Equity Bank’s thin SIM card plan pegged on ‘quality’ audit

Corporate News

Equity Bank chief executive officer James Mwangi. PHOTO | FILE 

By OKUTTAH MARK

In Summary

• GSMA proposes that an independent audit is done to ascertain the quality of Equity Bank’s proposed thin SIM card.
• The association had said that use of the thin SIM cards which are overlaid on the primary SIM would compromise privacy of communication by mobile subscribers.

The London-based global association of mobile operators (GSMA) has said that paper-thin SIM cards similar to the one intended for use by Equity Bank only poses security risks when they are of “poor” quality.

Related Stories

• Equity Bank’s thin SIM card plan pegged on ‘quality’ audit

GSMA therefore proposes that an independent audit is done to ascertain the quality of Equity Bank’s proposed thin SIM card, on which it intends to roll out mobile banking and telecommunication services by riding on Airtel’s network.

In a preliminary response to a request for advice by the Communications Authority of Kenya dated August 8, GSMA had said that use of the thin SIM cards which are overlaid on the primary SIM would compromise privacy of communication by mobile subscribers.

“The risks described above are those considered to be theoretically applicable to poorly or maliciously designed overlay SIM solutions and GSMA is not suggesting that these apply to all or any specific solutions,” read part of an additional advisory that GSMA sent to the communications regulator dated August 18.

READ: Safaricom gets global ally in mobile cash war with Equity

The position taken by GSMA means Equity Bank’s intended use of the ultra-thin SIM cards could still get the regulator’s approval, setting the stage for what is seen as a likely bruising turf war for the mobile banking market.

Safaricom, the dominant telecommunications and mobile money operator, had written a letter of protest to the regulator, demanding an investigation into the possible security risks posed by the overlay SIMs.

GSMA’s latest advisory states that the risks it mentioned in the earlier report, and which were reported in the Business Daily, are only applicable on poorly or maliciously designed thin SIMs.

Security safeguards

It also says that it does not have the capacity to technically determine whether security threats exist on the proposed thin SIMs to be deployed in the Kenyan market, suggesting that an independent analysis will be needed to certify individual products that have adequate security safeguards.

“GSMA is not in a position to ascertain if individual Overlay SIM implementations gather any sensitive data and make that available to unauthorised parties or if they manipulate or compromise the security of the existing SIM in anyway. The advice merely raises the possibility that these potential risks exist and could arise,” it added.

In the advisory opinion, GSMA says poorly or maliciously designed thin SIM is capable of bypassing any security technologies, such as cryptographic keys to record sensitive data and make it available to third parties.

The slim SIM that does not meet the required security standards can also facilitate unauthorised access to the primary SIM card, change of configuration settings and execution of actions without the explicit permission or knowledge of the mobile user, the GSMA says, adding that the technology can allow recording and divulging of mobile user PIN details without the phone user’s knowledge.

READ: SIM card makers to offer expert advice on Equity case

GSMA says that mobile phone users should be advised of the potential dangers that could result from using unapproved elements in their devices and they should be provided with assurance pertaining to approved solutions.

“Only Overlay SIM solutions that have been independently analysed and certified as being free from any functionality designed to undermine the security of the users or issuers of the original SIMs should be deployed,” it stated.

The GSMA is among mobile telecoms authorities from whom the CAK had sought expert opinion, as it prepares to make a decision on Safaricom’s petition challenging Finserve’s use of the ultra-thin SIM cards to rollout the mobile banking services. Finserve is a subsidiary of Equity Bank.

The industry regulator also sought the opinion of thin SIM card manufacturer Taisys, and has announced plans to conduct its own research before making the final decision.

Safaricom, the country’s largest telecoms operator, sparked the current battle between it and Equity Bank, the leading lender by customer base, on June 26 when it wrote to the telecoms market regulator claiming that Equity’s thin SIM technology poses a security threat to mobile subscribers.

Equity has responded to Safaricom’s letter, saying that it intends to source the thin SIMs from a reputable technology company, Taisys of Taiwan, which has reputable clients such as the International Finance Corporation — the investment arm of the World Bank.