SIM card fraud: Can AI be the answer?

SIMs taken on forged documents and in third party's names are involved in the majority of the crimes, taking the advantage of anonymity and untraceability of these SIMs. The fraudsters are creating fake/forged documents with such advanced techniques that conventional text based analysis can never catch them.

Recently it came out in the newspapers that DOT, Maharashtra LSA (Licenced Service Area) has disconnected 21,031 SIMs which were taken using forged documents. Using ASTR (Artificial intelligence and facial recognition powered Solution for Telecom subscriber verification), they could detect such fraudulent connections. Similar disconnections were done by other LSAs also.

The scenario before the SC verdict in 2018 on Aadhaar, mobile connection linkage

Mobile operators were activating new connections through Aadhaar based EKYC authentication. Aadhaar was used as Proof of Identity (POI)/Proof of Address (POA).

DoT was also insisting the operators to conduct Aadhaar based re-verification (linking the mobile number with Aadhaar) of the already working prepaid connections and the deadline was also fixed for the same.

Aadhaar based EKYC authentication was an easy, cost effective and secure way for SIM activation for the telecom service providers. Prospective customers could just walk in to the POS (Point of Sale) and get a connection.

Filling up of Customer Acquisition Form (CAF)/submission of photographs by the prospective customer and scrutiny of POI/POA documents submitted by the prospective customer before activating the connection by the TSP were not required. CAF was generated by the system itself.

The menace of fake documents was not there. The boarding time of the subscriber was very less. Scanning of CAFs and maintenance of the warehouse for the storage/retrieval of documents was not needed. Aadhaar based EKYC authentication was also used in port-in of the customer in MNP (Mobile Number Portability).

In the Aadhaar based re-verification process, the actual mobile connection user was becoming the person on whose name connection was there on the records- a requirement in security angle.

After the starting of the re-verification process, TSPs had stopped scanning CAFs and POI/POA documents and storing the scanned images.

In view of National Security considerations, DOT had stipulated that an individual can’t have more than nine mobile connections. With Aadhaar based EKYC activations/Aadhaar based re-verification, it was easier for the TSPs to monitor the number of connections subscribed by an individual as the mobile numbers were linked to the individual's Aadhaar number.

The TSPs were monitoring the less than nine connection cases in the following scenarios:

• New SIM activation

• Port-in through MNP

• Aadhaar based re-verification.

If any individual has more than nine mobile connections, further connection (new or port-in) was denied to him until he surrendered one of the existing ones. With Aadhaar based activation/re-verification of connections, it was easy for DOT to enforce this rule.

Situation after the SC verdict

As per the Supreme Court Judgment dated 26.9.18, to give new SIM connection, TSP can’t seek Aadhaar details. Other KYC documents like voter ID card, driving license etc. can be taken as POI/POA document to give a new mobile connection. The operators may accept a copy of physical Aadhaar or e-Aadhaar letter having masked or unmasked Aadhaar number as proof of identity “if offered voluntarily by the subscriber” for issuing the new mobile connection.

Since Aadhaar based re-verification was stopped (because of SC verdict), the TSPs had to restart scanning CAFs and POI/POA documents and storing the scanned images.

After the Supreme Court judgment, DOT has brought out a digital process for KYC (D-KYC) of mobile subscribers which envisaged CAF to be embedded with live photograph of the subscriber and scanned images of POI/POA documents thereby digitising the end to end process for onboarding of new mobile subscribers. All the phone connections at present are issued through the D-KYC process.

UIDAI had announced that if any customer, whose SIM was activated through Aadhaar based EKYC, wishes to get her or his Aadhaar EKYC replaced by the fresh KYC, she or he may request the TSP for delinking of her/his Aadhaar by submitting the valid documents which will act as POI/POA.

TAFCOP module

AP LSA, DOT has developed TAFCOP (Telecom Analytics for fraud management and consumer protection) module which is an AI algorithm that facilitates a mobile subscriber to check the number of mobile connections taken in his/her name. It also facilitates reporting the mobile connection(s) which are either not required or not taken by the subscriber.

This is part of Sanchar Sarathi portal which was launched by the ministry of communication (MOC) on 17.05.23, World Telecom and Information Societies Day. Sanchar Sarathi portal is a citizen centric initiative of DOT to empower mobile subscribers, strengthen their security and increase their awareness about citizen centric initiatives of the government.

ASTR

This is one of the consumer centric reforms (other two are CEIR (Central Equipment Identity Register) and TAFCOP which are available for the public) launched by MOC on 17.05.23. ASTR is an innovative and indigenous solution developed by Haryana LSA, DOT. This next gen platform can potentially bring down cyber frauds by detecting and blocking possible fraudulent mobile connections. DOT had issued orders to all the TSPs to share the subscriber database including user’s photos with the department. These images constitute the core database on which ASTR is run. Human faces in subscriber’s images are encoded using Convolutional Neural Networks (CNN) in order to account for the tilt and angle of the face, opaqueness and dark colour of the images. After that, a face comparison is carried out for each face against all faces in the database and similar faces are grouped under one directory. Two faces are considered to be identical by ASTR if they match to the extent of at least 97.5 per cent. ASTR is capable of detecting all SIMs issued against a suspected face in less than 10 seconds from a database of one crore images. Once the faces are matched, ASTR’s algorithm uses Fuzzy logic (Fuzzy logic is a mathematical approach that deals with uncertainty and imprecise information. It allows for the representation of vagueness and partial truth, unlike traditional binary logic) to find similarity or approximate matches for the subscriber names. It also accounts for typographical errors while filling CAF.

This platform:

• Look up if there are more than nine connections against a single individual's photograph.

• It runs a search through the database to see if the same person has taken SIMs under different names.

Way forward

While issuing a new SIM or while acquiring the customer through MNP, it should be ensured by the TSP that the prospective customer is not having more than nine connections on his name. After this verification only, new SIM should be activated. This will avoid possible fraud by the customer before it is disconnected after detecting that more than nine connections are working on his name. But at the same time this should not delay the activation of SIM for a normal customer. ASTR runs on a CDAC supercomputer and such computing resources can't be established at many places. DOT should examine whether it is practically feasible to detect fraudulent customers before their SIMs are activated using ASTR/ TAFCOP and if there are difficulties in this implementation, it should appeal against SC verdict of 2018 (which says that for SIM activation TSP can't seek Aadhaar details), with convincing arguments.

(The author is retired Advisor, Department of Telecommunications (DoT), Government of India)