South Africa’s networks could be forced to collect biometric data — what’s next
South Africa’s mobile network operators will discuss the ramifications of being forced to collect subscriber biometric data at the Communications Risk Information Centre (Comric) industry forum.
This is according to Cell C’s chief legal officer Zahir Williams.
Last month, the Independent Communications Authority of South Africa (Icasa) published draft regulations that will require mobile network operators to collect subscriber biometric data.
These proposed rules are in response to rising SIM-swap fraud, where mobile numbers have been hijacked either through number porting or a SIM swap transaction.
In most cases, this form of fraud takes control of a victim’s cellphone number to target Internet banking applications, and it seems the problem has only gotten worse.
SIM swap fraud nearly doubled in 2020, and digital banking fraud victims lost over R309 million to criminals, according to the latest statistics from the South African Banking Risk Information Centre.
Icasa believes associating mobile numbers with subscriber biometric data will help curb SIM swap fraud.
“The collection of subscriber biometric data is an important telco industry matter that will be considered at an industry forum provided by the Communications Risk Information Centre (Comric),” said Cell C’s Williams.
“Cell C, Vodacom, MTN, Telkom and Liquid Intelligent Technologies are members of Comric and will be meeting in the coming weeks to discuss factors that must be taken into account when collecting biometric information,” Williams added.
The discussion will include the types of biometric data collected, the applicability of privacy laws, the technology needed, the logistics of capturing such data, the costs involved, and who would carry these expenses.
MTN informed MyBroadband that they would be guided by the outcome of Comric’s assessments, which require an in-depth discussion before the industry arrives at a position.
Vodacom said it is encouraged by the proposed customer protection measures detailed in Icasa’s draft regulations.
“We intend to respond to Icasa’s draft regulations and provide inputs to Icasa in terms of the most practical means to ensure our customers’ protection against fraud while also minimising any possible inconvenience to them.”
Telkom did not respond to a request for comment.
While this added layer of protection seems secure, there are potential risks to using biometric data.
Hackers have demonstrated how easy it is to steal and exploit biometric data — effectively tricking facial and fingerprint recognition systems, the Wall Street Journal reported.
While changing your password might be annoying, it’s impossible to change your face or fingerprints if they are compromised.
Additionally, South Africa’s networks must provide services on platforms which may not have the functionality to capture biometric data.
This includes people that don’t have smartphones at all. It could feel like a step backwards if subscribers must be physically present at a branch to perform SIM swaps or make other changes to their accounts.