In November 2017, Commsrisk ran an article about a new biometric system introduced by MTN South Africa to reduce fraud and protect customers. We were of the view that the move would be:
…a good example for African telcos who are active in mobile money – they need to start thinking about the potential of using such solutions to secure their mobile money platforms with regard to frauds that are perpetrated at mobile money agent points.
It seems Kenyan mobile operator Safaricom is following suit and whereas we cannot take credit for this, it is nevertheless a move worth noting. The operator has launched a voice biometrics system that will enable customers to access services through “a quicker and less intrusive vetting process”.
This is a step in the right direction. The types of challenge questions issued as part of verification of customer identity on customer care lines in Africa can be laughable to say the least.
- How long have you had this SIM Card?
- What is your ID number?
- Tell me, Mr. Client, which 3 numbers did you dial last?
- How much was your last prepaid recharge?
These questions all sound good until you consider that in cases where internal telco staff are involved (and these cases are not few), this information has already been harvested and the fraudster who is impersonating the customer has a damn good cheat sheet. There really is no sure way to determine that the caller is who he says he is, using the above questions. This leads to the risk of insiders engaging in fraud, as was highlighted by Safaricom’s last annual report, which stated the telco had fired 52 staff caught engaging in fraudulent activity. According to Safaricom, their new biometric system will help to address this challenge:
[The system] allows customers to use their voices for authentication before accessing assisted services such as resetting M-PESA PIN, and PUK requests, significantly cutting down the steps a customer goes through before they are assisted. The use of a unique voiceprint for enrolled customers will further reduce fraud and identity theft.
Security is of course important and the company says that certain measures will be in place:
…a pre-recorded registration process will be done. The encryption process will ensure no reverse engineering can be used to hack into the system and pose as another person. Voice recordings are not stored.
The implementation does not appear complex. To activate the service, the customer’s voice pattern is captured and used to create a unique “voiceprint” (similar in concept to a fingerprint). This is then stored as a secure string of numbers and characters against which a caller will be authenticated in subsequent interactions.
Beyond protecting customers, Safaricom’s Director of Strategy, Joseph Ogutu, expects the biometrics system to also result in efficiency in customer service processes:
Our contact centre agents spend a greater portion of their call time verifying customers over phone. The introduction of this service will ensure that customers get faster and more accurate services. We anticipate that the number of fraud incidents shall also reduce as a result.
If implemented and managed well, this is a pretty neat way to kill two birds with one stone i.e. manage risks such as identity theft, thereby preventing fraud… and delight customers by reducing the time taken to address their issues through the use of secure self-care systems.