The government of South Africa is considering a new law that would force the country’s mobile operators to collect a customer’s biometric data when activating a new number. The Independent Communications Authority of South Africa (ICASA) has already published the regulation in draft form, and will be welcoming comments from the public until May 11.
The legislation is being pushed in an effort to curtail SIM swap fraud, which was up 91 percent year-over-year in 2021 according to the South African Banking Risk Information Centre (SABRIC). Under the new law, mobile operators would not be able to grant SIM swap requests unless the biometrics of the person making the request matche the biometrics of the person linked to the account. As a result, cybercriminals would not be able to take control of someone’s mobile number even if they were to get their hands on their personal data.
Of course, mobile operators would not be able to carry out such a check if they didn’t have a biometric record on file. That’s why the new law would force them to pair a biometric identifier with a mobile number during the registration process. Mobile operators would need to keep that biometric record as long as the number remains active.
The law does come with certain privacy protections, and bars mobile operators from using customer biometrics for anything other than user authentication. It also does not require the use of any one modality, so operators would presumably be able to choose whether they want to use face, fingerprint, or iris recognition, or some other identifier.
ICASA noted that some smaller jurisdictions have already implemented similar biometric registration requirements, so there is some precedent for the new regulations. Operators would not need to collect individual biometrics for numbers assigned to corporations and other juristic entities.
South Africa’s Department of Home Affairs is trying to fight identity fraud with a similar policy that would mandate biometric data collection for every child born in the country. However, that proposal has received pushback from activists worried about privacy and corruption. China has required facial biometrics for mobile account registration since late 2019.