SIM card fraud major hurdle for cybercrime police, reveals ISB study

By Team Marcomm Jul 29, 2024

The study recommends robust identity verification and a multi-layered approach including online methods and customer education to combat SIM subscription fraud

A recent study titled ‘Telecom SIM Subscription Frauds: Global Policy Trends, Risk Assessments and Recommendations’ by the ISB Institute of Data Science (IIDS) has revealed that SIM card fraud is a significant obstacle for cybercrime police. The report addresses and proposes solutions to mitigate SIM card subscription fraud.

Subscription fraud occurs when a fraudster uses a stolen or synthetic identity to obtain telecom services and utilises it to commit cyber fraud. The study cites that the subscription or identity fraud constitutes 35% to 40% of all fraud experienced by the telecoms industry globally, resulting in an estimated €40 billion/INR 3,600 billion annual loss for the telecom industry.

In collaboration with the Telangana State Police’s Centre of Excellence for Cyber Security and Telangana Cyber Security Bureau, the study has been co-authored by Prof Manish Gangwar and Shruti Mantri of the ISB Institute of Data Science (IIDS), along with Stephen Raveendra, IPS, Additional Director General of Police, Operations (GreyHounds and Octopus), Telangana and Kalmeshwar Shingenavar, IPS, Commissioner of Police, Nizamabad District, Telangana.

The study utilised subscriber data from Customer Acquisition Forms (CAFs) stored across all telecom service providers. The Cyberabad Police Commissionerate obtained 1,600 CAFs from various police stations across Hyderabad and Telangana. For real-time analysis, the data from these PDF-format CAFs was extracted using AI models. An extensive analysis of SIM registration policies in 160 countries was conducted to benchmark global best practices, offering valuable insights for enhancing local protocols.

ISB professors and Telangana Cyber Security Bureau officials at the launch of the report

Some of the key findings of the study include:

  • Both e-KYC (electronic - Know Your Customer) and d-KYC (digital - Know Your Customer) processes lack real-time photo verification, enabling fraudsters to obtain SIM cards.

  • 89% of alternate numbers provided are not linked to Aadhaar, indicating a significant gap in verification processes.

  • POS (Point-of-Sale) agents issue new connections without verifying identity or address proofs, including mismatched or fake documents.

  • Poor digitisation system for CAFs hinders real-time data retrieval during criminal investigations.

  • No limit on SIM cards per subscriber leads to misuse and exploitation by fraudsters.

  • Data analysis reveals a worrying trend of fraudsters using counterfeit or outdated Aadhaar cards with children's images or fake Aadhaar cards to falsely obtain SIM cards for malicious activities.

These findings expose the vulnerabilities in the system that are exploited by attackers to design and execute subscription fraud and highlights the importance of implementing different online identification and validation methods, including knowledge-based validation, phone authentication, address validation, one-time password use, and use of common username across multiple telecom service providers to enhance electronic identification and trust. 

A list of recommendations was shared with the Telangana Police, Telecom Service Providers (TSPs), Department of Telecom, UIDAI, and Ministry of Home Affairs to mitigate SIM card subscription fraud due to its national relevance and the urgent need to address this issue. It aims to mitigate the significant risks posed by fraudulent activities exploiting legitimate customer KYC details.

The study was released by Shikha Goel, IPS, ADGP CID, ADGP Women Safety Wing, Director, TG Cyber Security Bureau and Director TG FSL; Riti Raj, IPS, Joint Director, Anti-Corruption Bureau; Harshavardhan, IPS, SP Cyber Security Bureau; Devendra Singh, DP, CSB; Madhu Viswanathan, Research Director, IIDS and Avik Sarkar, Senior Research Fellow, IIDS.

Commenting on the study, Shikha Goel, IPS, Additional Director General of Police CID, Director TS Cyber Security Bureau said that it emphasises the importance of not sharing personal information and reporting lost or stolen SIM cards promptly. “This study by ISB and Telangana State Police brings to light the pressing issue of SIM card fraud,” she said.

Manish Gangwar, Associate Professor of Marketing and Executive Director, ISB Institute of Data Science said, "As the digital landscape continues to expand, the prevalence of SIM subscription fraud has emerged as a significant challenge for telecommunications providers, businesses, and consumers alike. The fight against SIM subscription fraud requires a multi-pronged approach involving collaboration, technology, and consumer engagement. We hope the study will go a long way in facilitating the creation of a secure telecommunications environment that protects all users from the dangers of SIM fraud.”

Emphasising a multi-layered, risk-based approach, the study recommends incorporating online identification and validation methods, enhancing electronic identification processes, and increasing customer education to combat SIM subscription fraud.

 "SIM card subscription fraud, a significant issue in India, is posing substantial challenges to the resolution of cybercrime cases. Tackling this problem requires a blend of technological advancements, vigilance, and regulatory cooperation. Drawing from successful practices in other countries, we have developed a set of recommendations. By adopting these measures, telecom service providers can significantly mitigate the risk of SIM card fraud, thereby safeguarding their customers and their reputation," noted Shruti Mantri, Associate Director, ISB Institute of Data Science.