What’s the news: Folks wanting to get a SIM replacement will now have to do a fresh KYC possibly with facial-based biometric authentication aside from thumb impression and iris-based authentication, as per a press release issued by the Union Ministry of Communications.
KYC reforms for individuals: As per the department press release, a subscriber has to now undertake complete KYC for the replacement of their SIM with a bar of 24 hours on outgoing & incoming SMS facilities.
“In addition to thumb impression and iris-based authentication in Aadhaar E-KYC process, facial based biometric authentication is also permitted,” said the Ministry.
Why it matters: The first time we heard of the telecom department gathering facial data was for the use of ASTR, a facial recognition system that allegedly ensures there is no duplication of SIMs. Aside from covering stories of how the use of ASTR hindered customer experience, MediaNama had also sent out RTIs to the government asking how this personal data was being handled and stored by the government. The government refused to reply claiming confidentiality of data. This means that we still don’t know what the government does with this facial data once the verification process is finished. The only silver lining this time is that it is made public that such data will be collected unlike in the case of ASTR.
Article continues below ⬇, you might also want to read:
- Why Is The Contract For Telecom Department’s Facial Recognition Service ASTR Confidential?
- After Haryana Police, Gujarat Officials Use ASTR To Catch Fake SIM-Card Holders
- How India’s Telecom Department Is Using Facial Recognition On SIM Card Data
- MediaNama Impact: Govt Confirms Using Facial Recognition On SIM Card Subscribers
- Explained: Why In The World Is India’s Telecom Department Using Facial Recognition On SIM Users?
Vaishnaw mum on individual KYC: The move for complete KYC of subscribers is part of two reforms announced by Communications Minister Ashwini Vaishnaw on August 17, 2023: KYC reforms and point-of-sale (PoS) registration reform. For the former, he talked at length about the need for verifying SIM card dealers and replacing bulk SIM card connections with “business connections.” However, news of permitting facial data for subscriber KYC was only mentioned in the press release.
What are business connections? Vaishnaw said the department will be discontinuing bulk SIM card connections to reduce the “20 percent misuse” of such SIMs given to companies or other entities for big events. Instead, he introduced business connections “for issuing of mobile connections to entities (for ex. company, organizations, trust, society, etc.) Entities can take any number of mobile connections subject to complete KYC of all of its end-users. SIM will be activated only after successful KYC of end users and physical verification of premise/address of the entity,” the press release said.
“Even in this business set-up, the one person to whom the SIMs are allocated will have to do his KYC,” said Vaishnaw in Hindi during the conference.
Police and biometric verification for SIM card dealers: According to the government, SIM card dealers have complicity in cyberfrauds. Vaishnaw claimed that the dealers do not carry out the verification that is legally required.
“They focus on selling the SIM by short-circuiting the verification process. To control this, we are making police verification and biometric verification mandatory for the dealer [by the licensee]. There will be compulsory registration of PoS dealers. By doing so, we will hold accountable anyone who sells SIM fraudulently or on the basis of fraudulent documents,” said Vaishnaw.
If a PoS indulges in any illegal activities, it will be terminated and blacklisted for three years. All existing PoS will be registered as per this process by Licensees within 12 months, said the Ministry. Further, dealers who fail to have their verification done will face a penalty of INR 10 lakh. He anticipated a significant reduction in SIM card-related cyber frauds over the next seven months or so.
How’s the government been doing in tackling cyber fraud?
As per the communications department, the government analysed around 114 crore active mobile connections using ‘Sanchar Saathi’ portal and ASTR tool and took the following actions:
- Detected over 66 lakh suspected mobile connections
- Disconnected more than 52 lakh mobile connections after failed re-verification
- Blacklisted over 67,000 PoS
- Blocked about 17,000 mobile handsets
- Registered more than 300 FIRs against over 1,700 PoS
- Blocked more than 66,000 WhatsApp accounts
- Froze about 8 lakh bank/wallet accounts used by fraudsters
Yet in June, North Delhi cyber police reported the arrest of three people who had acquired 18 SIMs from a fourth person. How is this possible if the government’s ASTR facial recognition mechanism is scanning every SIM that is issued to people?
MediaNama’s take: When the government went public with this system, it boasted that ASTR had great success in catching such scamsters in Haryana. What prevented it from doing the same here in Delhi? And a bigger question is—if ASTR can end up missing such scams then what is the point of using such an invasive technology as a preventive measure in the first place? At the very least, does this now at least justify that some aspects need to be made public – such as its functioning – to understand how ASTR acts as a useful tool for public safety?
STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!