Sub-Saharan Africa has shown significant growth in financial inclusion over the past decade. Much of this growth has been driven by mobile money account adoption, which is an increasingly common payment method in Sub-Saharan Africa.
Generally, Africa has been the global pioneer for mobile money services, which have brought about enormous economic benefits to millions of citizens across the continent. In Kenya alone, there are nearly 40 million money subscribers in the country. Like many places across the continent, for many Kenyans, particularly those in rural areas, mobile money platforms have become their primary means of not only sending and receiving money, but also serve as their primary means of savings.
However, with the growth of mobile money in the continent, the risk surface has also increased as fraudsters are targeting mobile money in Africa, given that it still has its gaps. Mobile money infrastructure in Africa is generally regarded as vulnerable with fewer layers of consumer protection when compared to the traditional banking sector. For instance, a mobile money fraudster needs only access to the mobile network in order to potentially appropriate funds from a victim. This can be achieved either via technical cunning, or through manipulation and deceit aimed at vulnerable individuals.
These threats to mobile money are well known and the challenges for African countries is to secure the great social benefits of mobile money without exposing citizens to unacceptable risks and profound threats.
Are these threats unique to Africa? Well, Gavin Stewart, Vice President for Sales at telecoms software provider Oculeus, explained that the threats are common to all regions where digital money is the norm, but the infrastructure around it in Africa puts the continent at a bigger risk for mobile money fraud.
βIn western nations, digital money transactions tend to wrap around the traditional banking sector and its existing consumer protections. In Africa, this is not always the case – since 2012 the share of the African population with access to banking services grew from 23% to 48% and for many citizens, mobile banking is the only form of bank they have known. Traditional regulation and consumer protection obligations are not always in place to protect the victims,β he said.
In Africa, according to the Stewart, there is also a structural challenge regarding the correct regulatory authority that should oversee mobile money β potentially involving both telecoms and finance regulatory bodies, and aspects like money laundering regulation.
The Telecommunications Factor
Mobile banking is fully reliant on a subscriber account with access to a mobile network. Similar to telecoms fraud, the mobile network is the entire attack surface on which fraudsters operate. Mobile money fraud is relatable to telecoms fraud, but complicated by the fact that the damage it ultimately may cause is a consequence the telecoms operator cannot fully control by itself.
Mobile money fraud is a scenario that exploits the process gaps between telecoms networks and services and the underlying banking infrastructure. However, from a userβs perspective, they will always tend to believe that everything that happens on their mobile device is the direct responsibility of the mobile network operator, which places operators in the forefront of meeting expectation.
The Potential for AI
Stewart sees AI as an asset that can be utilized to reduce mobile money fraud because the fraudsters utilize it as well.
βAI is already being used by fraudsters to enhance their ability to deceive and manipulate individuals. Social engineering attacks by fraudsters typically have been used to persuade the victim that theyβre talking to an official from the Government, the tax office or a delivery firm,β Stewart added. βOur anti-fraud solutions employ AI technologies to better identify the subtle indicators that something is happening that is unusual, unexpected or unnatural, and to respond with controls in real-time. AI essentially helps us to find ever more subtle indicators, from ever larger data sets, and with faster results. Our solutions also comply with current zero-trust best practice for fighting Scamcalls and CLI Spoofing, recently agreed-upon by national regulators in the EU and beyond (ECC 23(03)), and implemented with significant results,β he noted.