20.5k unique visitors in the last 3 days

Safaricom API Warns Banks about SIM Swaps

Banks and other businesses can safeguard against account takeover fraud by checking if a customer's SIM has recently been replaced.

Kenyan telco Safaricom, who pioneered mobile money with their M-PESA service, are helping banks and other financial institutions combat fraud by providing an API that tells them if a customer’s SIM has recently been changed. This will make it more difficult for fraudsters to steal from customers by taking control of their phone accounts. Boniface Gitonga Mungania, Head of M-PESA Product Management, explained further on LinkedIn:

…as more and more people have moved to digital banking, we have similarly seen criminals also shifting to become more digital. If you want to know what will be the next big technology, just look at where crime is going. Criminals are very agile and quite fast at picking up new trends and acquiring the necessary skills to thrive there…

…We are now providing our partners with a tool that among other things, tells them if a SIM has been recently swapped. The tool will also provide additional anti-fraud intelligence to players in the digital lending sector.

Boniface claimed the system had already reduced attempted fraud “by more than 75 percent”.

Capital Business reported that Nicholas Mulila, Safaricom’s Chief Corporate Security Officer, had encouraged banks to take advantage of the API:

Should the financial institutions adopt the new mechanism, then the country will experience a surge in the use of mobile and internet banking.

However, Mulila also emphasized that the greatest threat comes from within.

The biggest leakage we have is internal and that is why organizations are continuously dealing with fraud cases.

Providing other institutions with the ability to check if a customer’s account has recently been updated will help them to manage risk. With so many banks and other businesses continuing to rely on SMS text messages for their second factor of authentication, other telcos should follow Safaricom’s lead.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email