20.5k unique visitors in the last 3 days

The 6-Year Anniversary of the First Kenyan SIM Swap API

Mozambique's telcos implemented SIM swap APIs even earlier, but the comms industry is not good at praising, remembering and copying anti-fraud innovations for their own sake.

Kenyan telco Safaricom announced the launch of its SIM swap API exactly 6 years ago to the day (see here and here). The use of a simple API changed the landscape for fraud prevention in Kenya by giving banks an easy way of determining if there was a risk that a customer’s phone account had recently been hijacked.

I wanted to mark the anniversary because this year has seen a lot of back-slapping and self-congratulation about the use of APIs to reduce fraud. It seems like every other week there is news about a telco making the ‘innovative’ decision to protect the public from harm by implementing an API so other organizations can guard against validating customers or transactions using a phone number that was the target of a SIM swap fraud. There is nothing wrong with Aduna or the GSMA encouraging the adoption of SIM swap APIs. My purpose is to question why it has taken the industry so long to normalize the use of such a cheap and simple way of protecting the public from harm. Instead of praising ourselves, we should be asking why our ‘fast moving’ businesses have been so slow to copy simple improvements that greatly reduce crime.

Mozambique’s telcos have had SIM swap APIs for even longer. Their SIM swap APIs date back to some time around the middle of 2018. It is regrettable that I am unable to determine the precise date for when their APIs came into service, or else I would prefer to celebrate that anniversary instead. It is my assumption that Mozambiquians were the real innovators who first put the idea of a SIM swap API into practice. Everyone else has been following their example, usually without knowing whose example they followed.

The lack of records surrounding the date when Mozambique introduced SIM swap APIs tells us something about the way information flows in the comms sector. There is no shortage of press releases when somebody expects to make money. A lot less is said when telcos do something good but the route to monetization is not as clear. Perhaps the real reason why telcos have taken so long to provide anti-fraud APIs is because they are used to reduce the frauds that other people suffer. Our industry lacks a sense of its responsibility to the public.

SIM swap and number verification are the two most popular APIs offered through the grand coalition of interests spearheaded by CAMARA and the Open Gateway initiative. Excuse my cynicism about how long it took some Western banks to express an interest in obtaining the kind of data supplied by these APIs. I assume the real reason money is now poured into the standardization of APIs is because of the expectation that other kinds of APIs, which have more obviously commercial uses, will generate income that offsets the decline of telcos’ historic revenue streams.

The sudden excitement around fraud prevention is intimately connected to the fact that other network APIs have generated far less interest. The rising economic value of the anti-fraud APIs is associated with a tidal wave of criminal activity. In that sense, they represent a private sector bonus paid because of society’s general failure to catch and prosecute criminals. Banks and payment providers want to reduce their liability for the frauds that target their customers, and pressure from politicians increases the urgency to act, but telcos are ultimately hoping the current desire for anti-fraud APIs will later be converted into revenues from other network APIs that have yet to generate any enthusiasm.

Other African countries also deserve recognition for implementing SIM swap APIs well ahead of the rest of the world. It is beyond my limited capabilities to provide an exact timeline, but it is painfully evident that our industry only tends to celebrate success when some specific businesses profit from it, and not when society at large is better off. We also tend to celebrate success when it is associated with a rich, white, Western country — ideally one where investors have spent money on the ‘next big thing’ — but not when the credit belongs with some unnamed black African professional who was just doing his or her job.

We should all be pleased that anti-fraud APIs are now being used much more widely than ever before. However, we should also ponder if other innovations that would greatly reduce fraud are also being delayed because not all leaders receive the rewards or publicity that their breakthroughs deserve.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email