South Korea Mandates Facial Recognition for SIM Registration to Combat Scams
South Korea has announced a new policy requiring facial recognition scans for individuals registering new mobile phone numbers, aiming to curb the widespread use of stolen identities in telecom-related scams. The Ministry of Science and ICT stated that the initiative, which will be implemented by the country's three major mobile carriers and mobile virtual network operators, is designed to prevent criminals from using stolen or fabricated IDs to activate SIM cards. The new requirement will compare the photo on an official identification card with a real-time facial scan, making it significantly harder to register devices under false names. This measure follows a series of high-profile data breaches and a surge in voice phishing scams, with over 21,000 cases reported in 2025 alone.
The policy is set to take effect on March 23, following a pilot phase, and will leverage existing digital credential apps such as “PASS” to store and verify biometric data. Recent incidents, including the massive data breach at SK Telecom that exposed SIM card data of nearly 27 million subscribers, have highlighted the vulnerabilities in South Korea’s telecom sector. Authorities have responded with stricter penalties for carriers failing to prevent scams and have imposed significant fines for poor security practices, such as storing credentials in plaintext and lacking basic access controls. The government hopes that the new facial recognition requirement will restore trust and reduce the risk of identity-based telecom fraud.
Related Entities
Organizations
Sources
Related Stories
India Mandates SIM-Binding and Frequent Re-Verification for Messaging Apps to Combat Fraud
The Indian government has introduced new regulations requiring messaging apps such as WhatsApp, Telegram, Signal, and Snapchat to operate only with active SIM cards linked to users’ phone numbers. This move is intended to curb the rising incidents of cyber fraud and misuse, particularly those perpetrated from outside the country using Indian mobile numbers. Under the new rules, web and desktop sessions must automatically log out within six hours, and users will be required to re-verify their accounts frequently. Messaging app providers have 90 days to implement these changes and 120 days to report compliance, as part of an amendment to the 2024 Telecom Cyber Security Rules. The Department of Telecommunications (DoT) stated that the previous ability to maintain long-lived sessions without an active SIM was being exploited for large-scale, cross-border scams, phishing, and other fraudulent activities. By enforcing SIM-binding and frequent re-verification, authorities aim to close this security loophole and make it more difficult for criminals to operate anonymously or from abroad using Indian identifiers. The new measures are a direct response to the increasing sophistication of cybercriminals targeting Indian users through messaging platforms.
3 months agoUK Mobile Carriers Commit to Blocking Spoofed Phone Numbers to Combat Fraud
Britain's largest mobile carriers, including BT EE, Virgin Media O2, Vodafone Three, Tesco Mobile, TalkTalk, and Sky, have agreed to upgrade their networks to block spoofed phone numbers as part of a new government-backed Telecoms Charter aimed at combating fraud. The initiative will require carriers to implement technology that identifies calls originating from abroad and prevents fraudsters from impersonating trusted organizations such as banks and government agencies. Advanced call tracing will be introduced to aid law enforcement in tracking down scammers, and carriers have also committed to improving support for scam victims and enhancing data sharing with police to better identify and stop fraudulent activity. This move comes amid growing concern over the widespread use of caller ID spoofing in Europe, which has enabled large-scale financial and social engineering crimes. Europol has highlighted that caller ID spoofing is a major enabler of cyber fraud, with global losses estimated at around EUR 850 million annually. Attackers exploit VoIP services and spoofing tools to impersonate trusted entities, making it difficult for law enforcement to trace perpetrators and increasing the urgency for robust anti-spoofing measures across national telecom networks.
4 months ago
SK Telecom Lawsuit to Overturn Record Fine for USIM Data Breach Disclosure Delays
**SK Telecom** filed a lawsuit with the **Seoul Administrative Court** seeking to revoke a record **135 billion won (US$91 million)** penalty imposed by South Korea’s **Personal Information Protection Commission (PIPC)** following a cyberattack and subsequent data leak affecting the carrier’s entire **23 million-user** base. Reporting indicates the fine was issued after SK Telecom **belatedly disclosed** a breach of its servers that exposed **universal subscriber identity module (USIM)** information, and the company moved to challenge the decision just ahead of the deadline to seek revocation. The PIPC penalty is described as the **largest ever** issued by the regulator since its establishment, exceeding the combined fines levied against **Meta** and **Google** in 2022. In response to the incident and regulatory scrutiny, SK Telecom offered **free USIM replacements** to users and is expected to argue that its post-incident security spending and reforms, along with the absence of reported direct subscriber financial losses, warrant reconsideration and that the fine is disproportionate compared with prior enforcement actions.
1 months ago