As mobile phone usage grows, as witnessed by the number of active mobile subscriptions in Kenya, now posited at over 71.4 million as of December 2024, the telecommunication sector suffers the pressure of increased challenges in terms of safeguarding user data and fraud prevention. One of the biggest threats is SIM swap fraud, which is an illegal act of cybercrime whereby fraudsters access the mobile number of a victim to access private incoming and outgoing calls or messages and, in some cases, siphon money from the victim’s financial accounts.
The Rise of SIM Swap Fraud
SIM swap fraud occurs when cybercriminals deceive mobile carriers into transferring a victim’s phone number to a SIM card they control. Once the fraudsters have access to the victim’s phone number, they can intercept calls, SMS messages, and One-Time Passwords (OTPs) used for two-factor authentication. This gives them unauthorized access to banking apps, social media accounts, and even mobile money services like M-Pesa.
In Kenya, mobile money services have experienced rapid adoption over the years, which has translated to a great number of mobile money subscriptions that recently exceeded 40 million users. As a result of the rapid growth of mobile money transactions, the concern with SIM swap fraud has emerged, with hackers exploiting loopholes in the process of SIM card transfer for eavesdropping, fund transfer, and data theft.
The Role of Safaricom in Tackling SIM Swap Fraud
Safaricom, the biggest mobile operator in Kenya, handles nearly 28,000 requests for SIM swaps daily. And with that number of requests, Safaricom has reported impressive declines in fraud incidents. As per recent records, a mere 40 fraud cases happen for every 750,000 SIM swaps, showing improved safety within the company.
In a related development, Safaricom has introduced USIM protection services that allow a client to prevent his or her mobile number from being ported to any other SIM card. This method will enable customers to become more protected from SIM swap fraud, which is now more sophisticated as fraudsters innovate new ways.
The Role of the Office of the Data Protection Commissioner (ODPC)
Kenya’s Office of the Data Protection Commissioner (ODPC) plays a crucial role in protecting personal data within the telecommunications industry. It ensures compliance with the provisions of the Data Protection Act by mandating organizations and companies to adopt clearly defined guidelines in the collection, storage, and processing of personal data.
In this regard, the ODPC announced various determinations in 2024, which would set the stage for addressing safety concerns on personal data handling through mobile services. The determination aims to address issues of data breach, enforcement of personal data security, and mitigation of possible exposures of Kenyans to misuse of their mobile data. It adds that as the ODPC strengthens the regulatory framework in place, public trust will be built in mobile services, and telecom companies will be persuaded toward better security.
Why SIM Card Security Matters More Than Ever
Although mobile subscriptions have now soared to new heights and smartphone penetration surpassing 80%, Kenyan mobile security is becoming increasingly contentious. Experts have advised numerous measures to improve SIM card security and mitigate against SIM swap fraud.
- User Awareness: Customers need to have awareness about SIM swap fraud and be educated on the requirements for securing mobile accounts beyond accepting PINs or passwords.
- Establish Secure Authentication Methods: Telecommunication companies must design and implement these multi-factor authentication (MFA) access methods to replace the more vulnerable alternative of using SMS-based one-time passwords:
- Provide Stronger Regulatory Enforcement: An increase in efforts by ODPC and all other related regulators to ensure enforcement of data protection laws will make sure that telecom companies take into account security in whatever they do.
The Road Ahead
It is very important that all stakeholders, from telecoms such as Safaricom to ODPC and, of course, the mobile subscriber, come together and try to strengthen security in the mobile ecosystem within Kenya as it continues to move towards progressive development. SIM swap fraud is still a real challenge, but all these concerted efforts by the authorities to improve their fraud detection systems, educate their users, and enforce data protection regulations will go a long way in mitigating or containing such risks to safeguard Kenya’s mobile communications infrastructure.
Mobile subscriptions would most likely still continue to increase in the coming years; hence, improving telecommunication security and data protection in Kenya will be of great importance to keeping the digital economy safe.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
