Carnegie report suggests biometrics and digital ID adoption can help South Africa’s cybersecurity!

May 6, 2022

South Africa’s position as a key financial hub for Africa is being undermined by a lacklustre approach and commitment to cybersecurity, according to a new report. Addressing mobile account security by introducing biometrics is among steps that should be considered, according to an article from the Cybersecurity, Capacity Development, and Financial Inclusion project within the Carnegie Endowment for International Peace.

The case study is one of six, examining the financial markets of South Africa, Nigeria, Cameroon, Uganda, Ghana and Zimbabwe.

The report on South Africa, titled ‘Dividend or Liability? Financial Inclusion, Digital Deprivation, and Cyber Risk Proliferation in South Africa,’ was written by Noëlle Van der Waag-Cowling, who leads the Stellenbosch Institute for Governance and Leadership in Africa (SIGLA) Cyber Program.

A growing base of customers who were previously excluded from financial services is a major potential benefit to South Africans, businesses and the overall economy, but also increases cybersecurity risk, the report argues.

The onboarding exercise for people buying SIMs in South Africa is onerous and paper-based, according to the report, ensuring compliance but not cybersecurity. Compromised SIMs are common, and dealing with them a challenging process. A double opt-in process including biometrics would be a marked improvement, the author suggests. The wide use of one-time passwords (OTPs) over SMS does not provide sufficient security, and may actually drive SIM swap fraud.

Voice biometrics are widely used in Africa, the report says, due to the technology’s ease of use and low rollout costs, and could significantly improve the situation.

Legacy approaches involving ID numbers and OTPs via SMS and email could be replaced with digital identity and biometrics, with South Africa, “a late adopter of such technologies,” benefiting from the lessons learned from the experiences of other counties.

Van der Waag-Cowling concludes with six recommendations, including the broader use of digital identity and biometrics. Beyond those recommendations, however, lie two major social challenges.

Cybersecurity awareness and financial literacy rates must be raised, and the devices and services that provide cybersecurity must be made more affordable for lower-income households.

The majority of banks across Africa are prioritizing reaching retail banking customers, according to ‘The African Digital Banking Transformation Report 2022’ from African Banker.

Cybersecurity and resilience together are the top trend in importance for 2022/2023, according to bankers surveyed for the report, but as customer bases grow in other countries, those with insufficiently secure mobile account ecosystems may face similar challenges to South Africa.