There’s so much stolen data in the world, South Korea will require face scans to buy a SIM
Summary
South Korea’s Ministry of Science and ICT has announced a new requirement for mobile carriers to verify the identity of new customers using facial recognition scans. The measure aims to curb scams, particularly voice‑phishing, by making it harder to register phone accounts using stolen personal data. Carriers will use biometric information stored in their existing PASS digital‑credentials apps to confirm identity at point of sale.
The policy follows a year of major data breaches in South Korea — including a 30‑million record leak at e‑tailer Coupang and a massive SK Telecom breach affecting 23 million customers — and heavy penalties and compensation orders against the telco. Authorities hope the added biometric step will reduce fraud enabled by the widespread availability of stolen data.
Key Points
- New national rule requires facial recognition verification to buy a SIM in South Korea.
- Verification will use biometric data stored in carriers’ PASS apps to confirm customer identity.
- The move is driven by surging scams that rely on accounts registered with stolen PII (voice phishing highlighted).
- Recent large breaches — Coupang (30M+ records) and SK Telecom (23M customers) — exposed vast amounts of personal data.
- SK Telecom was fined and ordered to compensate customers; the Consumer Dispute Mediation Commission ordered about ₩100,000 per affected user (approx $67), costing the carrier around $1.55bn.
- Mobile Virtual Network Operators (MVNOs) were responsible for a large share of counterfeit phones detected in 2024 (92%), highlighting gaps across the market.
Context and Relevance
South Korea’s decision is a direct reaction to multiple, large‑scale data breaches and a spike in fraud that exploits leaked personal information. Requiring facial verification for new mobile accounts represents a stronger identity‑checking layer designed to disrupt fraudsters who rely on bulk stolen data to create accounts anonymously.
This policy sits within a broader global trend where governments and providers adopt biometric checks for high‑risk transactions. It raises questions about privacy, biometric data security, centralised storage vs on‑device templates, and potential exclusion issues for people uncomfortable with or unable to use facial recognition. For telecoms, regulators and security teams, it’s a significant step that may force technology, legal and operational changes across the industry.
Why should I read this?
Because if you think data breaches are just annoying headlines — think again. They’re reshaping how governments and telcos verify people. This story tells you why buying a SIM might soon mean scanning your face, who got burned (big time), and what that could mean for fraud, privacy and the telecoms industry. Short, sharp and useful — we’ve done the digging so you don’t have to.