As the controversial SIM card registration rules are enforced, telecommunication companies could find a silver lining in the use of fingerprints to curb fraud threats.The Ministry of Information, Communications and the Digital Economy, in May, released new guidelines for SIM card registration under the Kenya Information and Communications (Registration of Telecommunications Service Subscribers) Regulations, 2025.The new regulations require mobile subscribers to submit biometrics such as fingerprints, expanding beyond traditional identifiers such as names, ID numbers and dates of birth.Read: SMS spam surge sparks fears of personal data misuse by telcos“The new rules were developed to protect citizens from SIM card-related fraud and other criminal activities, including identity theft, SIM box fraud and scams, strengthen the identity of telecommunication services and support secure access to digital services such as mobile money, e-government and e-commerce,” said the Communication Authority in a statement last month.Although the rules generated a public storm, telco industry insiders say the adoption of biometric verification in telecommunication services could be a win for the sector that has long grappled with cases of fraud that are growing more sophisticated with advancements in technology.Sources said some telcos are expected to start collecting fingerprint details when registering new and existing subscribers.“The key focus will be on fingerprints for SIM card registration, which I see as a big advantage for us telcos who have been frustrated by fraud,” a source told Business Daily.Pain for telcosFraud has been a pain for telcos, resulting in big cash losses. For example, in 2023, security agents arrested eight suspects accused of fraudulently generating SIM card numbers and taking out more than Sh500 million in loans from Safaricom’s Fuliza mobile overdraft service.In the last financial year, leading mobile services provider, Safaricom, listed fraud and social engineering as the principal risks facing it and its customers.“Due to the wide use of M-Pesa services across the country, our M-Pesa customers and partners are exposed to M-Pesa fraud due to social engineering, fraudulent SIM swaps, digital identity theft, and mobile apps takeover,” stated the firm in its annual report.In 2021, Safaricom launched the Jitambulishe service, allowing prepaid and post-pay customers to enroll their voice and use it to access services such as getting their PUK, unlocking M-Pesa accounts, and retrieving their M-Pesa PIN and replacing their lines.Kenya’s SIM registration environment already requires operators to gather customer details, validate identity documents, and maintain updated records to reduce impersonation, SIM-swap schemes, and criminal use of untraceable numbers.Also read: DNA storm in Kabogo SIM registration rulesTelcos, however, continue to routinely face cases where fraudsters exploit weak onboarding checks, recycle stolen identity cards, or submit manipulated documents during SIM replacements, causing financial losses and eroding trust in digital services.These vulnerabilities have made SIM swaps particularly damaging as criminals can take control of a customer’s calls, messages, mobile money approvals, and banking alerts within minutes of replacing a line.A biometric anchor eliminates these weaknesses by tying a subscriber’s registration to a non-transferable physical characteristic that cannot be forged, borrowed, photocopied, or reconstructed from stolen data.Multiple countries across the world have already adopted similar approaches, using fingerprints or facial recognition to authenticate individuals during SIM purchases and high-risk account changes.Such adoptions have been driven by rising fraud levels worldwide, pushing regulators and operators to move beyond simple document checks that criminals routinely forge or manipulate.The concept of biometric use is already prime in the financial sector, with several commercial banks in the country, including Absa Bank, KCB Group, and Stanchart, supporting facial recognition as a login option to their mobile banking platforms, subject to the capabilities of users’ devices.According to the Central Bank of Kenya (CBK), the adoption of new technologies such as biometric verification and big data analytics comes as banks explore the potential opportunities of new business models, including virtual assets, seek to improve operations, and minimise fraud.Traditional password“Application Programming Interfaces (APIs) have been adopted by most banks with a 79 percent and 64 percent adoption rate by commercial banks and MFBs, respectively,” explained the CBK in its latest annual report.“This was followed by Cloud Computing, Biometrics Technology, and Big Data and Data Analytics with an adoption rate of 42 percent, 40 percent, and 40 percent, respectively, across all banks,” it added.Biometric verification has been widely adopted in developing markets as an alternative to traditional password and PIN requirements that are considered by many as outdated in the face of emerging technologies such as Artificial Intelligence.Some of the leading smartphone makers, including Apple and Samsung, have facial recognition and fingerprint authentication built into their devices that help users safely access their apps and personal data.Last week, Australia implemented the world’s first social media ban for its citizens under the age of 16 in a bid to limit the harmful effects of the technology, including cyber-bullying and sexual exploitation of minors.The ban, which has seen teens restricted from popular apps including Facebook and TikTok, will require social media firms to implement some form of biometric verification to ensure compliance.In October this year, India started allowing citizens to approve payments on fintech platforms using facial recognition and fingerprints. Authentications are verified using biometric data stored in the state’s Aadhar digital identification system.But telcos in Kenya will walk a tight rope on data privacy as they shift to biometrics for SIM card security.In Kenya, the use of biometric verification for telecommunication services that include mobile money transfer will be closely watched to determine adherence to the data protection laws and other safeguards to users’ privacy.According to the guidelines from the Office of the Data Protection Commissioner, ODPC, biometric data collection and processing by service providers should be lawful, fair and transparent, accurate and limited to the purposes of collection.“Clear policies and procedures for data retention and deletion must be established, defining specific purposes and retention periods,” states the ODPC in the guidelines released earlier this year.“Prompt deletion or anonymisation should occur once the purpose is fulfilled to mitigate privacy risks from unjustified retention periods and ensure compliance with the Act and Regulations.”kmwangi@ke.nationmedia.com Provided by SyndiGate Media Inc. (Syndigate.info).
