BTRC approves experimental facial verification trial
Bangladesh Telecommunication Regulatory Commission (BTRC) has approved a proposal from mobile operators to test a new system that would allow citizens to register SIM cards using real-time facial “liveness” verification.
This process aims to prevent fraud, such as registration using photos, screens, videos, masks, or deepfakes, and would enable customers to activate mobile connections remotely through a smartphone.
For all latest news, follow The Daily Star's Google News channel. Association of Mobile Telecom Operators of Bangladesh (AMTOB) submitted the proposal to BTRC, with technical support from a licensed certifying authority, Relief Validation Limited (RVL).
After reviewing the submission, the BTRC approved a six-month proof of concept to test SIM registration following this method.
For now, the trial will be held exclusively on an experimental basis, with no commercial use. Moreover, the facial data acquired during the process must be deleted after the trial.
Under the proposal, RVL will provide the technology and verification infrastructure for facial liveness checks and digital identity authentication.
“We have approved a proof of concept because technology has evolved, and we want to see whether the process can be made easier for customers,” Md Emdad ul Bari, chairman of BTRC, told The Daily Star.
“At present, biometric verification is mandatory for SIM registration. This means customers must visit a customer care centre for services such as new SIM registration, SIM replacement, or ownership transfer,” he added.
“If the proof of concept shows that the system can ensure proper verification without security risks, we may consider allowing it to be fully implemented.”
HOW THE SYSTEM WORKS
“Facial recognition-based SIM registration is an early-stage alternative biometric method, like fingerprint scanning. Several certified authorities have expressed interest, and the proof of concept will begin soon,” said Mohammad Zulfikar, secretary general of AMTOB.
According to the proposal, customers would start SIM registration through a mobile operator’s app.
The system would capture images of the front and back of the user’s National Identity (NID) card and use optical character recognition to extract key details such as the NID number, name, and date of birth.
Using the NID number, RVL would retrieve the citizen’s official photograph from the Election Commission database.
The user would then take a live selfie or record a short video. The system would compare it with the NID photo using facial recognition and liveness detection to confirm that the person is physically present. If the match fails, the process stops.
For liveness detection, users will be asked to perform simple actions -- like blinking or turning their head -- to confirm authenticity.
Once the verification is successful, RVL would generate a digitally signed report and would send it to the BTRC’s Central Biometric Verification Monitoring Platform (CBVMP) and the operator.
After confirming RVL’s signature and the customer’s identity, the operator would link the mobile number and resubmit it to CBVMP for final approval. The system could also allow remote eSIM activation.
RVL informed regulators that it is legally authorised under the ICT Act and CCA rules to collect and store customer data, including NID number, name, date of birth, address, mobile number, and email address.
To protect this information, RVL uses strong encryption, hardware security modules, distributed denial-of-service protection, malware defence, and web application firewalls. Its AI system can also detect spoofing attempts and accurately match older NID photos.
CONDITIONAL APPROVAL BY BTRC
The BTRC has set several conditions for the trial. It will apply only to new SIM registrations, remain strictly experimental with no commercial use, and run alongside existing biometric verification.
Operators must get customers’ consent before collecting biometric data and ensure protections.
All data handling must follow international security standards. Facial data cannot be stored beyond the approved framework and must be deleted after the trial.
BTRC will closely monitor the process.
“By law, mobile operators cannot store biometric data, and they also do not store any fingerprint data under the current SIM registration process,” Zulfikar said.
Comments