SIM swaps responsible for 60% of South Africa’s $320m telecom fraud loss

Nearly 60% of South Africa’s $320.5 million (R5.3 billion) yearly loss in the telecoms sector is driven by SIM swap. This is according to former Vodacom Chief Risk Officer Johan Van Graan during an interview with a local radio station.

Van Graan noted that SIM swap fraud is the enabler that fraudsters use to intercept a one-time password (OTP) to control or take over a social media account.

SIM swap is a leading identity theft, mostly orchestrated by fraudsters to gain possession of people’s phone numbers. To a large extent, identity theft accounts for 63% of all digital financial crime in Africa, costing an estimated $4 billion annually. 

Sadly, Africa’s weak cybersecurity system makes it easier for fraudsters to take over people’s phone numbers, access their financial accounts and take over their identity.

According to Van Graan, the actual fraud takes place outside the telecoms network. It happens when fraudsters start making use of the phone number by logging in to banking applications and social media platforms. 

“The actual fraud is by accessing the internet banking where they have previously phished this PIN (personal identification number) and password of a customer, sending WhatsApp messages to say I need money,” he said. 

Also Read: Your new SIM could be someone else’s old number: Inside Nigeria’s risky SIM recycling system.

Loopholes in SIM swap

The telecom expert noted that most South Africans are careless and that they often expose their PINs and passwords. This helps bad actors access personal information or hijack their social media accounts.

Secondly, Van Graan noted that the current RICA Act (Regulation of Interception of Communications and Provision of Communication-Related Information), which also applies to the telecom industry, does not provide a means to verify the owner of a phone during a SIM swap request.

He added that the customer registration process ranks among the bottom five globally.

Van Graan hit the point here. And not only in South Africa, but the continent also leaves this critical loophole for exploitation. As explained in a Technext story, identity theft is as easy as doing a SIM registration for a lost SIM card. 

A fraudster easily obtains someone’s personal information, including name, ID number, and phone number, then walks into a mobile network operator’s store with a fake ID or even pays an employee to help. They claim you lost your SIM card and need a replacement.

The phone number is then transferred to a new SIM card, resulting in identity transfer. The fraudster gains the person’s financial identity, gets password reset links, and two-factor authentication codes.

Read More: The digital heist: Inside Africa’s $4B SIM swap and identity theft fraud crisis.

While providing a solution to the SIM swap issue, Van Graan said facial recognition should be introduced to SIM registration. This means that when a SIM swap takes place, the networks must use that facial recognition to validate the SIM swap and identity. 

He advised African regulators to embrace the change and bridge the gap where fraudsters have been largely feeding on.