Opinions of Tuesday, 21 November 2017

Columnist: Owusu Nyarko-Boateng

SIM Registration: Fraud prevention mechanism in mobile communication space in Ghana

The SIM registration exercise is aimed primarily to reduce mobile phone related crimes The SIM registration exercise is aimed primarily to reduce mobile phone related crimes

SIM stands for Subscriber Identity Module. SIM card registration is the process of recording and verifying mobile phone number(s) and personal information of a subscriber, by a communications service provider. Such information includes the subscriber’s photograph, name, date of birth, gender, residential address and other details of valid identification documents.

The SIM registration exercise is aimed primarily to reduce mobile phone related crimes such as prank calls, cyber-crime, kidnapping, mobile money fraud and its related issues and general security matter. It is also intended to help the law enforcement agencies to identify the SIM card owners, track criminals who use phones for illegal activities, curb incidents such as phone theft, hate text messages, mobile fraud activities, inciting violence and probably to help Telcos know their subscribers better. The registration exercise further helps to combat crime such as SIM Box fraud because no one can use fake names for SIM registration. The exercise also enables subscribers to be identified as they use value added services such as mobile banking, mobile money, and electronic payments for services.

Due to this crucial nature of SIM registration and its security implications, the process of getting SIM registered must be done properly and checked to avoid inconsistencies and fake subscriber identity. SIM cards must contain valid user identity in conformity to the national identification standards as enshrined in the L.I. 2006, the subscriber identity module registration regulation of Ghana in 2011.

Fake SIM Registration

It was observed in the last nationwide SIM registration exercise in 2011 that some of the agents of the Telcos who operated in most parts of the country, connived with fraudsters and allowed them to register SIMs with fake ID card numbers. These agents mostly did not demand picture IDs before registration and even if they did, the ID numbers the subscribers provided were not easily verifiable so the Telcos found it extremely difficult to prevent the fake SIM registration.

Fake SIM registration is a recipe for disaster in the mobile communications ecosystem because bad people usually use such fraudulent act to perpetrate criminal activities on the mobile communication space. Security agencies such as criminal investigations department (CID) cyber security unit mostly find it difficult to investigate crime committed with fake registered SIM and its related offenses. For instance, Mobile money fraud and scratch card theft is on the ascendency in Ghana, but the security agencies mandated to handle such crime have no clue where to begin the investigations from because the SIM used by these criminals were registered with fake information. This has made it extremely difficult for the security agencies especially Ghana Police Service to combat crime involving mobile devices.

Pre-registered SIM is also another issue which exposed the subscriber to several unforeseen inconveniences. Pre-registered SIM is when agents of Telcos intentionally use fake information to register SIM cards, activate the services on the SIM and sell to unsuspecting subscribers. The danger here is that, in case of SIM loss, subscribers are required to prove their identity which usually does not match with the pre-registered SIM information.

Urgent need for New SIM Registration in Ghana

Proper modalities must be put in place before new SIM registration exercise begins in Ghana. The past experience of SIM registration has not been a good one, so the nation must prepare itself adequately before the commencement of such exercise. The implementation of national digital addressing system and the national identification card (NID) must be properly integrated into the new exercise. Every SIM registration must be done strictly by the use of NID number; this has to be verified and approved by National Communications Authority (NCA) before Telco’s could finalize the SIM registration. This obviously will be an added security feature for the entire process to ensure Telcos conduct proper SIM registration in Ghana as it has been done elsewhere in Africa.

The role of NCA and Check Mechanism

NCA as an authorized body which monitors and regulates the operations of the Telcos in Ghana must ensure the Telcos implement proper registration standards. The authority could also directly get involved in the SIM registration process in Ghana should government request such an exercise to be carried out.NCA in consultation with the Telcos must create Unstructured Supplementary Service Data (USSD) protocol which will enable new users access the facility by texting their NID number to a short code for verification and authorization. In order to check malicious people from using others NID to register, NCA must have the sole responsibility to implement certain authentication mechanism to verify new users. This new SIM registration process will prevent fake SIM registration and make things difficult for fraudsters to carry out any criminal activity like SIM Box and mobile money fraud. NCA involvement in the new SIM registration will enable the authority have:

i. Statistics of registered subscribers on real time basis.

ii. A determining index to derive the market share of the Telcos easily.

iii. A real time information on the progress of SIM registration

iv. The mechanism to check and prevent the use of pre-registered SIM cards

v. Prevent registration with fake bio-data

The Telcos must ensure that subscribers’ privacy is protected at all times. The situation where Telcos release subscriber details to third party companies must be addressed by NCA. NCA must also ensure that any Telco that releases information of its subscriber to a third-party marketing organization shall receive some form of stern punishment and the subscribers involved compensated appropriately. The introduction of punitive measures will deter the networks from releasing such data. Until this is done, Telcos will not enforce policies which protect subscriber data. A mix of punitive and reward actions can be applied to Telcos that either flout or enforce their privacy policies. This will go in a long way to sanitize the system.