Mobile Money Fraud Advice Issued by GSMA

The GSM Association has published a new paper which promises to look at “fraud typologies that significantly impact mobile money users” and shares some advice about controls that some telcos have implemented. The paper is entitled “Mitigating common fraud risks: Best practices for the mobile money industry” and has been made freely available to anyone.

Telcos with limited experience of mobile money may benefit from reading the paper, but I doubt any of the leading mobile money providers will learn anything new. The paper claims to offer ‘best practices’ but is very thin; its 16 pages have been padded with large glossy photos, leaving only five pages that present actual advice.

The main three pages of the paper are dedicated to three methods commonly used by fraudsters: identity theft, SMS scams, and SIM swaps. The author makes sensible observations and recommendations about risk mitigation. However, these fraud techniques are not unique to mobile money, even if mobile money creates new stores of value that attract criminals. As a consequence, relatively few of the recommended controls are specific to providers of mobile money, and I would be troubled if telcos only consider them within the context of mobile money. For example, telcos already have good reason to ask customers for ID if they request a change of SIM, and to train their staff not to share personal information relating to customers.

The paper looks more like a briefing for journalists than a guide for risk managers; it is interesting to read that some countries are better at fighting mobile money fraud than others, but that kind of information is not actionable. There is a reminder that the GSMA offers its own mobile money certification scheme, covering almost 300 criteria. However, the spare nature of the advice given free-of-charge is perhaps best illustrated by this paper describing itself as “the second in a series of GSMA publications on the risks of fraud within mobile money”; seven years have passed since the first paper in this ‘series’ was published.

You can download “Mitigating common fraud risks: Best practices for the mobile money industry” from here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.