<\/p>\n
You can also listen to this podcast on iono.fm\u00a0here.<\/p>\n
JEREMY MAGGS: South Africa is losing billions of rand to SIM swap fraud every year, raising urgent questions about whether SIM registration rules are simply too weak for a digital banking age. To discuss how this fraud works, why existing safeguards are failing, and whether biometric SIM registration could in fact help close the gap, I\u2019m joined by Johan van Graan, who is a telecoms security expert, former chief risk officer at Vodacom.<\/p>\n
Johan, a very warm welcome to you. Maybe just a quick primer for us. A quick background here. How does SIM swap fraud usually work in practice? What\u2019s happening here?<\/p>\n
JOHAN VAN GRAAN: Jeremy, thank you. SIM swap fraud is the enabler that the criminals use to intercept a one-time password (OTP) to take over a social media account. The actual fraud is by accessing the internet banking where they have previously fished this Pin (personal identification number) and password of a customer, sending WhatsApp messages to say I need money, please send money. So the SIM swap fraud is where the SIM is fraudulently swapped, but the actual fraud takes place outside the telecoms network.<\/p>\n
Read: Who sold my phone number?<\/p>\n
JEREMY MAGGS: Johan, why is this then such an effective crime in South Africa?<\/p>\n
JOHAN VAN GRAAN: It\u2019s because we are gullible. We give away our Pins and passwords. We want to invest. We enable the criminals to be able to get our personal information. And with our Rica Act (Regulation of Interception of Communications and Provision of Communication-Related Information), it\u2019s written at the moment for telecom networks, it\u2019s very difficult when a SIM swap is requested to validate that it\u2019s the actual customer, user, owner of that cell phone number who\u2019s doing the SIM swap.<\/p>\n
ADVERTISEMENT<\/p>\n
CONTINUE READING BELOW<\/p>\n
That\u2019s why I\u2019m advocating to change the Rica Act for biometric recognition to be included at time of registration.<\/p>\n
I propose facial recognition because that works in the banking sector for Fica (Financial Intelligence Centre Act). Then when a SIM swap does take place, the networks must use that facial recognition to validate the SIM swap.<\/p>\n
So this will stop the fraudulent SIM swap, and it should vastly reduce internet banking fraud, social media account takeover fraud. It won\u2019t stop it 100%, but it will reduce it.<\/p>\n
JEREMY MAGGS: How big a weakness, and I want to get to the facial recognition in just a moment, but how big a weakness is the current Rica process then? And why are existing checks not stopping criminals? Where\u2019s the flaw here?<\/p>\n
JOHAN VAN GRAAN: The flaw is, maybe if one can say the Rica Act is twofold, the interception portion with the previous changes a few years back on journalists and lawyers, it\u2019s most probably in the top five in the world. But the customer registration portion is in the bottom five in the world. What the act asks is, Mr customer, walk up to a Rica agent, the Rica agent looks at the ID presented, looks at your face. Freehand captured the name, the ID number or passport number and the address.<\/p>\n
There\u2019s no validation of the information. No copy of the IDs is kept. None of that information is kept.<\/p>\n
The networks have tried for postpaid customers because they do credit vetting they can get that information, and they use it and they are covered in using facial or other biometric recognition. But the big problem is that 80% of our customers in South Africa are prepaid, so there is no effective validation for when there is a SIM swap.<\/p>\n
ADVERTISEMENT:<\/p>\n
CONTINUE READING BELOW<\/p>\n
Listen\/read:
Telecom fraud wave: SA losing R5.3bn annually
SA telecom fraud soars: How to protect yourself
Vat notification or scam? Beware of your pop-ups<\/p>\n
JEREMY MAGGS: Johan, do you think biometric SIM registration would actually change the game or just make things a little bit harder?<\/p>\n
JOHAN VAN GRAAN: I think it\u2019s a total game changer. It\u2019s not that it will make it harder. It will definitely change it dramatically. The so-called pre-Rica SIMs most probably will disappear to a large extent. Specifically, if one also changed the act to say a South African ID may only have ten cell phone numbers, a passport number may only have one.<\/p>\n
The networks have the technology to enforce it, so pre-Rica SIMs will stop. Also, because the biometrics is needed at time of SIM swap, it will definitely, I would say 99% reduce SIM swap fraud.<\/p>\n
JEREMY MAGGS: Is the technology to do this already widely available?<\/p>\n
JOHAN VAN GRAAN: Yes, it\u2019s already widely available. Banks use it extensively, other people use it extensively, all the network operators use it for postpaid customers. In their apps they have self-Rica or Rica-a-friend, it works, it\u2019s there. The problem is that by law, you can\u2019t compel a customer to give a copy for a Rica registration specifically for prepaid.<\/p>\n
JEREMY MAGGS: Where do you think the logjam then is in implementing a system like this? Would it be with the regulator? Would it be with the networks themselves, or would there be customer pushback?<\/p>\n
JOHAN VAN GRAAN: I think it\u2019s with the regulator. When we were grey listed by the FATF (Financial Action Task Force), this was one of the instances that were identified. I was personally present in a meeting with the then Minister of Justice, Ronald Lamola, where he has asked the networks to come up with a solution. Through ECA (Electronic Communications Act) the networks have done it, it has proposed it to government.<\/p>\n
ADVERTISEMENT:<\/p>\n
CONTINUE READING BELOW<\/p>\n
I just think the logjam is that it\u2019s lying somewhere in the legislature change process. It\u2019s not important enough or there aren\u2019t people who can rewrite the act.<\/p>\n
The networks will welcome it, because I think it will reduce the so-called washing machine effect, where 60% of the prepaid SIM cards are recycled every year. There may be pushback from customers, but I think from the genuine normal customer, there won\u2019t be pushback.<\/p>\n
For instance, there are about 300 000 or 400 000 people every month whose phones get stolen. They want to get their life back. For them just to do a SIM swap, they go to a network operator or on a smartphone, via an app, you take a photo of the live person, and they\u2019ve done a SIM swap. They get their SIM back and their life back.<\/p>\n
JEREMY MAGGS: Just a final question, and a brief answer, the telecom operators themselves, is it unfair to say that they might be partly responsible for either leaving or not identifying this loophole open for so long?<\/p>\n
JOHAN VAN GRAAN: It\u2019s very difficult to say. I would say yes, the first ten, 15 years, most probably of the Rica Act that was promulgated in 2002, everything worked fine. But then with the digital economy that started, fraud has taken place. SIM swaps are the enabler. But then the operators can\u2019t change the act, can\u2019t force someone to hand over an ID, can\u2019t force compulsory SIM swap validation via biometrics.<\/p>\n
JEREMY MAGGS: Thank you very much indeed. Johan van Graan, telecoms security expert, the former chief risk officer at Vodacom.<\/p>\n
#weak #SIM #checks #enable #widespread #banking #social #media #fraud<\/p>\n","protected":false},"excerpt":{"rendered":"
You can also listen to this podcast on iono.fm\u00a0here. JEREMY MAGGS: South Africa is losing…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[2601,2300,5863,2210,397,5862,809,5861,5864],"_links":{"self":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts\/2504"}],"collection":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2504"}],"version-history":[{"count":0,"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts\/2504\/revisions"}],"wp:attachment":[{"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}