By Rual de Vries for MyBroadband
The Communications Risk Information Centre (Comric) says that relying solely on collecting customers’ biometric data to curb SIM swap fraud won’t do the trick.
Comric is a non-profit organisation established by MTN, Cell C, Telkom, Vodacom, and Liquid Intelligent Technologies.
Its goal is to identify, prevent, and mitigate risks within the South African telecommunications industry.
The Independent Communications Authority of South Africa (Icasa) published draft regulations in March 2022 that would require mobile network operators to collect subscriber biometric data.
Icasa said these regulations would reduce instances of mobile number hijacking via fraudulent SIM swaps and number porting.
The South African Banking Risk Information Centre crime statistics showed that fraudulent SIM swap incidents nearly doubled in 2020 — from 11,646 in 2019 to 22,285 in 2020.
Scammers use these techniques to take control of targets’ cellphone numbers and access their Internet banking applications.
In response to Icasa’s proposed regulations, Comric met all of the country’s mobile network operators to examine the implications and feasibility of biometric data collection.
MyBroadband asked Comric what consensus mobile operators came to during the forum.
“As biometric data is indicated as [Icasa’s] solution [to fraudulent SIM swaps], the telecommunications industry would like to explore alternative solutions,” Comric CEO Vernall Muller said.
“Biometrics is but one of many strategies to use — to require operators to implement only biometrics is taking a single approach solution, which is not the silver bullet.”
Although Comric members agree that SIM swap fraud is a problem, they said that other issues require attention in the short to medium term.
“Less than one percent of SIM swaps performed annually are fraudulent,” Comric said.
“SIM swap is but one problem, whereas identity fraud is much more problematic.”
Comric noted that the telecommunication industry already has a dedicated workstream focused on reducing the number of fraudulent SIM swaps and implementing mitigative measures.
Besides being too limited in scope, Comric said that there are several challenges and limitations to collecting subscriber biometric data.
“For operators who use direct customer touchpoints across South Africa in the informal and rural areas, implementing biometrics will have immense cost implications and logistical challenges,” said Comric.
“Operators that use wholesale channels do not appoint their own agents in the distribution channels, which means they have no control or visibility over the implementation of biometrics,” the association added.
“Should Icasa’s proposed changes get adopted, it will require extensive changes to existing systems and databases.”
Therefore, the forum attendees agreed they should be allowed to present Icasa with a timeline regarding biometric data implementation.
“The implementation should be done in a flexible manner, where operators are given leeway to decide what is best to accommodate all consumers,” the association said.
“In the interim, the telecommunications industry, Comric, and ICASA should engage further to identify the core of the problem we want to solve, identify temporary solutions, and create a long-term plan to implement biometrics.”