SIM swap fraud in SA is rife - with up to 50 cases a month being reported to the country's largest mobile network - but operators are not held liable for any ensuing financial loss incurred by customers.
A long-standing crime, the scourge of illegal SIM swaps was highlighted again recently by reports of a customer who lost R97 000, after visiting his service provider for a routine SIM swap.
SIM card swap fraud occurs when criminals obtain and utilise a replacement SIM card to acquire security messages and one-time passwords (OTP) sent to a customer by the bank. Using the OTP, criminals are able to change, add beneficiaries and transfer money out of the victim's account.
Despite the widespread nature of the crime, however, recourse for victims is minimal as operators say they cannot be held liable.
MTN says the belief that mobile network operators are liable in these cases is "misplaced".
Eddie Moyce, chief customer experience officer at MTN, says when it comes to fraud committed on customers' bank accounts, operators are not liable. "This is based on the fact that in order to commit fraud on a customer's bank account, a fraudster must have a customer's bank card/account number, Internet banking PIN and password.
"Our courts have already held that a SIM swap does not in itself enable a fraudster to commit fraud on a customer's bank account."
Moyce says only through banks' initiatives to educate customers of the importance of protecting their bank account details, can fraud to customers' bank accounts be prevented or mitigated.
Operator incidents
Vodacom, SA's largest network operator with a customer base of 30.6 million, says out of its current average of over 200 000 legitimate SIM swaps carried out each month, the total number of SIM swap fraud cases is around 50.
"If compared to the current average of legitimate SIM swaps performed per month, the impact may seem negligible, but we take any type of fraud that occurs on our network seriously, which is why we do all we can to prevent this type of fraud," says the company.
Vodacom notes that identity theft is a precursor to Internet banking fraud. "SIM swap on its own cannot result in loss of funds through Internet banking fraud. So it's very important for customers to protect themselves from identity theft. The most common method of identity theft is intercepting personal information shared via the Internet."
As far as the SIM swap fraud itself goes, says Vodacom, fraudsters operate in organised crime syndicates to obtain the victim's personal information required to carry out Internet banking fraud. "Once the syndicate has obtained the victim's personal information, they contact the network operator posing as the customer and request a SIM swap. This SIM swap will ensure that when the Internet banking fraud takes place, the OTP is sent to the fraudster, who can then transact on the victim's bank account."
MTN was reluctant to divulge numbers regarding the incidence of SIM swap fraud, saying it "occasionally, just like other mobile network operators in the telecommunications industry, is faced with SIM swap fraud".
Moyce says MTN is doing its best, alone and in conjunction with the South African Police Service (SAPS), to investigate such fraud. "MTN is also continuously beefing up its security systems to proactively prevent such fraud."
Like Vodacom, Cell C acknowledges that SIM swap fraud is a considerable problem, saying "this type of crime is rampant and it has become increasingly important for people to be cautious when receiving requests for personal information".
Karin Fourie, Cell C executive head of communications, says in the last three months, "hundreds of thousands of SIM swaps" took place on Cell C's network. Only 0.01% of these, she says, were reported as fraudulent.
Fourie mirrors the sentiment of fellow operators, saying the companies do their best to protect customers from fraudulent SIM swaps. "However, fraudulent SIM swaps do occasionally happen, despite our best efforts."
Telkom Mobile says no incidents of SIM swap fraud have been reported to the company so far. "Telkom has an in-store verification process. SIM swaps are monitored and a SIM which has gone through a SIM swap cannot be used again until a SIM is recycled. The process can only be done by a few individuals in the company and is closely monitored."
Mitigating fraud
The operators have said they have various measures in place to prevent SIM swap fraud and subsequent theft from taking place inasmuch as it is in their control. The SAPS, they say, is also involved in concerted efforts to curb the problem.
Vodacom has recently implemented a PIN authentication service where customers create a personalised five-digit PIN that is used as authentication when they call the call centre to activate a new service request. This, says the operator, is in addition to internal measures, which cannot be disclosed for security reasons.
Cell C says it has a "zero tolerance" approach and takes SIM fraud seriously. "We are working closely with the SAPS and the banks to curb the problem. We cannot detail any of the measures put in place to prevent SIM swaps for security reasons."
Telkom Mobile notes: ""SIM swaps can only happen in store. However, fraudulent SIM swaps are mitigated as customers have to be verified by providing a proof of ID."
While operators are avoiding full accountability for theft resulting from SIM swap fraud, Ovum analyst Richard Hurst says network operators will have to move to ensure their customers' details are safe and that measures - such as monitoring of call records - are in place to check for anomalies.
"Also, the operators will have to crack down on these activities among their staff and send a strong message that this sort of activity will not be tolerated and that the penalties will be harsh [for example] dismissal or criminal proceedings."
Share