Identity Verification in Telecoms: Industry-Specific Obstacles & Solutions

On the one hand, the verification process for telco operators is standard. To register as a new subscriber, a user must present their personal data, such as name, date of birth, address, etc., usually verified through their ID document.

However, the circumstances under which businesses in the industry act, as well as the challenges they have to address, are specific.

For starters, many scams targeting customers of businesses from other sectors involve using communication services to deceive people. For example, many users received phishing messages with malicious links or calls from scammers impersonating officials.

Fraud in Telecom industry itself takes many forms. Subscription fraud is one of them. It occurs when fraudsters obtain mobile devices and services using someone else's or synthetic identity with no intention of paying. This is possible because many operators now offer credit and non-personal shipping options.

High-end smartphones purchased this way can be resold after mobile OS jailbreaking, while pay-as-you-go vouchers can be exploited by criminals and never redeemed after purchase.

Mobile numbers are one of the user identifiers not only in Telecom but also in many other industries, including e-Commerce, Financial Services, and Banking. This channel is frequently used for customer identification, authentication, or mobile identity verification.

As a result, Telecoms are connected to many other businesses via their customers. This is a double burden since they are at the forefront where the first contact with a client (who may be a criminal or imposter) occurs. Additionally, this circumstance makes them prime targets for bad actors aiming to exploit the identities of legitimate customers and gain illicit access to their funds.

Telecom companies are under some form of government control almost everywhere. Typically, they must know their subscribers thoroughly. In addition to standard Know Your Customer (KYC) regulations set out in Anti-Money Laundering (AML) and anti-terrorism financing rules, there are also several specific technical requirements. For example:

• The STIR/SHAKEN framework in the US: Adopted by the Federal Communication Commission (FCC) in 2020, this is a set of industry standards and protocols for the authentication and verification of caller ID information for calls carried over IP networks. In plain language, it means that telecoms need to ensure that “Mr.Smith” is actually “Mr. Smith” when his caller ID appears on your phone’s display.

• The Calling Name Presentation (CNAP) in India:The CNAP allows users to always see caller names on their phones, even if the caller isn't on their contacts list. Presented by the Telecom Regulatory Authority of India, this feature should be available on all mobile devices sold in the country and provided upon subscriber request.

• The Rich Call Data (RCD): This framework combines authenticated Caller ID and RCD powered by STIR/SHAKEN framework and protocols. The approach has been implemented by some major industry players, including T-Mobile and First Orion, as a proof-of-concept with the potential to become a new industry standard in the future. Subscribers within the network receive a verified call with the business name, logo, and a reason for calling displayed on their device, preventing scams and Telecom fraud.

Most Telecom operators interact with their subscribers remotely. Typically, there is one offline interaction between a company and a new client when they buy a SIM card or subscribe to the service for the first time. All further interactions, such as topping up a balance or adding new services, occur online.

This means that the customer verification stage often involves presenting ID scans and selfies, creating a demand for a secure telco identity verification solution. With the strict KYC regulations, this process can be cumbersome for customers.

Telecom companies frequently deal with non-residents, including tourists and digital nomads. These are a specific group of customers who change their residency several times per year. As temporary users, they subscribe to services to access the internet or make calls during their stay in a country.

As a result, many IDs issued abroad are submitted to companies’ systems. According to an identity verification survey conducted by Regula, 67% of businesses in the sector experienced an increase in foreign IDs when transferring a phone number to a new provider and another 65% when activating a new mobile phone or SIM card.

To manage this diverse document flow, some operators limit the types of IDs that can be submitted to one option. For example, Vodafone Turkey offers a tourist SIM card that users may apply for by presenting their passport identification number.

As the Regula survey shows, 9 out of 10 organizations in the Telecom industry consider IDV a crucial tool in combating the increasing threat of identity fraud. However, the process should also remain comfortable and smooth for customers. 

What components are nice to have in such a solution?

Companies in the industry surveyed by Regula emphasize sophisticated types of identity theft and fraud as real threats. Synthetic identity fraud (highlighted by 87% of respondents) and video deepfakes (80%) concern the majority of Telecoms. To combat these and other forms of identity and Telecom fraud, companies need comprehensive IDV solutions that include both document and biometric verification components. 

Some telco operators have already adopted this approach. For instance, all new customers of Andorra Telecom must submit their ID document and take a selfie during registration. Additionally, the company notifies customers that the onboarding session will be recorded and their location will be detected.

Customer verification in Telecoms frequently involves submitting personal details, such as name, address, date of birth, etc. Typically, this information is filled out manually, which slows down the process on the user’s end. Not a good sign for a very competitive industry!

This process can be streamlined through data entry automation, where all necessary details are captured and entered automatically during ID scanning. As a result, onboarding takes seconds instead of 5-10 minutes many mobile operators currently declare.

In a remote identification scenario, it’s challenging to ensure the user presents a physical ID for verification. As GenAI's capabilities become more impressive daily, fraudsters can create AI fakes that may look compelling enough to deceive the system. 

The use of electronic IDs with an RFID chip enhances the online verification process, as the chip is a much more fraud-resistant security feature. For this reason, more companies in Telecom are harnessing this technology, offering eID verification as an option for their customers. The procedure takes less time—users simply need to tap the chip on their NFC-enabled device to complete the verification.

Tourists, work travelers, and digital nomads make up a large part of Telecoms' target audience. Moreover, they serve non-residents in their domestic markets. As a result, their customers use various ID documents as proof of identity, which differ in layout, language, security features, etc. 

To effectively verify people from all over the world, an IDV solution used by Telecom businesses must rely on a large, regularly updated ID template database consisting of various types of IDs, including their multiple series.

As a hardware and software developer with over 30 years of experience in IDV, Regula offers complete solutions for identity and biometric verification:

• Regula Document Reader SDK for seamless integration into apps and web platforms to easily verify passports, visas, driver’s licenses, residence permits, and other ID documents.

• Regula Face SDK for face recognition, identification, and matching to verify customers through selfies.

• Liveness detection technology for ID documents and biometrics.

• Over 14,000 ID templates from 251 countries and territories in the database.

• A test-drive or pilot implementation for testing our solutions under your specific use cases.

Don't hesitate to get in touch with one of our representatives to learn more.