Latest Headlines
Effiong: Telcos Must Adopt Emerging Technologies to Prevent Identity Fraud
Senior Operator Partnerships Manager at Infobip West Africa, Martin Effiong, speaks on the rising rate of identity fraud and how online scammers take advantage of the growing amount of data and personal information available on digital platforms to defraud their victims. Emma Okonji presents the excerpts:
How will you describe the growing rate of identity fraud in cyberspace and its impact on economies?
Identity fraud has increased significantly in recent years, with scammers taking advantage of the growing amount of personal information available on digital platforms to obtain goods or services in their victim’s name.
According to Evina, a French cybersecurity firm with presence in more than 70 countries worldwide, including 15 African countries, a recent report titled State of Mobile Fraud in Africa, shows that professional cybercriminals ate targeting Africa’s one billion mobile phone users, which is a significant challenge.
The necessary data can be obtained in a variety of ways, ranging from breaches of customer databases to simply analysing social media profiles. SIM swapping is a particularly sophisticated method that has emerged, in which criminals trick their way into gaining access to the victim’s SIM card, allowing them to receive calls and SMS messages, leading to disastrous consequences such as account takeovers.
According to the United States Attorney’s office, eight Nigerians were indicted in October 2021 on several charges related to conspiracy to engage in internet scams, the most common of which was aggravated identity theft.
What is SIM swap fraud all about and what kind of security risk does it pose on consumers?
There are plenty of reasons why you would swap your SIM. Say you have lost your phone or bought a new one – but your old SIM card doesn’t fit. Or maybe your SIM card was damaged, or you found a better deal with a new operator. It’s a perfectly legitimate process, but one which sadly many fraudsters are looking to exploit. So, the abuse of a SIM replacement process for the benefit of individuals or perpetrators who are not the rightful SIM owners, and which usually happens without the knowing or participation of the rightful SIM owner is actually the SIM swap fraud. On why this is a serious security risk, to acquire access to a brand-new SIM card belonging to a legitimate owner, a SIM swap fraudster uses confidence techniques and internet stalking to mimic someone to an operator. They can intercept phone calls, SMS messages, social media accounts, and banking credentials using this method, giving them all the information, they need to develop a victim’s profile. Fraudsters can then use the profile to take over accounts, transfer money to themselves, and steal not only people’s life savings, but also their identity, in less than 20 minutes.
To what extent has this threat grown and evolved over the recent years?
According to data from the South African Banking Risk and Information Center (SABRIC), SIM swap-related fraud increased by 100 per cent in South Africa between 2018 and 2019. In Nigeria, we have some equally frightening statistics, with mobile channel fraud increasing by 330 per cent between 2019 and 2020. This report, published by the Nigeria Inter-Bank Settlement Scheme (NIBSS), demonstrates that it is a global phenomenon, but it is also very damaging to developing world economies due to their heavy reliance on the internet and mobile GSM generated or GSM enabled Internet services. So, yes, it has grown exponentially as internet and smartphone usage in the region has increased. In most instances, the first lines of defense are a username and password, but they should not be the only ones. Layering your security will help you protect your customers better and, if done correctly, will also improve their overall experience.
What steps should consumers take to protect themselves from SIM swap?
The steps outlined here are the standard global best practices for using electronic devices that connect to the internet. Starting with the most general steps and progressing to those tailored to mobile device users. When using the internet, it is recommended that you be cautious and build security awareness of what can happen. When you are on your device, the privacy of your room does not translate to any form of privacy on the internet. As a result, you must exercise extreme caution in what you do, how you do it, and what information, particularly private information, you post on the internet, particularly on publicly accessible sites or social media applications. It’s also a good idea to make sure the websites you are visiting are secure. In terms of SIM swap fraud, make sure your SIM cards have a PIN lock. As a result, whenever your phone is turned off and turned back on, it will request a SIM PIN, or whenever your SIM is removed and re-inserted into your phone, or a new SIM is inserted, it will request a SIM PIN. In this manner, a stolen phone device whose SIM is being Swapped will request a SIM PIN. Lastly, In the event of the receipt of unsolicited texts or emails about your SIM being ported or a PAC request, or if you unexpectedly lose phone service, contact your telco service support immediately. The same is true for contacting banks if a fraudster attempts to make an online or phone transfer. However, much of the onus should be placed on the verification services that operators have in place to protect their customers.
