By 2025, more than half the population of sub-Saharan Africa—600 million people—will be connected through mobile telephony. But right beside the entrepreneurs and institutions taking advantage of the opportunities from the mobile telephony revolution, sophisticated cybercrime rings are making bank from the pilfered call credits of unsuspecting mobile phone users.

There is a good chance if you are one of the approximately 500 million mobile subscribers in Africa, that you have been a victim without even knowing it. If your airtime has ever been reduced inexplicably, or “someone” subscribed you to a service without your consent, it is almost certain that you were a victim of one of the most common mobile frauds—carrier billing fraud.

Direct carrier billing fraud happens when your airtime is diverted to pay for unsolicited services, or when it is stolen outright. This can happen when users inadvertently click on banner ads or download applications with malware in them.

When a direct carrier billing attack is initiated, mobile subscribers will find their unused airtime decreasing without being used, leading to accusations of airtime theft hurled at mobile network operators (MNOs). Without holding brief for MNOs (indeed some have very lax security infrastructure), it is possible—perhaps more often than not—that the true reason for arbitrary airtime and data reductions is less dramatic. The user was simply a victim of a carrier billing cyber attack. 

Paris-based cybersecurity firm, Evina, says it was able to stop 60 million such attempts to steal airtime from mobile phone users in Kenya and Nigeria alone last year. “It is organised cybercrime,” remarks Joan Larroumec, co-founder and CMO at Evina, on a call with TechCabal. “It’s not individuals anymore for this kind of fraud, and it’s not even one organisation,” he adds explaining that while one organisation may be responsible for creating the virus, another group would be in charge of hiding the malware in app stores, and yet another is responsible for collecting the money from unsuspecting users. 

Larroumec’s company, Evina supplies cybersecurity technology that screens payment requests to determine if they are legitimate. The company says it secures 20 million transactions every day in the countries it operates in across Europe, the Middle East, and Africa. Last year, the company raised €20 million to deepen its protection services.

In a report released earlier this year, Evina South Africa, Cameroon, and Ivory Coast recorded the highest fraud attempts on carrier billing in the first three months of 2022, in sub-Saharan Africa. In South Africa and Ivory Coast, remotely-controlled fraud—where malware present in apps downloaded from app stores, takes control of a device to make fraudulent payments—makes up 41.2% and 53.7% of fraud respectively. For Nigeria and Kenya, the most common mobile fraud is the bypass fraud which represents 82.1% and 70.7% of detected mobile fraud cases in both countries respectively. Bypass frauds are sophisticated attacks that exploit loopholes to trick users into clicking ads that automatically subscribe them to mobile content services without their consent. In return, the attacker gets a commission for every successful mobile subscription.

In 2020, research conducted by Evina concluded that one out of every 3 mobile subscription attempts in South Africa was fraudulent. That year, South Africans lost $4 billion to mobile carrier billing fraud, according to a report by BusinessTech, a South African media outlet.

Combatting mobile fraud

Since mobile fraud is usually initiated when unsuspecting users download apps or click on innocuous ads online, some of the responsibility for mobile fraud protection lies with users. However, mobile network operators and device manufacturers need to do more to protect their users and customers.

For example, Business Insider reported in 2019 that Vodacom South Africa lost almost half the money it made from content subscriptions after it implemented “stringent policies to minimise [mobile] content fraud”. In other words, while your network provider may not be stealing your airtime or internet data, it is may be making money from the real thieves. Other media have reported that revenue (and commensurate employee bonuses) from mobile fraud may be responsible for the slow response of network operators to fix the issue. In addition to this, some malware come pre-installed in cheap smartphones, putting the other arm of responsibility squarely with the makers of these devices. Transsion, the Chinese smartphone maker of Tecno, Itel, and Infinix brands made headlines because of this in 2020.

For telcos that implement a revenue-share formula with mobile content providers, it is true that in the short term, the better a company is at blocking fraudulent transactions, the less money they make. Indeed as MCPInsight, a market intelligence and compliance company noted in its Combatting Fraud in Mobile Content whitepaper, “Employees might be tempted to let through suspicious transactions to boost ‘clean’ sales numbers. There’s also a risk that the provider won’t block its own traffic but might hinder competitor traffic.”

But this approach sounds incredibly shortsighted. In Africa where the financial inclusion agenda is mostly a mobile-first project, unchecked mobile fraud tapers trust in mobile digital channels. In the long term, deteriorating trust will negatively impact any form of business that depends on mobile payments. Are network operators willing to sacrifice future business because of revenue from stolen airtime?

Get the best African tech newsletters in your inbox