The South African independent body ICASA, which regulates the sphere of communications, has come up with a radical initiative that should solve the problem of SIM swapping. Thus, ICASA proposed to oblige local telecom operators to collect and store biometric data of their subscribers. If the initiative is approved, operators like Vodacom and MTN will be able to use this data to confirm the identity of subscribers applying for a number transfer.
SIM swapping is a type of fraud when the victim’s phone number is transferred to the fraudster’s SIM card, which thus can gain access to her academic records bypassing multi-factor authentication, including in banking and cryptocurrency services.
Many telecom operators do not have mechanisms that protect against SIM swapping, and if they do, unscrupulous employees can still bypass them, for example, for a bribe.
According to ICASA experts, linking mobile numbers to subscribers’ biometric data will close all possible loopholes and solve the problem of phone number theft once and for all. It is not specified which data (face image, fingerprints, iris pattern, voice, or both) are meant.
According to the initiative, the anti-simswoping system will work as follows:
When activating a mobile number on the network (existing numbers will also be considered new), the telecom operator must remove the subscriber’s biometric data and link them to the phone number;
The telecom operator must store biometric data at all times;
The biometric data collected by the telecom operator should be used exclusively for authentication of the owner of the linked phone number;
If a subscriber requests the transfer of a phone number to another SIM card, the telecom operator must make sure that his biometric data matches those that were taken during the activation of the mobile number. If the data does not match, the telecom operator is obliged to refuse to transfer the number.