How networks want to tackle SIM-swap fraud in South Africa

ICASA recently published its findings report for the number portability public inquiry it conducted.

ICASA received submissions from the following operators: Cell C, MTN, Neotel, Ohren Telecoms, Switch Telecom, Telkom, and Vodacom.

It reported that the risk of fraud, or “slamming”, has become a key concern for the industry.

SIM-swap fraud is often used to gain access to a victim’s online banking profile. If someone has control over your cellphone number, they receive the one-time PIN messages meant to protect your account from unauthorised access.

Earlier this year, attorney Johan Victor said he would bring a case against Absa and Standard Bank on behalf of 20 victims, due to online banking fraud. Victor also blamed cellular networks for the role they played in the cases he was handling.

Securing number portability

ICASA said its inquiry suggests the current system to validate port requests from prepaid subscribers may not be secure enough.

However, the operators disagree on the best way to ensure the port request comes from a subscriber.

“Some suggested that a double opt-in or confirmation SMS from the donor operator is put in place,” said ICASA.

ICASA noted that the notification from the donor should not in any way infringe on the customer’s right to port.

Another respondent suggested that subscribers manually trigger port cancellations and reversals without the need to contact a call centre.

“One respondent disagreed strongly with this approach, arguing that the mobile portability is relatively untouched by fraud, and that there is a lack of empirical evidence that bank fraud is linked to an increased porting activity.”

Fraud

ICASA cited several examples of how other countries tackle fraud, stating that an additional step in the existing process could work in South Africa.

This would involve the central database provider, the Number Portability Company (NPC), sending a code to the subscriber when the port starts.

In line with current portability regulations, the donor network may not send a direct message to the subscriber.

However, to introduce a PIN in the process, the ordering system specification would need to be amended.

This would require operators to agree on which steps must be taken, in terms of:

  • How the PIN can be obtained. Through the recipient operator or by the user to a defined Freephone number.
  • Alternatives to SMS. In particular for geographic number portability – this may require the NPC to implement a new IVR system.
  • How the industry wants to address issues related to the language of communication with the user.

While respondents questioned whether the NPC is the best party to send the message, due to security issues, ICASA said the PIN-based mechanism must be implemented by the NPC.

It will also need to support SMS and interactive voice response systems for geographic number porting.

“This will require additional investments. Licensed operators will also require an update to their systems,” said ICASA.

Now read: ABSA and Standard Bank face big fight over Internet banking fraud

Latest news

Partner Content

Show comments

Recommended

Share this article
How networks want to tackle SIM-swap fraud in South Africa