Why Safaricom could have been helpless in regards to Sammy’s SIM Swap saga
A Kenyan on Twitter calling himself Sammy tweeted a thread in which he claimed that despite informing Safaricom of an intended fraudulent activity on his Safaricom number, Safaricom did not do anything to prevent the fraud from going through, as, hours later, an unknown individual was able to perform a SIM Swap on the number. “Dear @bobcollymore, I am a Safaricom customer with Tel No. 07213***73. I am a victim of a scam that happened to me yesterday. I got a call and I quickly realised that this is one of the cons and I disconnected the call without sharing any information. Thread…”, Sammy started his thread.
In the evening at 7:25pm, I got another SMS telling me my number is being swapped. I immediately contacted @Safaricom_Care . As I was engaging them on Twitter, my line went dead. I called them immediately to have the line blocked which they did.
— Sammy (@sammy_ynwa) July 16, 2018
Later, and in the same thread, Sammy linked to a Daily Nation article narrating the story of a former banker Mr Stanley Wanjiku who lost up to Kshs 1.9 million due to a SIM Swap. The Daily Nation article aptly titled Fraudsters devise new ways to swap SIM cards also mentions Sammy’s case and of a few other Kenyans, some of whom have had their numbers used to borrow loans to the tune of Kshs 9,600.
Sammy’s and these other cases demonstrate how Safaricom and the banks are helpless when it comes to preventing SIM Swap, and this is because what’s required for an effective SIM swap is rather simple – the phone number, the subscriber’s national ID number, and the original PIN. Anyone with those details can easily perform a SIM swap through any registered agent.
For example, Sammy could have had his wallet lost – and in the wallet, there was his number on some card/paper, his ID, and of course the SIM container (that card that has the two PIN numbers and the two PUK numbers). If that were the case, and since Safaricom’s SIM swap policy allows for anyone with the aforementioned details to request a SIM swap, it is easy to see why Safaricom could have been helpless in preventing the SIM swap from going through.
The Daily Nation article reports that cases of stolen identities through SIM swap have been on the rise since the last half of 2017. With these cases on the rise, it is time Safaricom, the banks, and other telcos relooked into their customer identification and SIM swap policies and put in place safeguards that ensure only the duly registered subscribers are the only ones who can perform SIM swaps and changes to bank details.
In the last few years, I have championed for automation of customer identification services, particularly taking on Equity Bank for refusing to implement policies that would allow for remote identification of their customers in a similar fashion that Safaricom does. In the wake of SIM swap saga though, I want to have a change of mind and call on Safaricom to put to a stop the remote customer identification – so that services such as SIM Swap can only be done through registered agents – and a SIM Swap form on which the subscriber must sign is filled.