Regular readers of Commsrisk will be conscious of the surge of anti-scam activity in South Korea, as prompted by security scandals involving the country’s largest mobile operators. The anxiety of the public has also been heightened by gruesome stories about the kidnapping and brutalization of Koreans forced to work in Cambodian scam compounds. A flurry of consumer protection initiatives in recent years have involved such diverse tactics as an amnesty for scammers who became police informants, the recruiting of staff to work in a national 24/7/365 telco-banking scam response center that can block suspicious phone numbers within 10 minutes, and the installation of AI software on handsets that listens to calls and interrupts any suspected scams. But perhaps the most effective controls are those which prevent criminals obtaining access to communications services in the first place. The Ministry of Science and ICT announced on Friday the beginning of trials of facial recognition technology for customers of new mobile lines with the intention that facial recognition will be required for any new SIM issued from March 23, 2026.
An ID card will be required when obtaining a new mobile service, replacing a SIM, transferring a phone number, or when the customer has changed their own name. Consumers will also need to show their ID when switching to a new mobile phone; South Korea has already taken the unusual step of binding each handset to its SIM as a security measure. The ID will need to be presented whether the request is made online or in-store. The photograph shown on the ID card will be compared to the data held by the agency which issues that type of ID. Technology will also be used to compare the photograph on the ID card to the face of the user in real time. Using facial recognition to verify a customer’s identity will improve enforcement of existing limits on how many SIMs can be obtained by Koreans and tourists. The new know-your-customer (KYC) checks will make it harder for criminals to impersonate somebody else by stealing or forging an identity. The impact of data breaches will be mitigated because any personal data stolen by hackers will be of less value to criminals.
The new facial recognition system builds upon the existing PASS identity app run by South Korea’s three largest operators: SK Telecom, Korea Telecom and LG U+. Koreans already use PASS to authenticate themselves in hospitals, to financial service providers and during elections. Prior to March 23, the technology will be used on a trial basis with fallbacks available if the facial recognition technology fails. The schedule for the rollout envisages 76 percent of South Korea’s MNOs and MVNOs will already be using facial recognition by the end of 2025, rising to 94 percent by the end of January 2026. Little has been said about how the new rules will affect visitors to South Korea. Holders of a foreign resident ID card will not be able to use the facial recognition technology until the second half of 2026.
The use of biometrics to control who has access to phone services is not a new idea although the discovery of these practices often shocks Westerners with no experience of the rest of the world. 9 years have passed since I casually commented on Pakistan recording the fingerprints of every mobile phone user as part of an article that discussed the pros and cons of biometrics. Hard decisions need to be made about KYC controls in every country. This can involve an uncomfortable debate about biometrics.
Authorities in countries like the USA maintain the pretense of being world leaders in fighting crime by simply ignoring the KYC enhancements that have been introduced elsewhere. I am not suggesting that every country must use facial recognition to limit how many phone numbers a person can acquire, but biometrics undoubtedly make it harder to bypass KYC controls. With the scale of crime as it now is, it is valid to question the adequacy of KYC checks. If national authorities choose not to impose biometrics then it is worth asking how they otherwise intend to prevent criminals obtaining access to phone services. Waiting for crimes to occur and then tracing them back to their origins will never be an adequate strategy, especially if this shows that the true identity of the criminal remains unknown. The use of facial recognition in South Korea may set a precedent that other countries will have to follow if they cannot find alternative ways to tighten their KYC controls.
The South Korean Ministry of Science and ICT press release announcing the mandatory use of facial recognition can be found here.
