Earlier this week, regulator the Independent Communications Authority of South Africa (Icasa) published draft regulations for public comment. Included was a proposal to tie South Africans' biometric data to their SIM cards - and, by extension, their phone numbers.
This is proposed to crack down on SIM swap fraud and it may well be the only solution to protect the greater society.
Your cellphone could provide a way for cybercriminals to access your financial accounts and gain access to your sensitive personal information and other accounts - all of this through your mobile number.
As soon as a criminal is able to change the SIM card connected to your mobile number, it gives them control over your mobile number — and they are able to receive the access code to your account.
This gives the criminal free rein to act as if it they are you conducting transactions while you are completely unaware of what is taking place. In fact, no one will ever know that it was not you that withdrew all the money in your current account when it was withdrawn from your mobile app.
SIM card fraud is unfortunately rife in South Africa and mobile network operators are at a loss how to deal with this.
In addition, the RICA legislation (Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002) places a positive obligation on mobile network operators to obtain certain when a SIM card is sold.
Before a telecommunication service provider enters into a contract with a subscriber or sells them a SIM card, the telecommunication must get details such as the subscriber's full names, identity number, residential and business or postal address, whichever is applicable; and a certified photocopy of their identification document on which their photo, full names and identity number, whichever is applicable, appear. Such information must also be retained.
The problem, however, is that mobile network operators make use of various entities to sell SIM cards and cannot be at all places as all times to monitor that this information is correct and in fact obtained. Whether we like it or not, fraud takes place, and this means that SIM swaps take place. There is sometimes no record of the person behind a SIM card and this allows for criminal activity to take place unchecked.
In a world with various pieces of legislation in place, the broader legislative landscape should serve the public interest. It is undoubtedly in the public interest to prevent or at least aim to limit cyber fraud and therefor collecting biometric information could very well serve the public interest.
Icasa as the telecommunication regulator should support mobile network obligations and put forward solutions that benefit the industry and society in general. This might just be a workable solution. The future will shed light as to the possibilities when it comes to SIM card fraud and curbing that through biometric data.
Ahmore Burger-Smidt, Director and Head of Data Privacy and Cybercrime Practice at Werksmans Attorneys. Views are the author's own.