s standards.

Operators need to define practical, robust security solutions that adhere to and surpass current telco legislation.

Geva says: “In order to combat SIM swap and identity fraud, networks should focus on the provision of simple, scalable and safe digital identity. This has a far-reaching impact, not only on safer mobile use and the protection of consumers from fraud, but also on the ability of consumers to access mobile, financial and governmental services through their phones.”

The current state of SIM swap fraud

SABRIC’s 2022 crime report notes that mobile banking fraud saw a 9% reduction in reported incidents in 2022, and that SIM swap incidents declined from 87% in 2021 to 76% (7 657) in 2022. While this reduction is positive, there are still thousands of SIM swap fraud incidents reported each year.

“Cyber-crime will continue to evolve, and networks need to be prepared for increasingly sophisticated SIM swap attacks. Their strongest line of defense is in securing the identity of a person’s identity to each SIM,” says Geva.

The effectiveness of this approach has been demonstrated in nations such as Kenya, Namibia, Pakistan and Russia, which have all been enforcing varying levels of biometric SIM registration to deter fraudsters.

Increasing legislation to prevent attacks

The nature of these SIM-related crimes goes beyond financial crimes and SIM swap fraud.

“For the cost of a few unregistered SIM cards at R5 each from a roadside vendor, planning a murder becomes untraceable by police through RICA, and thus virtually risk-free,” says Natasha Mazzone, the DA’s shadow minister of communications and digital technologies in an article on RICA legislation.

In 2022, ICASA published draft regulations that would require mobile network operators to collect subscriber biometric data. ICASA said these regulations would reduce instances of mobile number hijacking via fraudulent SIM swaps and number porting.

However, this was met by hesitance from consumers and organisations such as Communications Risk Information Centre (ComRiC).

Consumers feared that the collection of biometric data would compromise their privacy, while ComRiC felt that biometrics as a single solution was too limited in its scope and challenging to implement at scale.

What networks can do

Mobile networks (as owners of the SIM and the technology behind it) should consider implementing clear strategies and leading technologies to mitigate SIM swap fraud and protect their customers. And while SIM swaps constitute one problem, identity fraud is far more problematic.

“When it comes to securing a person’s identity, we believe that face biometrics offer the most secure solution,” adds Geva.

In South Africa, face biometrics would be able to verify whether the person registering a SIM is live and doing it in the present moment, as well as binding the SIM card to that applicant’s identity and facial image.

It can validate barcoded identification documents presented, RICA or FICA details and a facial image back to the Department of Home Affairs.

This prevents identity fraud and proves that the individual applying for services online is a ‘live’ person and not a deepfake. SIM swaps become a moot point, as all SIM cards are then data bound to a legitimate individual with accurate RICA requirements.

The question of surveillance

Biometrics are deeply personal, but opt-in biometrics do not open consumers up to surveillance.

“Because biometric technology only started making its way into the mainstream relatively recently, consumers are still unsure of what the technology entails and how it may be used. This, naturally, leads to some misconceptions and fears.

“The reality is that opt-in biometrics are the most secure way to identify someone – and keep their information and identity safe from misuse – and these differ a great deal from biometrics used for surveillance,” says Geva.

Remote biometric onboarding links a person’s biometric data, whether their face or fingerprint, to their account so that they, and only they, can access the account safely and securely. This protects them from fraud.

The question of implementation

In terms of successfully rolling out biometric identity for mobile phones in Africa to protect consumers and companies from SIM-related crime, two key criteria need to be met: scalability and accessibility.

“I urge network providers in Africa to invest in enterprise-grade identity platforms that are robust, scalable and built to handle growing subscribers and fraud-prevention demands,” says Geva.

“SIM swaps are still a major problem, and networks still have a way to go in protecting consumers. By securing identity for all SIM at the moment of registration, it is possible to make great leaps in providing protection against SIM-related crimes.”