SIM swap fraud is an identify theft threat that has become quite popular among cybercriminals in recent years.
While its prevalence has decreased slightly of late, it remains a problem for many, but some steps can be taken at a regulatory level to make these types of scams less of a threat moving forward.
Unpacking some of those potential measures is Gur Geva, founder and CEO of iiDENTIFii (pictured below), who believes that the intertwining of the telecommunications industry with other fields, such as banking, means vigilance around SIM swap fraud has never been more necessary.
For those unfamiliar with this popular scam, SIM swap fraud, which is also referred to as simjacking or simcard hacking,
“The main aim of SIM swapping is usually to exploit two-factor authentication to gain fraudulent access to bank accounts,” explains Avast in a blog post regarding the scam.
“For a SIM swap attack to work, scammers need to successfully impersonate a victim and convince their mobile carrier to transfer their mobile service to another SIM card. To do this, they usually claim that the original SIM card has been lost, stolen, or damaged, and they provide sensitive personal information to ‘prove’ their identity,” it adds.
According to a recent South African Banking Risk Information Risk (SABRIC) report, SIM swap fraud is down significantly per ITWeb, with only 71 reports indicated in 2022 compared to a mammoth 4 508 in 2021.
While the local numbers show a notable decline, globally it is still a real problem, meaning it could once again become a popular attack vector for hackers moving forward.
Research from EFANI found that SIM swap fraud increased 400 percent just in the last year globally, with the average cash loss incurred by victims estimated at $10 000 (~R189 251) for each incident. Both individuals and corporations may suffer terrible repercussions due to this substantial financial effect.
Shifting back to the local outlook and Geva is of the opinion that the intertwining of telecommunications with other service-based industries means more needs to be done to prevent SIM swap fraud in SA.
Here he explains that financial institutions now offer mobile services, while mobile network operators provide financial services, resulting in a convergence between the regulatory requirements of FICA and RICA.
“This shift has led to heightened identity theft risks, requiring mobile operators to adopt stringent identity verification practices inspired by the financial sector’s standards,” iiDENTIFii highlighted in a release shared with Hypertext.
“In order to combat SIM swap and identity fraud, networks should focus on the provision of simple, scalable and safe digital identity. This has a far-reaching impact, not only on safer mobile use and the protection of consumers from fraud, but also on the ability of consumers to access mobile, financial and governmental services through their phones,” advised Geva.
It is at this point that the founder and CEO advocates for biometrics as a security measure that network operators can implement, especially as they are the owners of the SIMs and the technology behind them.
“When it comes to securing a person’s identity, we believe that face biometrics offer the most secure solution,” said Geva.
“In South Africa, face biometrics would be able to verify whether the person registering a SIM is live and doing it in the present moment, as well as binding the SIM card to that applicant’s identity and facial image. It can validate barcoded identification documents presented, RICA or FICA details and a facial image back to the Department of Home Affairs. This prevents identity fraud and proves that the individual applying for services online is a ‘live’ person and not a deepfake. SIM swaps become a moot point, as all SIM cards are then data bound to a legitimate individual with accurate RICA requirements,” iiDENTIFii posited.
For those concerned about having their biometric data freely accessible to third parties, Geva believes opt-in biometrics are in fact far safer and secure as a verification method.
“Because biometric technology only started making its way into the mainstream relatively recently, consumers are still unsure of what the technology entails and how it may be used. This, naturally, leads to some misconceptions and fears. The reality is that opt-in biometrics are the most secure way to identify someone – and keep their information and identity safe from misuse – and these differ a great deal from biometrics used for surveillance,” he explained.
“I urge network providers in Africa to invest in enterprise-grade identity platforms that are robust, scalable and built to handle growing subscribers and fraud-prevention demands. For example, most of South Africa’s leading banks have relied on our own enterprise-grade platform at iiDENTIFI to roll out fast and effective mobile banking verification initiatives at scale. This has proven that, with a simple, fast and friction-free tool, consumers are willing to pass through an extra layer of digital protection,” he concluded.
With SIM swap fraud potentially returning as a popular attack vector, network operators may soon have an important decision to make.