An audit of the databases of the country’s telcos by the industry regulator Communications Authority of Kenya (CA) has revealed that the mobile network operators (MNOs) are not conforming with the SIM card registration regulations.
The audit, whose findings were released recently, revealed that even though all the MNOs – that is Safaricom, Telkom, Airtel and Equitel – had their data access security policies in place, “there were a number of non-conformities with the SIM card registration regulations,” adding that “in cases where subscribers used passports as a form of identification, various anomalies were noted, especially in the numerical length of the Kenyan passports.”
(TOP: An assortment of SIM cards, laptops and other equipment found with suspected SIM card fraudsters who’re busted DCI officers).
In a statement, CA said that according to the findings, it was evident that operators are not in control of the agents, noting that this was due to weak controls in management of SIM sales agents.
“In most cases, a dangerous trend was noted where the MNO databases had records which appeared to have been populated from other secondary sources. Other SIM cards were found to have multiple registrations with different identity details, with potential use for criminal purposes,” said Francis Wangusi, the Director General of CA.
“On overall, the audit showed that the data in the subscriber databases of the MNOs was incomplete and inaccurate, pointing to the need for a verification system to help enhance authenticity of the data. It was also noted that the agreements between the operators and agents are purely commercial and do not place any obligations on the agents with respect to adherence to the SIM card regulations… This is a dangerous trend that jeopardises the security of citizens in the country and must therefore stop.”
The just-concluded audit was a follow-up to a process that began with the CA issuing an update on the status of adherence to the Kenya Information and Communications (Registration of SIM-Cards) Regulations, 2015, which require Mobile Network Operators (MNOs) to register all SIM-cards prior to activation.
The update was informed by CA’s concern over reports of rampant hawking of SIM cards, which is a contravention of the law. The regulator, at the time, directed mobile operators to suspend, with immediate effect, all SIM cards whose registration status was not in compliance with the SIM card registration Regulations.
Despite the directive, CA continued receiving reports, which were also corroborated by law enforcement agencies, that there were still some unregistered SIM cards that were still active on the mobile networks. These reports were contrary to returns from the telcos that claimed total compliance with the SIM card registration obligations.
In light of the gravity of this matter, the Authority subsequently undertook an exercise to verify the extent to which the operators had adhered to the SIM card regulations. This included market surveillance and forensic audit of the operator data.
The market surveillance revealed that a number of agents do not request for identification documents at the point of purchase of the SIM cards. There is also little or no verification of the identities of SIM card buyers vis a vis the documents they have presented. It was further noted that hawking of SIM cards was still rampant, and in some cases, the agents were also charging buyers an additional fee for registration.
In light of the above findings, the CA in partnership with other relevant government agencies, undertook a forensic audit on subscriber registration by the MNOs, which found that some SIM cards had multiple registrations with different identity details, with potential use for criminal purposes.
Due to these anomalies, the regulator has now directed the MNOs to put in place certain measures to ensure that SIM registration regulations are adhered to:
- To review their respective subscriber registration databases and confirm that SIM cards that are unregistered, partly registered, improperly/un-procedurally registered, fraudulently registered, and SIM cards with multiple ownerships are immediately switched-off and no longer reside on their network going forward from their networks. Failure to which immediate regulatory action shall be instituted in line with the law.
- To ensure agents verify identification documents with the Integrated Population Registration System (IPRS) when subscribers present them at the time of registration.
- To submit to the Authority, details of agents and sub-agents that deal in sales and subscriber registration on their behalf. The details required include the company registration details, number of outlets and locations in which they operate, duration in which such agents have been in operation, contacts details, ownership details, among others.
Going forward, CA plans to undertake a further audit to ascertain compliance with these directives after three months. The regulator has also initiated discussions with the Ministry of Interior and Coordination of National Government on possibility of accessing the Personal Identification Secure Comparison and Evaluation System (PISCES) for online verification of passport details.
“I wish to once again remind all Kenyans that SIM-card Registration Regulations outlawed the hawking of SIM cards. Hawking SIM cards is an offence that attracts a fine of up to Kshs 500,000 or 12 months imprisonment or both. In addition, subscribers must appear in person and provide correct information. Providing incorrect information is an offence that attracts a fine Kshs 100,000 or imprisonment for six months or both,” stated Wangusi.