Security specialist Kaspersky Lab said the law that requires South Africans to hand over personal details to telecommunications operators could compromise their security.
The Regulation of Interception of Communications and Provision of Communication-Related Information Act (Rica) was first implemented last year, requiring people to provide proof of ID and residential address to telecoms companies.
The act is meant to fight crime. However, it has been heavily criticised by analysts, who say it is unlikely to have much effect on crime.
Now Kaspersky warns that if data collection is not handled correctly, it could open doors to all kinds of new types of abuse.
Kaspersky director of global research and analysis Costin Raiu said as a result of the registration process operators will be in possession of a huge database of personal information. If this data is not protected properly it could be sold on the black market.
Secure customer databases
“Sadly, there are documented cases where employees of phone companies have abused their access to steal such confidential data which can be later sold,” he said.
Once sold, this information can be used to trick South Africans into providing other personal details, such as banking login particulars.
Raiu said operators must make a big investment in securing their customer databases, ensuring all access to those systems is properly tracked.
“Unfortunately, mobile subscribers do not have many options — proving their personal information is a legal requirement.”
He says South Africans must be particularly vigilant about scams.
“Contact your operator directly and keep an eye on phishing attacks designed around Rica. Be wary of e-mail from unknown persons and, when in doubt, always consult your operator first,” says Raiu. — TechCentral