Telecom operators around the world are rapidly moving customer onboarding from physical stores to mobile devices. What once required a visit to a retail location can now be completed in minutes through an operator’s app. Customers can register for a new SIM, reactivate an account, or complete a SIM swap directly from their phone without ever speaking to an agent.
The shift makes sense. It reduces operational costs, eliminates queues, and gives customers the convenience of completing the process wherever they are. At the same time, regulators in a growing number of markets now require stronger identity verification during SIM registration and SIM swaps, making biometric verification increasingly common in the onboarding process.
The question is no longer whether telecom operators should use biometrics. In many markets, that decision has already been made by regulators.
The real question is how to secure the onboarding process without introducing entirely new categories of risk.
The Hidden Cost of Going Digital
For years, identity verification took place in a store. Customers presented their documents, an agent verified them, and the transaction was completed in person. While the process was slower and less convenient, there was one important safeguard: a human being was physically present to observe the customer.
Mobile onboarding removes that friction, but it also removes that human layer of verification.
When identity verification happens remotely, the operator must determine whether the person on the screen is genuinely present or whether the system is being presented with a printed photograph, a replayed video, a mask, or an AI-generated deepfake. As fraud techniques become increasingly sophisticated, this becomes a critical security challenge.
At the same time, a second problem emerges.
You’re Now Holding a Database of Faces
Every successful biometric verification creates biometric data that must be stored somewhere. Across millions of subscribers, telecom operators can quickly accumulate one of the most attractive targets imaginable for cybercriminals: a database of faces linked to real-world identities.
Unlike passwords, biometric data cannot simply be reset after a breach. Once compromised, the exposure is permanent for both the customer and the organization responsible for protecting it. And ever so often, these databases are exposed (see reports by The Korea Herald and Bright Defense).
The industry’s digital transformation has therefore created two new challenges simultaneously: preventing fraudulent users from entering the system through remote onboarding, and protecting biometric data without creating a high-value target for attackers.
Three Questions That Define the Solution
We recently worked through exactly these challenges with a major African telecom operator serving millions of subscribers. The objective was to enable secure remote onboarding and SIM-swap verification without introducing new fraud vectors or creating a large repository of biometric data.
The solution ultimately came down to answering three questions:
- How do you know the person is real?
- How do you balance efficiency while ensuring privacy?
- How do you detect repeat fraud at scale?
Question 1: How Do You Know the Person Is Real?
The first challenge is proving that the person on the other end of the screen is actually there.
In a retail store, an agent can compare the customer standing before them to the photo on their identity document. During remote onboarding, that responsibility shifts entirely to technology.
Before any biometric verification takes place, the selfie is analyzed using liveness detection and presentation attack detection. The system determines whether it is interacting with a real person or an attempt to fool the camera using a printed photograph, a screen replay, a mask, or an AI-generated deepfake.
A photo held up to the camera fails. A replayed video fails. A deepfake fails. Only a genuine, live person passes.
In effect, this technology replaces the verification that an agent would traditionally perform across a counter, allowing operators to maintain security while moving onboarding to a customer’s device.
This matters because fraudulent accounts are cheapest to stop before they enter the system. Every synthetic identity blocked during enrollment is one less account that can later be used for SIM-swap fraud, account takeover, or financial crime.
Liveness detection works by analyzing multiple signals simultaneously, subtle facial movements like blinking and head-turning that are difficult to replicate in a fake image; skin texture that distinguishes real faces from printed photographs or masks; light reflection in the eyes; and, in advanced implementations, a three-dimensional facial map that confirms depth is present.
Question 2: Efficiency vs Privacy. How Do You Verify a Person’s Identity while Ensuring Privacy?
Preventing fraudulent users from entering the system is only half of the challenge. The second question is what happens to the biometric data after verification is complete.
Most biometric systems store facial templates or images that remain linked to customer identities. While biometrics for remote user onboarding on mobile devices is efficient, over time, it creates a highly attractive target for attackers: a centralized repository containing the biometric data of millions of subscribers.
Unlike passwords, biometric information cannot simply be changed after a breach. Once exposed, the impact is permanent – and potentially expensive for both customers and operators (see Reuters’ report on the SK Telecom leak).
