South Africa Seeks to Reduce Number Port Fraud

African telcos are increasingly embroiled in arguments about ‘SIM swapping’, where a criminal takes over a user’s phone account in order to assume their identity and then commit some other fraud. The problem has become the subject of headlines in South Africa, leading their national comms regulator, the Independent Communications Authority of South Africa, to conduct a public enquiry into number portability. The related report highlights the concerns about criminal behavior:

The risk of fraud and slamming is a widespread concern. In South Africa, those risks have resulted in litigations between mobile operators and there seems to be a consensus among the mobile operators that the process can be improved.

Many stakeholders indicated concerns with fraudulent port requests and slamming. An additional step to the existing process would be beneficial to confirm authorisation of the port by the subscriber. This would involve a code being sent to the subscriber at the start of the portability process which can then be used to authorise the port.

However, there were some concerns that the middlemen in the number porting process also represented a security weakness, and at least one party challenged the widespread argument that the hijacking of phone accounts has become an enabler of bank fraud.

Some respondents questioned whether the NPC [Number Portability Company] is the best party to send the message as there may be security issues. One respondent disagreed strongly with this approach, arguing that the mobile portability is relatively untouched by fraud, and that there is a lack of empirical evidence that bank fraud is linked to an increased porting activity.

The regulator seems to be leaning towards the adoption of an extra stage in the porting process where customers receive an additional code which they use to confirm their port request is genuine. You can read the enquiry report here.

Eric Priezkalns
Eric Priezkalns

Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.

Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar’s National Committee for Internet Safety and the first leader of the TM Forum’s Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.

Commsrisk is edited by Eric. Look here for more about Eric’s history as editor.