South Africa Seeks to Reduce Number Port Fraud

African telcos are increasingly embroiled in arguments about ‘SIM swapping’, where a criminal takes over a user’s phone account in order to assume their identity and then commit some other fraud. The problem has become the subject of headlines in South Africa, leading their national comms regulator, the Independent Communications Authority of South Africa, to conduct a public enquiry into number portability. The related report highlights the concerns about criminal behavior:

The risk of fraud and slamming is a widespread concern. In South Africa, those risks have resulted in litigations between mobile operators and there seems to be a consensus among the mobile operators that the process can be improved.

Many stakeholders indicated concerns with fraudulent port requests and slamming. An additional step to the existing process would be beneficial to confirm authorisation of the port by the subscriber. This would involve a code being sent to the subscriber at the start of the portability process which can then be used to authorise the port.

However, there were some concerns that the middlemen in the number porting process also represented a security weakness, and at least one party challenged the widespread argument that the hijacking of phone accounts has become an enabler of bank fraud.

Some respondents questioned whether the NPC [Number Portability Company] is the best party to send the message as there may be security issues. One respondent disagreed strongly with this approach, arguing that the mobile portability is relatively untouched by fraud, and that there is a lack of empirical evidence that bank fraud is linked to an increased porting activity.

The regulator seems to be leaning towards the adoption of an extra stage in the porting process where customers receive an additional code which they use to confirm their port request is genuine. You can read the enquiry report here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Director of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.