The Independent Communications Authority of South Africa (Icasa) has published draft regulations that will require mobile network operators to collect subscriber biometric data.
This is to crack down on SIM swap fraud, the regulator stated.
“Over a period, the Authority has been presented with concerns wherein mobile numbers have been hijacked either through a porting and/or SIM swap transaction,” Icasa explained.
“The hijacking of mobile numbers is a small but integral part of a wider form of fraud where sensitive data is diverted or comes in the control of criminal elements.”
Icasa believes that associating mobile numbers with subscriber biometric data will help curb the hijacking of cellphone numbers.
“There are several jurisdictions that have linked mobile numbers with biometric data of subscribers,” the regulator said.
“Thus, this form of authentication is in practice and is a possible remedy to ensure that subscribers do not lose control of their assigned mobile numbers.”
Icasa does not specify whether the biometric data must be fingerprints, facial recognition, voice recognition, iris scans, or a combination, seemingly leaving the decision up to the operators.
Mobile numbers assigned to a juristic person would be exempted from these new regulations.
Icasa’s draft regulations explain that the process would work as follows:
- On activation of a mobile number on its network, operators must ensure that they collect and link the subscriber’s biometric data to the number.
- Operators must ensure that, at all times, they have the current biometric data of an assigned mobile number.
- Operators must only use the biometric data to authenticate subscribers.
- If a subscriber requests a SIM swap, operators must ensure the biometric data of the user requesting the swap corresponds with the biometric data associated with the mobile number.
- If the biometric data does not correspond, they must decline the SIM swap.
Icasa’s draft amendment to its numbering plan regulations is open for public comment until 11 May 2022.