Scamming the unbanked

Welcome to Tech Safari!

Your tour guide on African Tech 🧭

Hello to the new folks who have joined the Safari since the last edition.

If you haven't subscribed, join thousands of smart folks curious about Tech in Africa.

Hey, let’s dive straight into this week’s Tech Safari!

In 2022, Agnetta Makokha found her late husband borrowing money from the afterlife.

His ghost had racked up loans of $374 (Ksh. 50,000).

Scammers had ‘hijacked’ his account - and made transactions as if he were alive.

Then there’s Farah Bashir who took an even bigger hit.

Scammers hacked his M-Pesa account and breached his four linked bank accounts.

They swiped $19,475 (Ksh 2.6 million), leaving him stranded in Johannesburg where he had traveled for work.

Mobile money transformed Africa’s payment story - providing a cheap, easy way to send money using just a phone number.

But, it also gave scammers a new way to steal.

That year, four M-Pesa customers (including Agnetta and Farah) sued Safaricom after getting scammed.

These cases may sound unusual, but they’re not the only victims.

Africa is the mobile money (fraud) center of the world

In Kenya, about half of users have lost money to fraud or sent it to the wrong person.

In Senegal, about 32% of users have faced scams.

While last year in Nigeria, there were 4,982 cases of mobile money fraud- the highest ever recorded.

So what’s up with mobile money? What about it is pulling in scammers?

We spoke to Dr. Bright Gameli to find out why mobile money in Africa is so vulnerable.

Bright has been busting fraud for over a decade - helping companies and governments tighten up their fraud detection.

He tells us that…

Scammers go after apps and services that are easy to use

And one thing mobile money is good at is simplicity.

Here’s all it takes to get started:

• Register at a local agent with an ID and phone number

• Create a PIN for your account

• Receive an SMS prompt to verify your account

• Then deposit money at the agent or link your bank account

Unlike banks, mobile money has a basic Know your Customer (KYC) process.

You only need a national ID to confirm it’s you.

That sounds great - until you realize someone can easily fake or steal one.

This loophole is the backbone of SIM swap fraud.

Scammers steal your ID, trick service providers to renew your SIM card, reset your PIN and cash out.

“Mobile money was built for usability and functionality, so providers kept the KYC simple. And scammers target apps and services that are easy to use. Now, identity fraud has gotten so bad that they’re even stealing from the dead too,” says Bright.

Agnetta’s late husband can relate.

And, unsurprisingly, identity fraud is the most common type of mobile money scam.

It's not just mobile money users at risk though.

It’s everyone in the ecosystem: customers, agents, service providers and now, even banks.

And they’re paying the price 

As mobile money grew, it started connecting with fintechs and banks.

This new connection is called interoperability.

And it lets people link their banks to mobile money and get their paycheck, pay their bills, and send money from overseas back home.

For scammers though?

The ease of moving money between a bank and a mobile money account created a new playground.

And today, banks are both victims and (unintentional) accomplices in mobile fraud.

• They process transactions from hacked mobile money accounts - helping scammers cash out their loot

• And hackers who break into bank accounts use mobile money to get away - paying out to a mobile money account

Banks have a lot at stake when this happens.

Lawsuit after lawsuit. One reputational hit after the next. And of course, the financial losses pile up.

It’s not business as usual.

“Banks need to adapt. Integrating with third-party apps means their systems are vulnerable. And they need to invest in tech to detect fraud before it strikes, and to recover quickly when it happens,” Bright says.

To understand how banks can pull this off, we caught up with a company helping African banks see who their customers really are.

Picture someone smiling to verify their ID

Smile ID started in 2017 when Mark Straub noticed how hard it was to prove identity across Africa.

He wanted to simplify online identity verification for Africans.

Seven years later, they’ve done over 100 million checks across 54 African countries.

They started by protecting fintechs like Yellow Card and Flutterwave –– and now they’re helping banks like Stanbic, IBTC, and Zenith Bank beef up fraud detection. 

And more banks are coming to them for the same reason. 

Mark tells us it’s because scammers are using mobile money to target banks.

Mobile money wallets may be popular for everyday payments, but banks are still where the big bucks are.

People’s paychecks, their rainy day savings, and even business funds live in banks.

But, banks also have high walls.

To open an account, you need an ID, an official address, and even tax documents - not the easiest to hack.

So crooks go for the shortcut: use mobile money wallets to access bank accounts

“It’s hard to move money from a bank account to a bank account - there’s more KYC in that regard.

But it’s easier to channel stolen money through mobile money which only uses ID numbers for KYC. Once stolen money enters a mobile money system, it’s nearly impossible to trace it,” Mark tells us.

The buck stops with banks to protect their customers’ money

To move money between banks and mobile money, all you need is a simple bank account verification.

But Mark thinks these tools aren’t tight enough.

IDs can be faked or stolen, while biometrics like face authentication can’t.

As AI-driven fraud gets savvier, Smile ID counters with tools that catch scammers using fake AI images to deceive face recognition.

Their biometric authentication verifies user-uploaded images by detecting human movement, making sure you’re taking the picture live.

They can tell when you smile, move your head, or even blink.

“We’re doing several million face authentications every month. These authentications currently take less than three seconds, and we’re trying to reduce friction to less than one second,” Mark says.

Ultimately, Smile ID wants to help banks and mobile money companies verify users' identities quickly without delaying transactions.

Mobile money has opened up finance for millions of Africans.

But, we risk losing all this progress to fraud.

It’s up to mobile money companies and banks to keep people’s money safe.

It may take a few seconds longer to verify you, but we think it’s worth it.

If you’re in banking or fintech and want to know how Smile ID’s biometric authentication tool can protect your money, reach out to them here.

And that's a wrap!

Did we miss anything? Or just want to say hey? I'd love to hear from you! You can:

• 💸 Invest with the Tech Safari Syndicate

• 🐦 Find me on Twitter

• 💬 Holler on Linkedin

• 💌 Reply to this email

• 🚀 Partner with Tech Safari

• 👨🏾‍💻 Hire with Tech Safari Talent

And if you don't already, make sure to sign up to get this in your inbox next week.

And remember - it just takes just five referrals to join our WhatsApp community 👇🏾

Catch you soon!