Digitalization in Africa, the Risks and Transformation Needed Jason Lane-Sellers Director, Marketing Planning EMEA, Fraud & Identity LexisNexis Risk Solutions
Jason Lane-Sellers is a highly experienced fraud and revenue assurance professional who has been working within Fraud & Risk in the telecommunications industry for over 25 years representing leading Operators globally. Jason is currently COO and member of the Board of Directors of the CFCA (Communications Fraud Control Association), he was also previously President of the CFCA, the vice-chair of Fraud Intelligence subgroup of the GSMA Fraud Forum, and one of the team leaders of the Forum’s Fraud Management Group. Jason’s expertise encompasses fraud and risk prevention strategy, operational effectiveness, fraud prevention technology and solutions, and risk prevention best practice. AFRICA HAS often walked its own path in finding ways to service the diverse needs of the continent, whether that is with technology solutions that were built on legacy platforms or new, innovative solutions to go to market. Successful companies that operate across Africa have had to be agile and flexible in developing solutions and being creative in the application of these services, in a difficult environment due to the diverse nature of the region. Digital transformation is accelerating across Sub-Saharan Africa, underpinned by increasing access to broadband connectivity. Governments, public institutions, the private sector and development organizations are increasingly using digital platforms to improve lives and fuel economic growth across the continent. The COVID pandemic has accelerated this digital transformation considerably, with better services such as mobile broadband and improved data packages whilst access to hardware has been helped by the introduction of options such as smartphone financing and other such programs. Digital services via web, mobile web and apps are an ever-greater proportion of consumer transactions. In an environment where people are comfortable managing their daily financial and transactional interactions via the 2G phone networks (USSD) the move to fully digital app or mobile web has the potential to simplify the user experience and provide enhanced capabilities such as extensive ecommerce, advanced financial services, gaming and next generation media consumption as the technology platforms which utilize these services become more widely adopted. However, this change increases risk and financial exposure for the companies providing these services as new platforms provide new ways for cybercriminals to attack. Africa has major challenges that it needs to overcome in order to appropriately manage and prevent emergent fraud risks. The Challenges Firstly, identity verification is still a challenge across a portion of the continent; in some countries up to 45% of the population does not have any formal
18
Gaming For Africa
identity verification. It is common in Africa for a phone number to become a unique identifier for a customer that wants to transact online or send money. This in turn creates three main challenges that can cause fraud risk exposure and loss in an organization. If identity fraud is a challenge due to the lack of valid formal identification capability, then how do you really validate an individual in a digital-only transaction. Can you rely on the phone number or device being utilized, how do you verify who is using the phone or are multiple devices being used by an individual attacker compromising your service? In the recent LexisNexis Risk Solutions cybercrime report the global average attack rate for online new account opening was over 10% across the globe, in high-risk markets the percentage is even higher, demonstrating the level of online attacks organizations can expect to receive in digital channels and a higher attack rate than traditional physical interactions. The second is account takeover fraud, this is a popular cyber-attack tactic in the African marketplace, particularly in the financial and telecoms markets. A fraudster seeks to gain control of a user’s account in order to manipulate a service or gain benefit from the utilization. SIM swap fraud is one of the most prevalent forms of account takeover. If a fraudster can manipulate a telecom company to allow them to initiate a sim swap on a phone account, this means the fraudster can use this account for their own purposes such as the manipulation of mobile money services including payments and money transfers. The key to preventing account takeover is establishing a trusted relationship with customers and having a way to identify that the authenticity of the individual attempting to perform a transaction. Firms should be aware that relying solely on methods such as SMS/OTP or password protection is no guarantee of online ID integrity. The third challenge to preventing cybercrime is a lack of awareness around the dangers of social engineering. Unfortunately, the average user in the region is still not fully aware of how social engineering cyberattacks compromise their personal data and the value of this data in the
cybercriminal world. The manipulation of individuals to pass on personal data is common across the world, but they particularly target markets where individuals either don’t realize they should not provide or can be persuaded with the promise of significant revenue to pass over personal data or identity information. Therefore, scams and schemes are run either to utilize their details to commit fraud or even use their services as “mules” where money or goods can be passed through to facilitate fraud. We know from the latest LexisNexis Risk Solutions cybercrime report that adults under 25 are one of the main targets for social engineering cyberattacks. This is partly due to this demographics’ much more relaxed attitude towards sharing their personal details with individuals they do not know. This problem is compounded in countries and continents such as Africa where you have disproportionately young populations. In Africa around 40 countries have populations where over 50% are under the age of 25. How To Prepare and Manage the Risks This is where sourcing and implementing the appropriate digital technology detection and prevention tools at the very start of roll out of any digital services is essential. One of the first controls that should be implemented in early digital adoption is Device Identity. Device fingerprinting, as it is sometimes known, becomes essential in the fight against new account opening fraud in the digital space. If you can reliably identify the device making the transactions and not rely on physical indicators given in a transaction (such as phone number, IMEI etc.) then you can dramatically enhance the quality of transaction validation. In the digital interaction world, there are a great deal of hidden identifiers that are bound to a device within a transaction, these are not normally analyzed or understood, as many standard fraud controls focus on the actual transaction details. Continued on page 36 June / July 2021
