Documents available to Techfocus24 indicate that some fraudulently registered SIM cards have found their way into the Central SIM Register and the National Communications Authority (NCA) is pressuring Vodafone to delink those SIMs ahead of proper investigations.
Per the documents, a Vodafone customer called Prince Edward Deba has had both his Ghana Card and Biodata used to register three additional Vodafone SIM cards in his name without his consent.
Ahead of the June 1, 2023 mass SIM disconnection, NCA said fraudulent SIM registration was restricted to Stage One, where some unscrupulous telco agents used confirmation codes from National Identification Authority (NIA) to fraudulently link many SIM cards to people’s Ghana Cards but were unable to complete the process with biodata capture at Stage Two. But in the case of Prince Deba, the Stage Two has also been breached and the fraudulent SIM linked to his details have actually been passed by the NCA’s App as genuine.
All three fraudulently SIMs were registered in Kumasi by one particular agent, and all three have BCAP-Yes status, which means, not only was Prince’s Ghana Card used, but even his biodata (picture and fingerprints), were also used in registering those SIM cards even though Prince lives in Accra and was never physically present in Kumasi.
All three numbers were registered by one agent and all of them read BCAP – YES[/caption]
The agent who committed the fraud used a device with phone number 0205725275, and from a look at the numbers he linked to Prince’s details, all three begin with 0509374XXXX.
But the most worrying part of this incident is the BCAP-Yes status on the fraudulent SIMs, which means they have been cleared by the NCA’s App and have been rolled over into the Central SIM Register without the NCA’s supposed robust SIM registration system flagging them.
Now the NCA is pressurising Vodafone to delink all the three numbers from Prince’s Ghana Card ahead of proper investigations to determine what biodata was used to register the numbers in the NCA’s App, and on what basis did the NCA pass those numbers as BCAP-Yes.
But the victim of the fraud, Prince Deba has written to Vodafone insisting that until full investigations are carried out to find the perpetrators and also determine how the NCA’s App was breached in that manner, the numbers should not be delinked from his Ghana Card and biodata yet.
He has also asked the NCA officially, to provide him with the live pictures used in registering those numbers to his name in Kumasi while he was in Accra, but the NCA is dragging its feet on that, while pressurizing Vodafone to delink the numbers, which then eliminates the only evidence of a breach of the Central SIM Register.
Facts of the case
The facts of the case are that on April 24, 2023, Prince registered his Vodafone SIM number 050****339 in the Vodafone Shop at Junction Mall, Nungua, in Accra. It was a Vodafone staff who did the registration for him.
Then on May 1, 2023 he did a check on *402*1# and confirmed that the only numbers linked to his Ghana Card were his own Vodafone number and one MTN number, which also belongs to him.
But on May 31, 2023, the final deadline for SIM registration, he did another check on *402*1# only to find three other Vodafone numbers linked to his Ghana Card. He then made a report to Vodafone.
Shocking feedback from Vodafone
According to Prince, the feedback he got from Vodafone was even more shocking – not only have they linked the fraudulent SIMs to his Ghana Card (Stage One), but they have also used his biodata (picture and fingerprint) to register those numbers as well (Stage Two).
Prince said he got documental feedback from Vodafone indicating that on June 27, 2023, Vodafone wrote to NCA and copied Kelni-GVG, asking for details from the Central SIM Register to assist in fraud investigations.
According to him, he was informed that NCA’s initial response to Vodafone was that the Vodafone staff who did the registration in Accra, dubiously captured Prince’s biodata multiple times, and then used the additional biodata he captured to register other SIM cards.
But that claim by NCA was flawed because the fraudulent registrations were not done in Accra but in Kumasi where Prince was not physically present. Moreover, the evidence also shows that the device used in registering Prince’s SIM in Accra was different from the one used in Kumasi. The device used in Accra had number 0200875683, while the one in Kumasi had number 0205725275.
Vodafone’s Request for evidence
Vodafone, according to Prince, has since July 4, 2023 written another letter to NCA asking for the following:
- A confirmation that BCAP (bio-capture) has been completed for the three fraudulent numbers.
- Confirmation that the live picture taken during registration of the three numbers matches the picture on the Ghana Card for which a liveness test image was verified against the image captured on the Ghana Card.
- Evidence from the Central SIM Register so that they (Vodafone) can proactively engage the security services if an arrest is required.
While NCA is yet to grant Vodafone’s July 4, 2023 request, it is rather pressurizing Vodafone to delink the numbers from Prince’s details, something which Prince thinks is an attempt by NCA to clear the only evidence of a breach of the Central SIM Register.
NCA Response to Techfocus24
Meanwhile, Techfocus24 also made request to NCA on the matter, and in their response, they claimed that the Vodafone “agent” who registered the SIM for Prince in Accra, dubiously took a picture of Prince’s Ghana Card and sent that to another agent who then used it to register those SIM cards in the App.
The NCA failed to explain how the picture of a Ghana Card was able to pass the liveliness and likeness test required at the Stage Two of the SIM Registration, where the SIM owner needs to be present for his live picture and fingerprints to be captured directly with the NCA’s App.
NCA’s response to Techfocus24 suggests that, unlike what it has always claimed, pictures and fingerprints can be captured outside of the App, transmitted to another device and be uploaded into the App to then make other SIM cards be given a BCAP-Yes status.
No Breach?
Meanwhile, in spite of the fact that the fraudulent SIM cards have been given a BCAP-Yes status by the NCA’s App, the NCA still insists that the Central SIM Register has not been breach.
However, Prince, who works in the data management space himself, is worried that such a breach could occur after the NCA had assured Ghanaians that the Stage Two, for which people queued for hours, was necessary to make the Central SIM Register robust.
“This is a clear breach of the Central SIM Register and NCA cannot deny it. If they claim the Central SIM Register has not been breached they should provide the pictures and fingerprints used in registering those numbers in my name and lets compare them to what I used in registering my own SIM instead of pressurizing Vodafone to delink the numbers,” he said.
Indecent Pressure on Vodafone
Prince insisted that NCA’s pressure on Vodafone to delink the fraudulent SIM cards is a clear attempt to hide evidence, adding that “they should rather focus on providing the necessary information to aid a thorough investigation instead of asking for a delink now.”
He thinks NCA and its Common Platform partner are trying to shift attention from the fact that the NCA’s App failed to flag the fraud and the SIMs found their way into the Central SIM Register and were given BCAP-Yes status.
According to Prince, the breach of the Central SIM Register is particularly worrying because it is now not clear how widespread the breach is, and that should be of great concern to all stakeholders because “if this is not stemmed in the nick of time, Ghana may have to redo SIM registration all over again in the near future.”
Source: Techfocus24