GSMA, SA operators partner on API services to fight mobile fraud

Telecom operators in South Africa are implementing new number verification and SIM swap application program interfaces (APIs) as part of the GSMA's Open Gateway initiative.

The announcement comes as the GSMA's Mobile World Congress (MWC) 2024 kicks off in Barcelona, Spain, today.

SA operators Cell C, MTN and Telkom are implementing the two universal network APIs to help combat fraud and digital identity theft in sectors including banking, finance, insurance and retail. They will be available to all mobile commerce and financial institutions and developers to create new services to combat digital fraud and protect South Africa's millions of mobile subscribers.

South Africa saw a 24% surge in reported incidents of digital banking fraud in 2022, according to a report published last year by the South African Banking Risk Information Centre (SABRIC).

The rise, which resulted in cyber criminals stealing over R740 million (US$38 million) from unsuspecting victims, was primarily attributed to the growing number of fraud cases related to banking applications and online banking.

Given the surge in digital banking fraud in South Africa, standardizing APIs by mobile network operators (MNOs) "presents a promising avenue for mitigating such threats," the GSMA said.

MNOs can enhance security measures within banking applications and online banking platforms and will be able to implement robust fraud detection and prevention mechanisms, bolstering overall resilience of digital banking systems against cyber threats.

South Africa saw a 24% surge in reported incidents of digital banking fraud in 2022, according to a report from SABRIC. (Source: wayhomestudio on Freepik)

The GSMA believes the standardization of APIs allows developers to implement two key things.

The first is number verification, which offers seamless verification of a user's mobile number by providing the next generation of strong authentication and user experience. It is a simple evolution path for any business that uses mobile numbers and SMS one-time passwords.

Instead of relying on SMS, number verification can be automatically activated to verify a user's identity. This not only enhances the user experience but also eliminates potential issues, such as users not receiving an SMS or facing difficulties due to limited familiarity with technology.

The second is SIM swap, which is used to check whether a given phone number has recently changed SIM cards. This helps to prevent account takeover attacks, in which fraudsters take control of the account owner's SIM card using social engineering techniques and stolen personal data.

For example, at the time of a financial transaction, a financial institution can check whether the relationship between the customer's phone number and SIM card has recently been changed, helping them to decide whether to approve the transaction or not.

"The initiative will benefit developers in South Africa and elsewhere in the world, helping businesses to accelerate the growth of digital services and applications," the GSMA said.

The GSMA Open Gateway initiative

The GSMA Open Gateway initiative is a framework of network APIs – developed in collaboration with mobile operators worldwide – designed to provide developers with universal access to operator networks.

Launched at MWC Barcelona last year, the GSMA believes the initiative represents a paradigm shift in the way the global telecom industry designs and brings to market new mobile applications and digital services. It fosters interoperability among operators, industry associations, developers and content creators, while adhering to all relevant technical standards, regulations and user privacy standards.

South Africa has now been added to the list of countries – including Norway, Brazil and New Zealand – already part of the initiative. Forty-two mobile operator groups worldwide are involved, representing 237 mobile networks and 65% of global connections.

"Banking fraud is a growing threat in South Africa, and mobile network operators are strategically placed to work with developers to help banks, financial institutions and commerce providers mitigate the risk and protect their customers," said Angela Wamola, GSMA's head of sub-Saharan Africa.

"The availability of the two APIs to South African operators will equip enterprises with additional means of verifying that their customers are who they say they are and protecting them against identity theft, all while maintaining the user experience – and the GSMA's Open Gateway provides developers with a single integration that works across operators," she added.

"Digital fraud is not only a threat to finances but an assault on trust in the digital economy. We are excited to partner with GSMA to eradicate the vulnerabilities that currently exist," said Lunga Siyo, CEO of Telkom consumer and small business.

Follow Connecting Africa on our new X account @connect__africa to get the latest telecoms and tech news across Africa.

Cell C CEO Jorge Mendes said the operator is aligned on creating a collaborative ecosystem to protect consumers and a joint effort is crucial for achieving this goal.

"MTN Chenosis is excited to offer the two APIs to mitigate fraud in the South African market. We are buoyed by the collaboration with other Mobile Network Operators to provide a standardized, consistent experience to developers who wish to consume the services," added Saad Syed, CEO of API marketplace Chenosis, which is part of the MTN Group.

*Top image source: freepik.

— The Staff, Connecting Africa