Defending against SIM swap fraud

February 2024 Access Control & Identity Management

Mobile networks must not be complacent about SIM swap fraud, and they need to prioritise the protection of customers, according to Gur Geva, Founder and CEO of iiDENTIFii.

“Although SABRIC has noted a slight decline in reported SIM swap fraud in its latest report, mobile service providers still need to tighten up their data security to protect against fraudsters using false identities and SIM swap scams,” says Geva.

This is particularly relevant as telecommunications and banking industries become increasingly intertwined. Banks now offer mobile services, while mobile network operators provide financial services, and so there is a convergence between the regulatory requirements of FICA and RICA. This shift has led to heightened identity theft risks, requiring mobile operators to adopt stringent identity verification practices inspired by the financial sector's standards.

Operators need to define practical, robust security solutions that adhere to and surpass current telco legislation. Geva says, “In order to combat SIM swap and identity fraud, networks should focus on the provision of simple, scalable and safe digital identity. This has a far-reaching impact, not only on safer mobile use and the protection of consumers from fraud, but also on the ability of consumers to access mobile, financial and governmental services through their phones.”

The current state of SIM swap fraud

SABRIC’s 2022 crime report notes that mobile banking fraud saw a 9% reduction in reported incidents in 2022, and that SIM swap incidents declined from 87% in 2021 to 76% (7 657) in 2022. While this reduction is positive, there are still thousands of SIM swap fraud incidents reported each year.

“Cybercrime will continue to evolve, and networks need to be prepared for increasingly sophisticated SIM swap attacks. Their strongest line of defence is in securing the identity of a person’s identity to each SIM,” says Geva.

The effectiveness of this approach has been demonstrated in nations such as Kenya, Namibia, Pakistan and Russia, which have all been enforcing varying levels of biometric SIM registration to deter fraudsters.

Increasing legislation to prevent attacks

The nature of these SIM-related crimes goes beyond financial crimes and SIM swap fraud. “For the cost of a few unregistered SIM cards at R5 each from a roadside vendor, planning a murder becomes untraceable by police through RICA, and thus virtually risk-free,” says Natasha Mazzone, the DA’s Shadow Minister of Communications and Digital Technologies in an article on RICA legislation.

In 2022, ICASA published draft regulations that would require mobile network operators to collect subscriber biometric data. ICASA said these regulations would reduce instances of mobile number hijacking via fraudulent SIM swaps and number porting. However, this was met with hesitance from consumers and organisations such as the Communications Risk Information Centre (COMRiC). Consumers feared that the collection of biometric data would compromise their privacy, while COMRiC felt that biometrics as a single solution was too limited in its scope and challenging to implement at scale.

What networks can do

Mobile networks (as owners of the SIM and the technology behind it) should consider implementing clear strategies and leading technologies to mitigate SIM swap fraud and protect their customers. And while SIM swaps constitute one problem, identity fraud is far more problematic.

“When it comes to securing a person’s identity, we believe that face biometrics offer the most secure solution,” adds Geva.

In South Africa, face biometrics would be able to verify whether the person registering a SIM is live and doing it in the present moment, as well as binding the SIM card to that applicant’s identity and facial image. It can validate barcoded identification documents presented, RICA or FICA details and a facial image back to the Department of Home Affairs. This prevents identity fraud and proves that the individual applying for services online is a ‘live’ person and not a deepfake. SIM swaps become a moot point, as all SIM cards are then data bound to a legitimate individual with accurate RICA requirements.

The question of surveillance

Biometrics are deeply personal, but opt-in biometrics do not open consumers up to surveillance. “Because biometric technology only started making its way into the mainstream relatively recently, consumers are still unsure of what the technology entails and how it may be used. This, naturally, leads to some misconceptions and fears. The reality is that opt-in biometrics are the most secure way to identify someone – and keep their information and identity safe from misuse – and these differ a great deal from biometrics used for surveillance,” says Geva.

Remote biometric onboarding links a person’s biometric data, whether their face or fingerprint, to their account so that they, and only they, can access the account safely and securely. This protects them from fraud.

The question of implementation

In terms of successfully rolling out biometric identity for mobile phones in Africa to protect consumers and companies from SIM-related crime, two key criteria need to be met: scalability and accessibility.

“I urge network providers in Africa to invest in enterprise-grade identity platforms that are robust, scalable and built to handle growing subscribers and fraud-prevention demands,” says Geva. “For example, most of South Africa’s leading banks have relied on our own enterprise-grade platform at iiDENTIFii to roll out fast and effective mobile banking verification initiatives at scale. This has proven that, with a simple, fast and friction-free tool, consumers are willing to pass through an extra layer of digital protection.”

“SIM swaps are still a major problem, and networks still have a way to go in protecting consumers. By securing identity for all SIMs at the moment of registration, it is possible to make great leaps in providing protection against SIM-related crimes.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access Selection Guide 2024
Access Control & Identity Management
The Access Selection Guide 2024 includes a range of devices geared specifically for the access control and identity management market.

Biometrics Selection Guide 2024
Access Control & Identity Management
The Biometrics Selection Guide 2024 incorporates a number of hardware and software biometric identification systems aimed at the access and identity management market of today.

Smart intercoms for Sky House Projects
Nology Access Control & Identity Management Residential Estate (Industry)
DNAKE’s easy and smart intercom solution has everything in place for modern residential buildings. Hence, the developer selected DNAKE video intercoms to round out upmarket apartment complexes, supported by the mobile app.

Authentic identity
HID Global Access Control & Identity Management
As the world has become global and digital, traditional means for confirming authentic identity, and understanding what is real and what is fake have become impractical.

Research labs secured with STid Mobile ID
Access Control & Identity Management
When NTT opened its research centre in Silicon Valley, it was looking for a high-security expert capable of protecting the company’s sensitive data. STid readers and mobile ID solutions formed part of the solution.

Is voice biometrics in banking secure enough?
Access Control & Identity Management AI & Data Analytics
As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.

Unlocking efficiency and convenience
OPTEX Access Control & Identity Management Transport (Industry)
The OVS-02GT vehicle detection sensor is the newest member of Optex’s vehicle sensor range, also known as ‘virtual loop’, and offers reliable motion detection of cars, trucks, vans, and other motorised vehicles using microwave technology.

Protecting our most vulnerable
NEC XON Access Control & Identity Management Products & Solutions
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.