Myriad Connect, a Paris-based technology firm that specializes in mobile security has announced its plan to launch out of band authentication and SIM swap detection service to combat fraud in mobile financial services.
The technology specialist, which has offered USSD gateways for some time says that it will deploy the service to financial service institutions, as well as telecom companies that operates mobile money services. The added security layer will help drive financial inclusion.
The deployment of the service will be centered on illegal SIM swaps, where fraudsters have been known to target virtual currency held in those communication chips.
“When a customer lets their operator know that their SIM card is damaged, lost or stolen, the current SIM is deactivated and a new one is issued. With SIM swap fraud criminal groups gather personal data and then pose as contract owners to secure a new SIM. Once activated by the fraudster, they are able to get access to bank accounts and other sensitive data authenticated through the SIM,” reads a quote in the firm’s product piece.
Myriad quotes that more than 70 percent of Kenyans have been victims of such activities that range from advanced cybercrime tricks to low-level phishing SMS and scam phone calls.
Asked about why the product is will be deployed in Kenya, Myriad’s Director of Business Development in Africa, Mr. Willie Kanyeki highlighted the importance of the local market as a leader in the fintech space across Africa. This has exposed some vulnerabilities that can be exploited by attackers, necessitating the offerings of Myriad Connect’s products.
“Financial service transaction fraud in Kenya is costing banks billions and customers their life savings,” says Fabien Delanaud, GM of Myriad Connect. “While financial service transaction fraud is a global issue; Kenya has been a leader in the adoption of mobile and digital payments, which unfortunately brings with it a growing risk of fraud.”
The authentication process, which is independent of the service being accessed (could be e-commerce) will work for both dumb and smart handhelds. As mentioned, it will use USSD to provide out of band channel authentication with all interactions submitted over the mobile network that is separate to the browser or an online platform being accessed by a user to initiate transactions. A pop-up service with security questions is then sent to a user’s phone (even when the user is using a computer to perform a transaction).
“In the UK, fraud prevention technologies have helped stop 67% of fraud attempts, and with our out of band authentication and SIM swap detection service, we hope to replicate this level of success in Kenya,” says Fabien Delanaud.
The firm, which operates in 14 African markets, is in talks with multiple financial service companies to onboard the product on their services.
Asked about why the product is will be deployed in Kenya?
This is simple. Safaricom should have a feature in place that when a sim swap is done, MPESA remains suspended for at least 24hrs. If you want it active within the 24hr period, people should be made to visit Safaricom physically. Also, a dedicated Mpesa reactivation desk should be put in place to handle such issues. They now have many outlets around that can help that.