At Seamfix Limited, the compliance team jokingly refers to themselves as “the biggest fish” – acknowledging their pivotal role in the company. Their significance, however, is no joke.
Over the past thirteen years, Seamfix has emerged as a frontrunner in digital identity and fraud prevention across Africa, winning numerous awards in innovation and security. It’s fair to say we know a few things about compliance management.
As a content marketer, I had the privilege of sitting with two of our seasoned experts, Head of Compliance, Chiamaka Anango, and Compliance Officer Jessica Ekhile, to share their expertise with our global audience. This comprehensive guide is the outcome of our conversation, offering valuable insights for meeting compliance standards and preventing identity fraud.
A Case Study on SIM Registration Fraud in Nigeria
Preventing identity fraud requires more than just vigilance—it demands an understanding of the tactics used by fraudsters and a proactive approach to counter their ingenuity.
Since the introduction of NIN (national identity number), the sim registration process in Nigeria has become more stringent. An individual’s NIN must match their phone number and the facial images provided to proceed with registration. However, fraudsters exploit techniques like “picture of a picture,” where enrollment agents use pre-recorded videos against a white background to deceive the system into accepting false registrations.
Fraudsters also use someone else’s login credentials to gain unauthorised access to registration devices for fraudulent SIM swaps and one-time passwords (OTPs).
As key partners of the National Identity Management Commission, Jessica and Chiamaka detailed Seamfix’s response to these challenges. “We introduced biometric validation, capturing agents’ fingerprints and faces for device usage. Additionally, geo-tracking was implemented to limit access on suspicious devices immediately.”
“If NIN validation fails or mismatches with provided details, the SIM registration halts, ensuring accuracy from the start.”
Our Approach
- Document Verification: Automatically cross-checking customer-provided phone numbers and names with official documents for legitimacy.
- Face Match Service: Capturing live images during SIM registration and comparing them with government database photos to prevent impersonation and spoofing.
- Platform Verification: Aligning live images with NIMC records and implementing OTP checks for customer identity confirmation before registration.
For instance, in October 2015, the Nigerian Communications Commission (NCC) fined MTN Nigeria for their delay in barring the lines of over 5.2 million subscribers with poor SIM registration data. Seamfix intervened, enabling real-time and back-end revalidation of captured subscriber details and preventing poor-quality records at registration points. This swift project launch met regulatory deadlines, processing 60 million registrations weekly and saving MTN Nigeria over $5 billion in fines.
In 2023, Seamfix introduced an active liveness check to authenticate a customer’s facial image, distinguishing it from a saved picture or spoofed attempt. The result? MTN Nigeria onboarded over three million customers with 90% biometric accuracy in forty days.
Seamfix’s product team continuously refines its registration engine to counter fraudulent activities, assisting telcos in meeting SIM regulatory compliance and preventing fraud. Despite these efforts, fraudsters persistently evolve, prompting us to refine our security protocols to stay ahead.
How to Build a Resilient Compliance Framework
A few months ago, I received an innocent email from our Financial Chief, Lillian Wilfred. Intrigued, I clicked a link within it, only to discover it was a planned phishing attack orchestrated by our compliance team. Failing the test, I had to attend an informational session on phishing and identity fraud.
Recently, when a similar email arrived, I approached it with caution—an evident impact of our vigilant compliance team. Here’s a breakdown of Seamfix’s robust compliance framework shared by Jessica and Chiamaka.
- Regulatory Compliance and Risk Assessment
The regulatory landscape, particularly in Nigeria, is dynamic, with bodies like the NCC (Nigerian Communications Commission) and NDPC (Nigeria Data Protection Commission) introducing frequent policy changes. The NCC, for instance, adjusts guidelines regularly, such as altering age limits for registration. The NDPC also instituted the Data Protection Act, emphasising data security measures with regular seminars and assessments that ensure compliance.
Moreover, there’s active vigilance against cyber threats. For instance, the NDPC alerted companies to potential attacks, advocating for DDoS (Distributed Denial-of-Service) protection – a cybercrime that floods servers with traffic to prevent access to online services and sites.
At Seamfix, our compliance team actively monitors dashboards, swiftly addressing infractions related to industry regulations. We conduct quarterly vulnerability assessments and penetration testing to rectify platform weaknesses promptly. Our incident and problem management process ensures timely resolution of issues. Embracing a security-by-design approach, we embed security measures from project initiation to development to prevent cyber threats.
Chiamaka Anangor advises: “Understanding your industry’s regulatory landscape is crucial. Familiarise yourself with the guidelines and establish a robust cybersecurity team to monitor vulnerabilities proactively.”
- Balance Identity Verification with User Experience
Seamfix implements Multi-Factor Authentication (MFA) and biometric verification to improve the accuracy and security of our onboarding protocols. We make sure every customer and employee’s identity is validated before conducting business with them. Our verification process is so seamless it removes all difficulties and complications for the end user, most times without involving them.
The key is educating customers about the importance of these steps during registration. Consent forms are provided to customers, outlining the purpose and limitations of data collection. This is why continuous training is vital as new employees and partners join our systems each week. So, we regularly conduct employee training sessions like phishing exercises and knowledge development sessions (KDS) to equip them to combat evolving threats and improve their ability to prevent future incidents.
Externally, we train client agents on data protection, privacy, and product usage weekly. We offer guidance on responsible platform utilisation, proactively enhancing our products to align with NCC guidelines and international standards like ISO 27001.
Chiamaka Anangor explains: “Consider the customer’s experience, particularly in ID verification and KYC services. The process seamlessly occurs for banks verifying new customers without direct engagement as they share the customer details for validation with us.
The most delicate process might occur during account opening or SIM swaps. Even then, the steps—data collection, form completion, biometric capture, and ID validation—unfold swiftly as we confirm records from government databases in seconds, enabling a rapid and efficient registration process.”
- Proactive Measures and Continous Improvement
Seamfix implements robust data protection measures, encompassing encryption, access controls, and monthly security audits to ensure the safety of sensitive information. We also maintain an updated Incident Response Plan for swift action in the event of security breaches.
Furthermore, we nurture a culture of perpetual enhancement by regularly revisiting policies and actively engaging in industry forums to share insights and gather intelligence on emerging threats.
Chiamaka shared what this culture looks like for her: “Artificial intelligence intrigues me deeply as fraudsters leverage AI to recreate human-like movements, deceiving our engines during live capture. The ability to mimic an individual’s likeness and movement using AI is baffling and concerning. So, I follow NDPC and industry certification bodies like PECB, BSI, and CPG on LinkedIn for their seminars and webinars on data privacy and security control measures.
Additionally, I’m a member of the Compliance Institute of Nigeria, attending their bimonthly sessions featuring guest speakers covering various aspects of compliance, anti-money laundering, KYC, and identity management. I strive to stay updated because what is relevant today may quickly become obsolete tomorrow.”
Seamfix Commitment to Compliance and Fraud Prevention
My insightful conversation with Jessica and Chiamaka highlights the value of continuous learning and knowledge sharing to achieve optimal compliance. Whether you want to tighten your sim registration process or secure account openings and transactions, use this handbook to strengthen your defences against identity fraud and meet KYC compliance.
Seamfix Limited is your trusted guide for end-to-end digital identity solutions. With a proven track record of assisting over a thousand businesses across diverse industries and servicing more than 300 million end customers, our services provide clarity in identities for every human or business transaction. Using our solutions, you can easily capture high-quality biometric data, securely identify your customers, and issue authentic credentials.
Speak with us today for a one-on-one consultation. Let’s help you end identity fraud and satisfy your customers wherever they may be.