Safaricom has moved to tackle fraud in the latest updates to the MPESA product and ecosystem. With the new update, if anyone tries to register a new SIM card with your ID number, you will receive an SMS from Safaricom using the ID 707. You will then choose Yes to authorise the registration or NO to cancel it.
This extra verification process dubbed #Tuwaanike, much like the 2 Factor Authentication, that we use often when logging into our emails ensures that we minimise the risk of fraud by adding an extra layer that must be consented to.
Cyber security is one of the latest growing challenges that faces most financial institutions like banks and mobile wallets. Digital identity theft and sim swap is one of the most prevalent forms of cybersecurity among mobile wallets like MPESA.
SIM card swap. How it occurs
SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data.
This is often done using the information you publicly share on social networks. The fraudsters trick the call center employees into switching the SIM card linked to your phone number and replace it with the fraudsters SIM card.
Once your phone number is assigned to a new card, all of your incoming calls and text messages will be routed to whatever phone the new SIM card is in.
Cybersecurity firm, Kaspersky, advises that one of the ways telecom firms can prevent global SIM card swap is by implementing biometrics, or adding the automated SMS authentication layer.
However, the new product is facing a challenge in court where one Kenyan has filed a case stating that the idea might infringe on their patent.
In a recent Okoa Jahazi landmark ruling though, Safaricom was cleared of any wrong doing regarding their Okoa Jahazi product from a similar case where they were accused of ‘stealing’ the idea.
The Court noted that at the time the Plaintiff sent his proposal, Okoa Jahazi product was up and running and the same belonged to Safaricom and therefore the Plaintiff could not lay a claim as the originator. The Court found that for Plaintiff to qualify as the originator he needed to have showed great exercise of skill in creation of the product which he did not. Accordingly, the Court held that what the Plaintiff sought to do was to supplement the product and such proposals were not original taken against the requirements under the Copyright Act.Okoa Jahazi Court Ruling
Tackling Fraud Key for MPESA Growth
MPESA now contributes 33.6% of the total revenue for Safaricom and it is therefore paramount that the product has the highest form of security to minimize any fraud. Tackling fraud is also important even as Safaricom looks to grow MPESA beyond Kenya to other markets across the African continent.
In the last few years, we have seen the introduction of more and more robust security features like the voice biometrics, dubbed Jitambulishe.
#Tuwaanike is thereby a welcome first step in tackling the giant problem of Sim Swaps in the country. Perhaps the only questions about the product are in regards to what happens when your phone is off or you don’t have network coverage when the prompt to allow registration is sent.