Safaricom launches an anti-fraud API for the financial sector

Telecommunications service provider, Safaricom, has introduced an anti-fraud system dubbed International Mobile Subscriber Identity aimed to support financial institutions curb fraud incidents targeting customers.

Last year the company lost up to Sh1 million in a month through its customers who were fraud victims but the losses have declined by 75 percent.

Advertisement - Continue reading below

Safaricom Chief Corporate Security Officer, Nicholas Mulila, says this will help access to more information to their super agents before any transactions are conducted especially when a sim swap raises suspicions.

“We are now able to provide more information to our super agents, where they need to determine how much a customer can withdraw, and if they think it is a suspicious transaction, then they can actually stop it,” said Mulila, during the launch of International Mobile Subscriber Identity.

Other than authentication, the solution will also provide financial firms with capabilities to better design their lending propositions, enhance the registration and onboarding of new customers, and also in managing phone numbers linked to a customer’s accounts but which may no longer be in use. It works across the three channels including USSD, internet banking, and smartphone apps. Such banking channels have been on the rise in the country corresponding with increasing internet and smartphone usage.

Financial institutions will access the service through an API provided as part of the Daraja M-PESA APIs. Once a customer attempts to log in through any of the channels, the institution will then run the customer’s phone number through the service to check against such parameters such as if a customer’s number has been recently swapped. Institutions can then factor in the result of the check to complement internal fraud rules and to make a decision whether to allow the transaction or if to further authenticate the customer through other methods.

The development of the anti-fraud API was influenced extensively by the terror attack in Nairobi at the Dusit 2 complex in March, where banks and mobile money agents were blamed for allowing terror funds to go through them.

They system will also use the ‘know your customer’ checks to ensure that funds are transferred to- and from the right users.

Mulila said that they will formulate a framework where they can share user information with financial institutions, but within the law to ensure the institutions benefit from Safaricom’s customer data.

“We need to provide security and safety to market the product and services to our customers,” Sitoyo Lopokoiyit, Chief Financial Services Officer at Safaricom said. “This product enables financial institutions to check whether there is a SIM swap in our network. These things (SIM Swap) happen every day.”

The API will work on the GSM network but also on Safaricom’s app and internet banking for the financial institutions.

Lopokoiyit said that there has been a 75% decline in SIM swap in some organisations that have used the service.