Registering of SIM phone information provides another powerful data point for improving security and decreasing friction
What makes you unique? In terms of identification, we can start with the obvious, your name and date of birth. We can add in data about your life such as address, and in the US, a Social Security Number (or in Canada SIN, or other countries, a National ID number).
Another, newer, ID data point is your mobile number. While traditional phone numbers have long been used in the ID process, mobile numbers seem to be more guarded by the public; as the phone is always with them, there’s a reluctance to share that information.
The uniqueness of your mobile number, along with its personal nature, makes it another excellent piece of PII (personally identifiable information) data to use in identity checks. As Stephen Ufford, CEO and Founder of Trulioo noted during his segment on One World Identity’s State of Identity podcast, “the power of mobile information can fuel the next generation of online experiences – opening accounts, sending money, and setting up merchant, bank or peer to peer accounts. There’s so much power in mobile; it’s an extension of us these days.”
Adding unique data identifiers makes it more difficult for fraudsters, terrorists and other criminals to falsify your identity record. Thus, it makes sense for governments to legislate other data points to add strength to Know Your Customer (KYC) requirements.
Another piece of data that is unique to you, and is hard for hackers to get hold off, is your phone SIM (subscriber identity module) information. A little transferable chip, the SIM identifies and authenticates you to a mobile network and securely contains an IMSI number (international mobile subscriber identity) and its related key.
To reduce fraud and other crimes, governments around the world are increasingly requiring SIM registration, connecting the SIM information to a person. Approximately 90 countries already require SIM registration for prepaid plans; anonymous “burner” phones are, in effect, illegal in those jurisdictions.
There are practical concerns with implementing SIM registrations that require careful consideration. While reducing fraud and more serious national security concerns are always laudable, privacy and fair access are critical components in creating a workable SIM registration policy.
Privacy and Access
For any opponent of “big brother” type, surveillance state control, providing the state with personal communication device data is worrisome. Who can access the data, under what circumstances? As with any good personally identifiable information policy, collect only the information that is absolutely necessary. Ensure that an effective data policy is in place and is communicated to users, so they know how their information is used. It’s in the interests of citizens, governments and telecom providers to have policies that are clear, and have legal protections in place, before any registrations.
In regards to fair access, policies that take into account the identification realities of the population are paramount. For example, many countries don’t currently have an effective national database of users, so requiring accurate identification from people who don’t have proper ID is problematic. If you can’t get a phone, because you don’t have ID, it presents a huge obstacle for financial inclusion. Perhaps getting the phone will help get ID?
ID Platform
In any case, a SIM registration plan needs to be in sync with a countries identification system or plans. The best-placed countries for SIM registration are those that already have a full national ID system in place, with wide distribution and biometric registration. Such a system makes it easy for consumers to sign up as they have the necessary ID and difficult to falsify, as the ID is secure.
Countries that do not have biometric ID capabilities fully implemented require a trustworthy verification system. Often, this is presenting the physical documents and manual checking, which is time-consuming, costly and has a potential for corruption by staff. An alternative solution that automates the process, keeps better records, and is less susceptible to compromising intervention is to use an online electronic identity verification (eIDV) platform, such as Trulioo.
Know Your Customer
An interesting parallel can be made between SIM registration for Telcos and KYC compliance for financial institutions (FIs). Both are government regulations that require effective identification of customers, proper record keeping and are in place to reduce fraud, national security concerns and other crimes. Both are considered a cost by the companies; they are legally required to provide the information, it’s a potential burden to customers to comply and can cause delays, lost business and mountains of additional paperwork.
Just as forward-thinking FIs are adopting eIDV, Telcos can benefit from implementing similar technology. They can speed the application process, cut paperwork and record-keeping and ensure they are in compliance with a lot less effort and cost.
For FIs, SIM registration can provide another powerful ID tool to improve their KYC performance. It provides a powerful data set to include in any KYC system, especially, in places with a national ID system that includes biometrics. Of course, to take full advantage of the capabilities, the KYC system must be digital and have proper security and record-keeping in place.
For other jurisdictions, SIM registration can still provide another important piece of multi-part authentication. SIM offers a unique, highly secure identifiable data point. Even if not legally required, a voluntary program of collecting SIM information can provide a smoother onboarding customer experience and protect against fraud; many consumers will gladly provide the data to improve their data security.
There’s even an opportunity to leverage that secure data. Improving ID verification and authentication enables a whole new world of mobile commerce opportunities. Enabling an effective SIM registration program provides another step towards a frictionless, secure new economy with significant benefits to consumers, governments and businesses.
Solutions
Regulatory Compliance
Optimize Identity Verification for Regulatory Compliance
Featured Blog Posts
Individual Verification (KYC)
KYC: 3 Steps to Achieving Know Your Customer ComplianceBusiness Verification (KYB)
Enhanced Due Diligence Procedures for High-Risk CustomersIdentity Verification
Proof of Address — Quickly and Accurately Verify AddressesIndividual Verification (KYC)
Top 10 Questions About Beneficial Ownership for AML/KYC ComplianceBusiness Verification (KYB)
How to Verify Legitimate Businesses and MerchantsIndividual Verification (KYC)
Customer Due Diligence Checklist — Five Steps to Improve Your CDD