Table of Contents
South Korea’s Big Three—SK Telecom, Korea Telecom, and LG UPlus—in coordination with its regulator, will require face ID verification for every new phone number. At its simplest: If a Korean subscriber wants a new number, they must 1) download an app, and 2) complete a liveness check to activate the line.
What if Verizon, AT&T, and T-Mobile did this in the US? Would it quash some of the fraud we keep seeing?
I think so.
Authenticating Calls, Not People
The US has spent years hardening the network after abuse occurs. STIR/SHAKEN authenticates calls, but not people. Spam labeling flags traffic, but only once patterns emerge. Enforcement focuses on misuse, not identity. All of that helps. None of it addresses the root cause.
Business messaging KYC protocols for short codes, 10DLC, toll-free, or BCID bring discipline on the sender side, but they’re only part of the solution. What about the subscriber at the other end of the conversation? What if they became part of the trust model too?
The Frictionless Activation
We are a world obsessed with one-click everything. Adding a facial check is undeniably “friction.” But unless you are physically standing in a carrier store, there is currently no way to know if you are who you claim to be or a script 5,000 miles away using dark-web data to masquerade as you.
In this AI-saturated world, friction is the product. An enforceable liveness check functions as a presence check. It wouldn’t matter if a cybercriminal figured out your child’s birthday and used it as an account PIN to swap your SIM. If they can’t produce your living face in real-time, the attack dies at the edge.
The Heavy Lift
The lift for US carriers would be significant. They would need to transition from being simple “connectivity providers” to “identity anchors.” Every carrier would need to integrate a liveness and matching check against a verified source of truth.
But it’s solvable. The tech isn’t the problem. Every major US carrier already has a mobile app capable of biometric APIs. We aren’t asking for new hardware; we’re asking for a new trust model.
Why We Can’t Wait
South Korea didn’t do this entirely voluntarily. In April 2025, SK Telecom suffered a breach of its HSS (Home Subscriber Server), leaking the “digital DNA” of 27 million users. The hackers got USIM authentication keys, and SK Telecom had to issue new SIM cards to all its subscribers.
This rollout comes on the heels of a $100 million fine imposed on SK Telecom. The US shouldn’t wait for its own HSS leak to realize that a phone number requires equivalent protection.
Finally
The fraud economy thrives on disposable numbers, synthetic identities, and weak binding between a person, a device, and a number. Criminals exploit these gaps because they scale cheaply and quietly.
Telephone scams are now a national economic threat. Trust can no longer be bolted on at the application layer alone. It has to be anchored earlier, closer to the plumbing. A liveness check isn’t a silver bullet—but in a world of AI-armed cybercriminals, it’s a must-have.
Disclosure: I work at ID.me, but these thoughts are my own.