Safaricom Location Tracking to Arrest Bank ATM Fraud

Safaricom has introduced “ATM Vicinity Check” technology, which will assist banks in ensuring that cash withdrawals can only be made if the customer is in the vicinity of the machine.

The solution, which will be provided free of charge to commercial banks, aims to halt the rising cases of banking fraud in which criminals use their victims’ cards and/or information to withdraw funds from ATM.

Criminals steal funds from cash machines in a variety of ways, including cloning ATM cards, trapping the cards at the machines, and collecting information on the cards.

Others involve using M-Pesa to withdraw money from a victim’s account. Safaricom’s new solution is intended to link ATM transactions to the genuine account owner’s physical location, making it more difficult for fraudsters to carry out their schemes.

“The solution works by comparing the geographical location of the ATM and the customer requesting a withdrawal from the specific ATM based on the location of the cell phone mast serving the customer,” said Safaricom in an email.

“If both the customer and ATM are not in the same location, then the transaction is rejected,” said Safaricom.

The telco’s new innovation follows an earlier one aimed at reducing rampant cases of SIM swap fraud, which has cost customers thousands of shillings.

Safaricom announced on Thursday that at least six banks have signed up for its SIM-Swap-Check solution, which provides lenders with an Application Programming Interface (API) to query when a customer’s SIM card was last swapped.

The telco however declined to reveal the identity of the lenders which are likely to be the major institutions with millions of customers relying on ATM’s as one of the main access channels.

According to Safaricom, the information obtained from the API allows banks to decide whether a customer’s transaction is likely to be fraudulent and what additional steps should be taken.

“The rapid growth of Kenya’s fintech sector has been accompanied by a rapidly evolving threat environment targeting both customers and fintech operators .We have developed SIM-Swap-Check and ATM Vicinity Check solutions that we have made available to banks to empower them to reduce fraudulent transactions,” said Safaricom’s chief executive Peter Ndegwa.

SIM swap occurs when a criminal assumes the false identity of a SIM card, claims that their card has been lost, and successfully convinces a mobile operator to issue them a replacement.

The crook then takes control of their victim’s mobile number and resets passwords on sensitive apps, gaining access to their victim’s contacts, banking information, emails, and social accounts.

A Visa Global Risk Investigations report published in October of last year revealed that criminals who previously operated in cyberspaces are now shifting their targets to physical points of vulnerability as in-person commerce returns to pre-Covid levels.

According to the report, card-present threats such as physical skimming on ATM’s and point-of-sale terminals increased 176 percent during the 12-month period to December 2021.

“As in-person commerce returns to pre-pandemic levels, crooks are back to exploiting the physical points of vulnerability in stores, while continuing to capitalize on e-commerce through malware, ransomware and phishing attacks, among others,” said Visa Chief Risk Officer, Paul Fabara in October.