Can the establishment of global security standard for telecom services providers reduce the threat?
From my perspective, Telcos and enterprises are doing a lot but can still do more to sensitize their customers of the associated risk of mobile-enabled transactions from SIM swaps. They will also do well to implement technology to better protect their customers from these frauds. Setting a global verification standard to confirm a person’s mobile identity is critical in preventing SIM swap scams, in my opinion. The standard must be set by telecom operators (telcos), which have all the information required to verify any identity and, more importantly, in real time. For example, if a customer called a company with a question, the company could silently authenticate the person in the background using telco information, eliminating the need for the customer to answer a series of onerous security questions. Simultaneously, if any irregularities are discovered during the frictionless check, the suspicious activity is flagged, and a SIM swapping attempt may impeded. This is how the Mobile Identity authentication solution from Infobip works. It can confirm the mobile account activation date by checking for changes to the customer’s International Mobile Subscriber Identity (IMSI) number, or more simply, ‘telecom account data’. If there is no reason to be concerned, authentication will take place silently in the background, without interfering with the user’s experience. If the IMSI number has recently changed, this will be flagged as suspicious activity. The service provider will then contact the user and request for additional verification.
What other measures should telcos take to help protect consumers from identity fraud?
Due to the negative impact of SIM swap fraud on customer experience, it’s understandable that GSM service providers would have to strike a balance between offering very strict security measures on the SIM replacement process to protect their customers from SIM swap fraud and also improving their customer service experience.It is about associating security with a positive customer experience and trust. Many businesses are looking for ways to remove friction from customer interactions in order to provide the best possible experience. However, some critics believe that removing friction will reduce security and make customers less confident in their interactions with businesses. A smooth approach, however, should not jeopardize security. At least three real-time identification and authorization services should be included in a strong authentication layer. At Infobip, this includes silent mobile verification (SMV), account takeover protection (ATP), and SIM Swap. Furthermore, as part of the customer journey, these checks should take place behind the scenes. This is especially significant in light of the Central Bank of Nigeria’s (CBN) recent steps in granting licenses to two telecommunication companies to operate as Payment Service Banks (PSBs). This is after these businesses successfully completed a series of applications and requirements. This license allows the telcos to complement rather than compete with other banks.
One of the key provisions of the PSB license issued by the CBN is safety of funds to the consumers of the Payment Service Banks’ products. This is where leveraging technology for Know Your Customer (KYC) checks through a strong customer authentication framework comes to play in reducing fraud while increasing authorization rates. PSBs and Fintechs must implement security measures, consisting of at least two real-time identification and authentication services, when customers make an online purchase to meet KYC requirements. This enables businesses to verify the customer’s identity as well as the validity of the credit card being used to complete the transaction.
Tell us a little bit about what you do for Infobip?
Thank you for the opportunity to interact with you about such a crucial subject. I’m Martin Effiong, Senior Operator Partnerships Manager in Anglophone West Africa for Infobip. I manage robust engagements with the region’s mobile telecom operators in pursuit of collaborations that allow both of our entities to grow. In simple terms, we rely on operators for connectivity when they are suppliers to us, and we cater for their business communication needs when they are our customers.
Infobip is a global cloud communications platform that enables businesses to build connected customer experiences across all stages of the customer journey at scale, with easy and contextualised interactions over customers’ preferred channels. Accessed through a single platform, Infobip’s omnichannel engagement, identity, user authentication security and contact centre solutions, help clients and partners overcome the complexity of consumer communications, grow their business and increase loyalty–all in a fast, secure and reliable way.
With over a decade of industry experience, Infobip has expanded to over 68 offices on six continents offering natively built technology with the capacity to reach over seven billion mobile devices and ‘things’ in over 190 countries connected directly to over 600 telecom networks.