It has been established that the failure to use real time verification platform of the National Identifications Authority’s database during SIM registration is responsible for the data breach scandal unfolding.
Reports have emerged that fraudsters succeeded in using stolen Ghana Card data to register SIM cards denying the actual owners of such cards the opportunity to register their SIM cards.
Subscriber’s number fraudulently used to register 10 numbers
In one instance, the Ghana Card number of a subscriber has been used to register 10 numbers of other people, out of which seven are AirtelTigo numbers.
Pre-registered SIM Cards sold for GH¢10 and GH¢20
This confirms a market survey conducted by Consumer Protection Agency (CPA) which discovered that some individuals are selling SIM cards that have been pre-registered with the Ghana Cards of others at a cost of GH¢10 and GH¢20.
SIM database undermined
The unfolding saga compromises the purpose of the entire SIM registration exercise and renders it not credible.
Objective was to curb fraudulent activities
The Ghana card-SIM registration exercise is intended to build a SIM database with integrity to curb fraudulent activities and secure SIM card-based transactions while aiding the determination of accurate valid SIM cards across telecommunications networks at any point in time.
Aim is to synchronizing Ghana Card details with SIM registration
That is to synchronize the details on one’s Ghana Card with those used for the SIM registration to avoid the situation where some unscrupulous persons acquire a number SIM cards using different unverified details so they can avoid being found out when they perpetrate crime.
Stemming increasing incidents of fraud
The initiative is, therefore, meant to stem the increasing incidents of fraud using the phone and also to monitor and track down persons who will use their phones for all manner of criminal activities.
Identity theft exposed
However, the fraud and the theft of Ghana Card data and identity by some unscrupulous actors has exposed the weakness in the SIM registration process.
This rampant fraud and theft of Ghana Card data is apparently isolated and happening only in respect of SIM registration exercise.
This exposes the inherent weaknesses in the whole exercise supervised by the National Communications Authority (NCA) and the Ministry of Communications and Digitalisation.
NIA’s platform records 180m real time verifications
It is a fact that government user agencies and financial institutions have seamlessly being granted access to NIA’s database and to date the data shows that there have been over 180 million verifications done in real time with little or no hitches and no significant risk.
SIM card registration did not utilise real time verifications
The reason is simple. Whereas the other user agencies and financial institutions are doing real time verifications without any human intervention, the SIM card registration process is not incorporated with nor does it rely on real time instant verification using the NIA system.
Parallel and autonomous SIM card registration
Instead, it tried to build a parallel and autonomous system that just does not work compelling them to incorporate manual processes which include human intervention exposing it to the risk of fraud.
Every transaction linked to one biometric verifiable identity
Because the NIA platform is fully biometric (using face and finger prints), it ensures that every transaction is linked to one biometric verifiable identity and therefore any phone number linked to a Ghana Card must be confirmed by a person’s biometrics.
Zero risk of identity fraud
In this case, there is almost zero risk that a person’s SIM card data can be tagged with other numbers or his/her identity appropriated and used for illegal purposes.
In this way, it would be almost impossible for identity fraudsters to use the Ghana Cards of other people to register multiple SIM cards.
NIA empowered by law
In Ghana, the law allows only the NIA to establish a foundational national biometric register and to share such biometric data with user agencies under strict conditions (because of data protection and the high risk of identity theft).
One identity tied to one unique number
This is to ensure that all citizens and resident non-citizens have one identity tied to one unique number from birth to death.
NCA ignored NIA’s role
However, the NCA chose not to adopt this approach and embarked on the SIM registration exercise using a different system without any explanation.
Every individual with a phone who has a Ghana Card already has his or her biometrics captured by NIA and stored in the National Identity Register (NIR) connected to the Automated Biometric Identification System (ABIS), which stores and processes fingerprints, faces and iris.
Reducing fraud drastically
The NIA platform if deployed would verify and authenticate the data of all customers without human intervention or involvement in real time thereby reducing fraud drastically.
All financial transactions verified in real time
It is in that spirit that the Bank of Ghana (BoG) issued a directive mandating all financial transactions using only Ghana Card.
All banks, financial institutions use Ghana Card
Attestation of this fact is evident in the deployment of the Ghana Card by all 25 Universal banks in the country including a majority of financial institutions like susu operators and other credit institutions.
Secured link to NIA database
When verifying someone’s identity using the Ghana Card, the system checks with biometrics that are stored either directly on the card or through a secure link to the NIA database.
The system used to register the SIM cards on the other does not connect to the NIA database for real time biometric verification.
This constitutes an attempt to set up a parallel database using Ghana Card data and essentially duplicating work that has already been performed by NIA, the sole institution given that mandate by law.
If the rationale of the Ghana Card is to clean the national identity register by eliminating duplicate and individual databases then what is the point of the whole SIM registration exercise.
This is unnecessary not only because it is compromised but all because it has deep flaws that will undercut the very initiatives of the government in power.