African telcos are increasingly embroiled in arguments about ‘SIM swapping’, where a criminal takes over a user’s phone account in order to assume their identity and then commit some other fraud. The problem has become the subject of headlines in South Africa, leading their national comms regulator, the Independent Communications Authority of South Africa, to conduct a public enquiry into number portability. The related report highlights the concerns about criminal behavior:
The risk of fraud and slamming is a widespread concern. In South Africa, those risks have resulted in litigations between mobile operators and there seems to be a consensus among the mobile operators that the process can be improved.
Many stakeholders indicated concerns with fraudulent port requests and slamming. An additional step to the existing process would be beneficial to confirm authorisation of the port by the subscriber. This would involve a code being sent to the subscriber at the start of the portability process which can then be used to authorise the port.
However, there were some concerns that the middlemen in the number porting process also represented a security weakness, and at least one party challenged the widespread argument that the hijacking of phone accounts has become an enabler of bank fraud.
Some respondents questioned whether the NPC [Number Portability Company] is the best party to send the message as there may be security issues. One respondent disagreed strongly with this approach, arguing that the mobile portability is relatively untouched by fraud, and that there is a lack of empirical evidence that bank fraud is linked to an increased porting activity.
The regulator seems to be leaning towards the adoption of an extra stage in the porting process where customers receive an additional code which they use to confirm their port request is genuine. You can read the enquiry report here.