The big plan to tackle SIM-swap fraud and false charges in SA
The Independent Communications Authority of South Africa (Icasa) has released its report on number portability in South Africa, listing a number of proposed changes for mobile and fixed line transfers in South Africa.
The report tackles issues surrounding number portability in the country, including the strength and weaknesses of the current number portability framework, regulatory gaps in the market, the impact on the public, and what interventions need to take place.
Operators Cell C, Telkom, Neotel, Otel Telecoms, Switch Telecoms, Telkom and Vodacom all participated in the inquiry.
One of they key focuses of the report was on the topic of fraudulent port requests and “slamming” – the practice in which a subscriber’s telephone service is changed without their consent.
In April this year a number of unhappy banking clients instituted legal action against the banking ombudsman and a number of South African banks due to the manner in which they handle Internet fraud cases.
In 2016, only 22% of cases of Internet fraud in South Africa was ruled in favour of the customer, while the remaining 940 cases of Internet banking-related complaints went in favour of the banks.
According to the report, the banks and the ombudsman argue that where a PIN or a password is fraudulently obtained, the client must be responsible as they are the only persons privy to that information.
Fraud
Many stakeholders highlighted concerns with fraudulent port requests and slamming. They noted that it would be beneficial to confirm authorisation of the port by the subscriber as an additional step to the existing process.
This would involve a code being sent to the subscriber at the start of the porting process which can then be used for authorisation purposes.
It is important that the donor operator (company you are migrating from) does not send this message as the portability regulations specifically prohibit the donor operator from contacting the customer during the porting process.
The results from the public inquiry suggest that the current validation process for prepaid may be insufficient to guarantee that the port is effectively requested by the end-user.
Some mobile operators argued that the main disadvantage to the current number portability framework is that it can be used to facilitate fraud through unauthorised or illegal port requests, and that the regulations should be updated to include an additional step in the process.
What needs to happen
According to the report, the PIN-based mechanism must be implemented by the Number Portability Company (NPC).
This would require an amending of nearly all operator’s service systems to facilitate the change.
This implementation is likely to support both a SMS-based and an landline-based mechanism (for both mobile and fixed portability).
There will be changes to the central registry to support the process for generating a PIN and being able to validate this when a port request is initiated and new interfaces will be developed for sending/receiving SMS, and integrating landlines.
A specific technical committee will also be formed to discuss how the pin can be obtained, what the alternatives to SMS are, and the language of communication to be used.
The report noted that this would require a number of additional investments and licensed operators would also required to update their systems.