To address this, the biometric capture is converted into an irreversibly transformed token, called an IT2, immediately after verification. The original biometric image is discarded. What remains can be used to confirm identity in future transactions without revealing the underlying biometric data, and it cannot be reconstructed into the customer’s original face or biometric record.
When a subscriber later requests a SIM swap, a new live selfie is captured and verified through liveness detection before being converted into a new IT2. The system then compares that newly generated token against the token created during enrollment to determine whether the same person is present.
Importantly, every IT2 is unique. Even when generated from the same individual, each token is slightly different, much like a snowflake. The system expects similarity, not exact duplication. If an identical token ever reappears – a statistically improbable event – it is an indicator that someone may be attempting to replay or spoof the system using previously captured data.
The legitimate account holder matches.
Someone presenting stolen account credentials but the wrong face does not.
The result is that operators retain the ability to authenticate customers while eliminating the biometric database that would otherwise become a high-value target.
If a system is compromised, attackers gain access only to irreversible tokens rather than facial images or reusable biometric records. Without the original biometric data, there is nothing meaningful to reconstruct, steal, or replay.
Question 3: How Do you Detect Repeat Fraud at Scale?
The ability to verify a legitimate customer without storing their biometric data solves the privacy and security problem. But telecom operators face another challenge beyond simple account verification and secure storage.
Fraud rarely happens one account at a time.
Organized fraudsters typically operate at scale, creating multiple accounts, reusing identities, exploiting synthetic identities, or repeatedly attempting to re-enter the system under different credentials. Detecting those patterns requires the ability to recognize when the same individual appears across multiple enrollment attempts.
Traditionally, that capability has come at the cost of maintaining large biometric databases. With tokenized biometrics, however, operators can identify repeat actors and duplicate identities without storing or exposing the underlying biometric data.
This is where the Irreversibly Transformed Identity Token (IT2) becomes particularly powerful.
Because the biometric data has been transformed into an irreversible token, telecom operators can perform large-scale deduplication and fraud screening without storing or exposing the underlying biometric information. Millions of tokenized identities can be compared in milliseconds, allowing operators to identify relationships and patterns that would otherwise remain hidden.
This enables two critical capabilities:
- First, operators can detect duplicate identities across the subscriber base. If the same individual attempts to enroll multiple times using different names, addresses, or supporting credentials, the system can identify that those records are linked to the same person, even though the underlying biometric data is never revealed.
- Second, operators can maintain watchlists of known fraudsters and high-risk individuals. When a new enrollment occurs, the tokenized identity can be screened against those watchlists in real time. If a match is detected, the enrollment can be flagged for review or blocked entirely before access is granted.
Importantly, all of this can be achieved without exposing customer biometric data or creating a centralized repository of facial images. The operator can perform deduplication, watchlist screening, and repeat-fraud detection at scale while maintaining a privacy-preserving architecture.
For operators serving tens of millions of subscribers, this means fraud controls that can scale with the business without scaling the risk associated with storing biometric data.
What Happens When Your Systems Are Targeted?
This is the approach we recently implemented for one of Africa’s largest telecom operators, supporting secure onboarding and SIM-swap verification for millions of subscribers. By combining liveness detection, privacy-preserving biometric tokenization, and large-scale duplicate detection, the operator was able to strengthen fraud defenses without creating a massive repository of biometric data.
Biometric onboarding is no longer optional in many markets. Regulators increasingly require stronger identity verification for SIM registration and SIM swaps, and customers increasingly expect to complete those processes remotely.
So as your organization makes this transition, there are really only a few questions that matter:
- Can you verify that the person is real?
- Can you prevent deepfakes and presentation attacks?
- Can you stop duplicate and fraudulent enrollments?
- And when your systems are eventually targeted, what information is actually exposed?
If the answer is a database of customer faces, the risk remains.
If the answer is irreversible tokens that cannot be reconstructed, reused, or replayed, the equation changes entirely.
As telecom operators continue their transition to digital onboarding, the challenge is no longer simply verifying identity. It is doing so at scale, securely, and without creating the next breach headline.
Ready to move beyond the honeypot model? Get in touch!