SIM Fraud Solution Sparks Privacy Fears

Privacy and data security concerns have been raised over a plan to link South African phone users’ biometric data to their SIM cards.

The proposal by the Independent Communications Authority of South Africa (ICASA) was among a list of draft regulations published by the watchdog for public commentary in March. If approved, it would give cell phone networks access to their customer’s fingerprints, facial recognition data, retina scans, and biometric and behavioral data.

“On activation of a mobile number on its network, a licensee must ensure that it collects and links the biometric data of the subscriber to the number,” states the proposal. 

“A licensee must ensure that, at all times, it has the current biometric data of an assigned mobile number.”

Under the proposal, the mobile network must ensure that the biometric data of a user requesting a SIM swap corresponds with the biometric data associated with the mobile number.

Icasa said the proposed new security measure would reduce fraudulent activity and SIM swapping attacks. 

“The authority is of the view that the association of mobile numbers with the biometric data of a subscriber will assist to curb the hijacking of assigned subscriber mobile numbers,” said Icasa.

Members of the public, who have until May 11 to comment on the proposal, have expressed fears that it will lead to an invasion of privacy. Identity theft concerns have been raised in submissions to the DearSA website that query what could happen if a SIM card is stolen or cloned.

Other submissions ask what could happen if the biometric data entrusted to the care of phone networks is lost, hacked, or stolen. 

Dear SA chairperson Rob Hutchinson said concerns had also been raised around the usage of private data by the service providers and potentially by the government. 

“We feel that this bill, although well-intentioned, has major flaws in practical application,” said Hutchinson. Read more:

You can also read this: Security Lessons From a Payment Fraud Attack

Leave a Reply

Your email address will not be published. Required fields are marked *