Financial Services fight back: Preventing criminals from exploiting fraud controls in Cote d’Ivoire
Mobile presents a unique solution to a wide number of inherent challenges created by a growth in digital finance across Africa. While mobile technology has enabled the delivery of financial services across the continent, it is also increasingly being used to secure these services. Users’ mobile numbers are being used as a critical component of a users’ digital identity and are consequently being used to verify a user or authenticate a transaction.
Unfortunately, even as these measures are put in place to protect users, criminals are finding ways to exploit controls and defraud users. Working with key banking partners in Cote d’Ivoire, for instance, Myriad has found that fraudsters are manipulating security measures put in place by the bank to protect against cheque fraud. When bank employees process large transaction-value cheque payments, as a matter of procedure, the bank will call the customer to verify the details for payment before completing the transaction.
These security measures initially helped curb much of cheque fraud for banks, until fraudsters found a way around the process by taking control of a user’s mobile number. Criminals obtain a replacement SIM for a mobile number that does not belong to them, giving them access to the legitimate user’s information and accounts. So, when the security call from the bank is made, the fraudster accepts the call and is able to verify the cheque payment and the transaction is completed.
We see the same issues for measures put in place by banks and other digital service providers to protect digital transactions. Financial service providers like banks, social media platforms, email service providers and providers of any digital service have put in place measures to increase security beyond username and password, with the introduction of two-factor authentication (2FA). 2FA is most often delivered in the form of one-time-password (OTP) over SMS. Long considered a vulnerable channel for authenticating financial services transactions, OTP via SMS is vulnerable to man-in-the-middle attacks, offers no audit trail, and opens a door to large scale fraud through a single point of failure.
This vulnerability, in the 2FA method used to protect users and security processes like calling customers to verify account activity, has given rise to what is known in the industry as SIM swap fraud. SIM swap fraud has become prevalent across Africa in recent years, a trend which is echoed internationally, where fraudsters are finding new ways to profit from this particular mode of fraud.
Myriad Connect’s SIM swap detection service provides an additional level of security to protect against this vulnerability. Myriad’s service offers an entirely independent, third party service, which cannot be tampered with by compromised individuals involved in the financial or digital service delivery chain. The service provides a real time check on the SIM, while no persistent data is held with any third party. Myriad provides a more secure service than current two factor authentication services like OTP over SMS and significantly enhances the security of transactions susceptible to fraud.
With our mobile numbers forming such an important component of a user’s digital identity, it is little wonder that fraudsters have found ways to take control of them. Fraud presents one of the greatest challenges to the growth and transformation of digital economies. As financial services continue to move online, access and inclusion is improving, but fraud is inevitably rising as criminals exploit weaknesses in systems, people and technology. Myriad Connect partners with banks and financial service providers to understand better how fraud is committed and help secure financial service institutions against perpetrators.