Safaricom phone tracking to arrest bank ATM fraud

Safaricom has rolled out an “ATM Vicinity Check” technology that will help banks ensure that cash withdrawals can only be conducted if the transacting customer is within the vicinity of the machine. FILE PHOTO | SHUTTERSTOCK

Safaricom has rolled out an “ATM Vicinity Check” technology that will help banks ensure that cash withdrawals can only be conducted if the transacting customer is within the vicinity of the machine.

The solution, to be offered to commercial banks for free, is aimed at arresting the rising cases of banking fraud where criminals use their victims’ cards and/or information to withdraw funds from ATM points.

There are several ways through which criminals steal funds from cash machines including cloning ATM cards, trapping the cards at the machines and collecting information on the cards.

Read: Regulator, Safaricom face class action suit over SIM-swap fraud

Others involve withdrawing cash from a victim’s account using M-Pesa. The new solution from Safaricom is designed to tie ATM transactions to the genuine account owner’s physical location, making it harder for fraudsters to carry out their schemes.

“The solution works by comparing the geographical location of the ATM and the customer requesting a withdrawal from the specific ATM based on the location of the cell phone mast serving the customer,” said Safaricom in an email response to Business Daily.

“If both the customer and ATM are not in the same location, then the transaction is rejected,” said Safaricom.

The telco’s new innovation follows an earlier one that targeted the reduction of rampant cases of SIM swap fraud that have seen customers lose thousands of shillings.

Safaricom said on Thursday that at least six banks had signed up for its SIM-Swap-Check solution that gives the lenders an Application Programming Interface (API) through which they can query when a customer’s SIM card was last swapped.

The telco however declined to reveal the identity of the lenders which are likely to be the major institutions with millions of customers relying on ATMs as one of the main access channels.

According to Safaricom, the information obtained from the API enables banks to make a decision on the likelihood of a customer’s transaction being fraudulent and the additional steps to be undertaken.

“The rapid growth of Kenya’s fintech sector has been accompanied by a rapidly evolving threat environment targeting both customers and fintech operators … We have developed SIM-Swap-Check and ATM Vicinity Check solutions that we have made available to banks to empower them to reduce fraudulent transactions,” said Safaricom’s chief executive Peter Ndegwa.

SIM swap occurs when a criminal claims the false identity of a SIM card, pretends that their card is lost and succeeds in convincing a mobile operator to issue them with a replacement.

The crook thereafter takes over control of their victim’s mobile number, and resets passwords on sensitive apps effectively gaining access to their victim’s contacts, banking details, emails and social accounts.

In October last year, a Visa Global Risk Investigations report showed that criminals who previously operated in cyberspaces are now shifting their targets to physical points of vulnerability as in-person commerce resumes to pre-Covid levels.

According to the report, card-present threats such as physical skimming on ATMs and point-of-sale terminals increased 176 percent during the 12-month period to December 2021.

“As in-person commerce returns to pre-pandemic levels, crooks are back to exploiting the physical points of vulnerability in stores, while continuing to capitalise on e-commerce through malware, ransomware and phishing attacks, among others,” said Visa Chief Risk Officer, Paul Fabara in October.

Read: Mystery investor’s purchase of Safaricom shares stops plunge

Last October, businessman Abdi Zeila filed a class action suit suing Safaricom and the Communications Authority of Kenya (CA) for alleged fraud after he claimed to have lost nearly Sh0.5 million via a SIM swap scam on March 28, last year.

In recent weeks, banks have been issuing alerts to their customers, urging them to exercise vigilance and to desist from sharing their personal details following proliferating cases of missing cash.

→ [email protected]