Kenyan telco Safaricom announced the launch of its SIM swap API exactly 6 years ago to the day (see here and here). The use of a simple API changed the landscape for fraud prevention in Kenya by giving banks an easy way of determining if there was a risk that a customer’s phone account had recently been hijacked.
I wanted to mark the anniversary because this year has seen a lot of back-slapping and self-congratulation about the use of APIs to reduce fraud. It seems like every other week there is news about a telco making the ‘innovative’ decision to protect the public from harm by implementing an API so other organizations can guard against validating customers or transactions using a phone number that was the target of a SIM swap fraud. There is nothing wrong with Aduna or the GSMA encouraging the adoption of SIM swap APIs. My purpose is to question why it has taken the industry so long to normalize the use of such a cheap and simple way of protecting the public from harm. Instead of praising ourselves, we should be asking why our ‘fast moving’ businesses have been so slow to copy simple improvements that greatly reduce crime.
Mozambique’s telcos have had SIM swap APIs for even longer. Their SIM swap APIs date back to some time around the middle of 2018. It is regrettable that I am unable to determine the precise date for when their APIs came into service, or else I would prefer to celebrate that anniversary instead. It is my assumption that Mozambiquians were the real innovators who first put the idea of a SIM swap API into practice. Everyone else has been following their example, usually without knowing whose example they followed.
The lack of records surrounding the date when Mozambique introduced SIM swap APIs tells us something about the way information flows in the comms sector. There is no shortage of press releases when somebody expects to make money. A lot less is said when telcos do something good but the route to monetization is not as clear. Perhaps the real reason why telcos have taken so long to provide anti-fraud APIs is because they are used to reduce the frauds that other people suffer. Our industry lacks a sense of its responsibility to the public.
SIM swap and number verification are the two most popular APIs offered through the grand coalition of interests spearheaded by CAMARA and the Open Gateway initiative. Excuse my cynicism about how long it took some Western banks to express an interest in obtaining the kind of data supplied by these APIs. I assume the real reason money is now poured into the standardization of APIs is because of the expectation that other kinds of APIs, which have more obviously commercial uses, will generate income that offsets the decline of telcos’ historic revenue streams.
The sudden excitement around fraud prevention is intimately connected to the fact that other network APIs have generated far less interest. The rising economic value of the anti-fraud APIs is associated with a tidal wave of criminal activity. In that sense, they represent a private sector bonus paid because of society’s general failure to catch and prosecute criminals. Banks and payment providers want to reduce their liability for the frauds that target their customers, and pressure from politicians increases the urgency to act, but telcos are ultimately hoping the current desire for anti-fraud APIs will later be converted into revenues from other network APIs that have yet to generate any enthusiasm.
Other African countries also deserve recognition for implementing SIM swap APIs well ahead of the rest of the world. It is beyond my limited capabilities to provide an exact timeline, but it is painfully evident that our industry only tends to celebrate success when some specific businesses profit from it, and not when society at large is better off. We also tend to celebrate success when it is associated with a rich, white, Western country — ideally one where investors have spent money on the ‘next big thing’ — but not when the credit belongs with some unnamed black African professional who was just doing his or her job.
We should all be pleased that anti-fraud APIs are now being used much more widely than ever before. However, we should also ponder if other innovations that would greatly reduce fraud are also being delayed because not all leaders receive the rewards or publicity that their breakthroughs deserve.



