Sectors
Companies
About
Subscribe

Narrow ID theft escape

Nicola Mawson
By Nicola Mawson, Contributing journalist
Johannesburg, 07 Sept 2009

Police are investigating a case of theft, after a Vodacom subscriber recently discovered his SIM card had been blocked by an outside party.

This has led to concerns over the ready availability of personal information on the Internet, which can aid scammers in identity theft.

The subscriber suspects he was the intended victim of a scam after he tried to place a call from his cellphone and received a message saying his account had been blocked.

The reader, whose name is known to ITWeb, says Vodacom would not indicate who requested the card be blocked. The account-holder, the reader's employer, has requested an investigation and a copy of the call terminating the card.

Vodacom SA MD Shameel Joosub says, after investigating, it “appears that the call centre agent did not follow the correct procedure to verify the identity of the caller”. He says the person who requested the card be blocked used the actual subscriber's name.

“As this SIM card is owned by a corporate company, Vodacom immediately blocked the SIM card to ensure that no further calls could be made from the SIM card,” Joosub says. Vodacom unblocked the SIM card after receiving a written request from the corporate customer, and has extended its apologies for the inconvenience.

A larger fraud?

However, the subscriber says he still does not know the identity of the person who pretended to be him to block the card. He has approached the SA Police Service and Vodacom is co-operating with investigators.

He says the cellular network told him the person who blocked the card is likely to be a part of a larger syndicate, and is suspected to have called the network from a prepaid SIM card.

The Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA) requires that all SIM cards, sold from 1 August, be registered. The purchaser must provide an ID book and proof of residence before the card can be activated.

However, a recent ITWeb investigation revealed this does not always happen as it should, as cards can be bought and used without registration.

Joosub says the usual procedure to block a card is that the call centre agent will go through a list of questions to verify the identity of the caller as the owner of the SIM card.

This is not the first time this year that Vodacom has seen committed against its customers. In July, a Vodacom staff member was arrested on charges of fraudulently scamming R7 million from its clients by diverting one-time PIN SMSes. The staff member fraudulently created temporary dual SIM cards to divert the PINs from banks. The additional cards were then deleted.

It is not clear what action Vodacom will take against the call centre agent in this latest incident of alleged identity theft.

The procedure

MTN says the only way to fraudulently block a SIM card is if a caller knows all the personal details of the actual subscriber. When cancelling the card, the cellular operator has a five-point check.

MTN says the call centre agent will need the subscriber's identity number, banking details, residential and postal addresses, as well as the security password. MTN offers a security password facility that is used to verify the subscriber with the call centre agent.

“Even if a fraudster is aware of all the other personal details of a subscriber, they will not be able to transact on a subscriber account without the security password,” the cellular giant says.

At the moment, the check is only done on contract subscribers. However, once RICA is fully in force, the checks will be extended to prepaid users.

“In respect of prepaid subscribers, the customer services agent will request the subscriber's identity number and details of last airtime recharge and five calls made to verify that the caller is in fact the subscriber,” says MTN.

ITWeb also asked Autopage Cellular's call centre what steps needed to be taken to block a SIM card. The operator said information, such as the account number, type of contract, address and ID number is required. As a security precaution, the card is pinged to make sure that it is, in fact, not in use.

Easier and easier

Steven Ambrose, MD of World Wide Worx, says - assuming the incident was not a case of finger trouble by the call centre agent who may have blocked the wrong number by mistake - it would appear the subscriber was the intended victim of a scam.

Ambose notes that, if this is the case, the cancellation of the SIM card is probably linked to identity theft of some form, either through information freely available online, or postal theft. “To find that level of information on people is not that difficult... And technology is making it easier and easier.”

The subscriber says he never uses Internet caf'es and has certainly never fallen victim to a phishing scam. Fortunately, this incident was spotted with enough time to implement security measures, such as contacting the bank, he adds.

Related stories:
'Vodacom scammer' out on bail
Phishing scams migrate to mobile
Scam exposes SMS password danger

Share