Entersekt, Capitec protect Samsung Pay users against SIM-swap fraud

Capitec customers now enjoy added protection when using Samsung Pay thanks to Entersekt’s SIM Age Validation capability, also known as MNO (mobile network operator) authentication. The silent risk signal, which recognises if a SIM card has recently been swapped, helps crack down on the concerning rise in local SIM-swap fraud.

South Africans have been particularly vulnerable to SIM-swap fraud, with SABRIC’s latest report showing that SIM swaps accounted for 92.7% of mobile banking fraud incidents reported in 2020. The report states that SIM swapping is the most commonly used modus operandi for committing crime on this channel and that “the increased ability of criminals to carry out SIM swaps may account for the significant increase in incidents (67.6%) and gross losses (62.1%).”

When adding their debit or credit card to their Samsung Pay app, Capitec cardholders must authenticate themselves for security purposes by entering a one-time PIN (OTP) sent via SMS. Before the SMS OTP is sent to the cardholder, Capitec’s system uses the Entersekt MNO authentication solution to see if the customer’s SIM has been swapped recently. If it passes the validation, the SMS OTP is sent and the customer’s card is tokenised for safe use on the Samsung Pay app.

“The SIM info check capability allows Capitec to get real-time insights from the customer’s MNO about the age of the SIM card. This helps to determine whether it has recently been ported or swapped and gives an indication of the potential fraud threat,” explains Entersekt Solution Architect Manager, Ellezane Williams. “The whole process takes as little as three seconds and allows Capitec to minimise the chances of fraudsters intercepting the initiation OTP at this vital stage of the process. This silent SIM check happens entirely in the background, but provides Capitec customers with an additional layer of security, preventing fraudsters from loading an unsuspecting victim’s card to the fraudster’s Samsung wallet.”

For Capitec, the Entersekt solution ticked a number of boxes, especially when it came to just how quick and easy it was to integrate this new feature.

“This Entersekt SaaS solution allows us to offer our customers a vital additional layer of security without compromising our client experience. What’s more, because we already use Entersekt hosted services, our integration was quick and painless, with a one-call API and no additional infrastructure needed. This solution fits our goal of continuous innovation without compromising on security. To date, the Entersekt SIM Age Validation has already helped us safely onboard more than 30 000 new Samsung Pay users,” shares Gideon de Wet, Product Head: Digital Card at Capitec.

While perfect for financial institutions of all kinds, the Entersekt SIM Age Validation solution can also help protect all businesses that make use of SMS OTP as an authentication mechanism.

“Protecting sensitive information must be a priority for businesses across all sectors. By applying a quick and silent SIM check, organisations can significantly boost their security without their customers even knowing the checks are happening in the background. This solution should be an obvious choice for all businesses using SMS OTPs to authenticate users for any reason,” Williams says.