Last month, MEF hosted a second workshop in South Africa focused on tackling messaging fraud in financial services. The session took place in partnership with the South African Banking Risk Information Centre (SABRIC) with representation from the South African MNOs and 15 local banks. 

The goal was to explore how the mobile ecosystem can enable better industry collaboration to combat consumer messaging fraud in banking and the half-day event took a deep-dive on the fraud attacks driven by a combination of social engineering and apparent weaknesses in business messaging processes or networks, namely SIM SWAP, SIMJACKER, and Smishing.

Below you’ll find a summary from some of the members who participated in the session.

It was great to see so many participants attend the workshop last month and enjoy a lively and open debate about the ongoing challenges when it comes to combatting A2P SMS fraud. Investments, efforts and progress continue to be made in South Africa to tackle the fraudsters, but the goalposts are forever moving in the ongoing fraud battle and sharing use cases to facilitate learning helps ensure as an industry we will win the war. 

During the workshop, it was fascinating to learn that fraudulent number porting and SIM SWAP is locally known as “Bank Fraud” by the network operators and “MNO Fraud” by the banks! 

And therein lies the challenge. Technology solutions alone are not enough to take on the fraudsters. Better understanding and orchestrated processes across the ecosystem will help ensure we’re all on the same side; talking together as well as talking the same language.

Talking from a perspective where South Africa is proudly my home, I can certainly state that we are no different from other world markets in facing the same challenges of A2P SMS Fraud.

Being part of the global mobile ecosystem, and as a MEF board director, I am duty bound to ensure we play an active role in addressing the need for bringing the stakeholders together and finding common ground to tackle the issue of fraud in order to sustain trust amongst our customers.

We need to protect the South African ecosystem.

South African banks have unfortunately lost fortunes as have the unsuspecting consumers who fall victim to the ever-evolving fraud types. And as the “banked” market grows, so the playground for  fraudsters grows with it and it is urgent that industries unite to combat these criminals.

The session was quite interactive and it was refreshing to see cross industry interest in issues related to telecoms fraud, spam, phishing etc. AdaptiveMobile Security has been at the forefront of threat intelligence and discovery, leveraging off our vast global deployments that protect over 2 billion subscribers globally andanalysing 10’s billions of events.

It will be interesting to apply that knowledge in Africa and South Africa utilizing the COMRIC platform to solve the challenges faced by banking and telecoms. We believe in collaboration and welcome such forums in the future and hope that they will enable multiple verticals to come together and address the issues affecting the end users.

The ultimate aim is to protect customers, improve corporate brand reputation and to ultimately enable subscriber trust in the networks and services they use.

In a situation where SMS-based fraud is still widespread and with evolving fraud methods, it remains important to apply any tool at the disposal of enterprises and mobile operators to mitigate and prevent fraud. One of the solutions are registered alphanumeric sender IDs for business SMS messaging. While this is nothing new, borderline legacy even, it still offers an effective indicator to mobile users whether the SMS received is legitimate or a potential scam.

It is quick and easy to deploy and is highly visible, all of which are important elements in fraud prevention. It requires a concerted effort by operators, messaging vendors and enterprises – banks most crucially, and combined with next-generation authentication services such a SIM-driven Mobile Identity, it strengthens the available arsenal of fraud prevention and mitigation tools.

Mobile Identity relies on operators’ subscriber data and has great potential to prevent SIM swap fraud and other types of scams but it’s a nascent service that currently requires a coordinated approach by operators, enterprises, regulators and vendors.

We’re seeing first-hand that this is a real need in the market and are looking forward to working with ecosystem players on bringing our iGate solution to the market.

It was good to see MNOs offering SIM aging or IMSI APIs to detect SIM swap fraud attempts, although it does feel there is still a lot to be addressed – facilitating the integration to these APIs, enriching them and tackling their costs. It was also very interesting to learn about initiatives such as TransUnion offering IMEI checks, to further prevent fraud. Maybe there is a role to play for an API aggregator to provide turnkey solutions to the Finance industry.

There seems to be many initiatives to tackle messaging fraud, from the telco industry, the MNOs individually or as part of the local mobile ecosystem (looking forward to learning more about COMRIC in SA), and of course the finance industry. MEF and its members can help ensure we don’t reinvent the wheel and facilitate sharing knowledge/know-hows globally.