Dive Brief:
- As telecom operators launch application program interfaces aimed at combatting mobile fraud, players in the financial sector are becoming early adopters of the technology, telecom executives said during a webinar Wednesday hosted by the Merchant Risk Council.
- Mobile network data has traditionally been available only to telecom operators. Today, open APIs are shifting that reality and providing real-time information to financial partners.
- Real-time data can aid in detecting fraud, such as SIM card swaps, which is when bad actors are able to access those subscriber identification module cards and take over an account. Gaining access to the SIM card“ opens up risk for financial and other kinds of fraud,” said Mikko Jarva, head of portfolio and architecture of the network monetization platform at Nokia. “It’s a significant problem.”
Dive Insight:
Payments companies and financial institutions are under pressure to safeguard every step of the customer journey, which increasingly involves smartphones.
During the webinar, Alex Walling, head of business development at Nokia, recounted a 24-hour period where he tracked everything he did on his phone. In addition to sending emails and ordering an Uber, he undertook financial-related activities such as logging into his bank and initiating transactions.
“It was actually shocking to me just how much my life goes through my mobile phone,” Walling said.
While payments at our fingertips offer convenience, fraud and phishing schemes abound. Fraudulent texts can trick someone into clicking a harmful link, which might install malware on their phone that tracks sensitive payment info. Fraudsters can fake their caller ID and pretend to call from a bank or ask for credit card numbers.
“We recognize that fraud is a massive issue that our banking partners struggle with,” said Andy Stegner, an AT&T executive specializing in network API productization. Many financial companies authenticate users with passkeys, email verification or SMS one-time passcodes. But all of those methods are susceptible to fraud, he said.
Instead, by using telecom providers’ network APIs, banks and financial institutions can verify identities in the background. As a bonus, customers don’t need to switch between texts and email apps on their phones or manually type in codes.
“We have helped these financial institutions reduce that friction point for their users,” Stegner said.
Walling said the key to financial institutions adopting network API capabilities is education – both on the industry side and for consumers. Telecoms are educating companies about silent, also called background, phone verification and how it can improve a firm’s security. Meanwhile, consumers have to understand that silent phone verification is “night and day more secure” than a one-time password, Walling said.
There’s still the challenge, though, of getting financial institutions to decide that the effort of switching to APIs is worthwhile when they can just send an SMS passcode. Stegner said the telecom industry has to show financial institutions “that we are aligned to a common goal of providing … that single source of truth,” said.
A report from the consulting firm PricewaterhouseCoopers this year noted it’s critical for telecoms and financial services firms to work together to combat fraud.
“The ever-evolving and expanding nature of fraud will hopefully drive the launch of cooperation at various levels worldwide,“ the report stated.
