Africa is on the move, and we're here to help. This continent of 1.2 billion people is hungry for services such as banking, insurance, health and e-commerce, many of which would have been previously inaccessible to large portions of the population before the arrival of the mobile phone. However, all of these services require reliable identification and secure authentication if they want the provision of such services to last. The introduction of mobile technology has led a transformation of economies across the continent.
In Africa, economies are heavily relying on agent networks, so there is an inherent risk for brands and organizations who depend on these unregulated agents to represent them in the field.
Therefore, authentication technology can provide the opportunity to verify not only end users of a service, but also the agents who take the service to market. As the rate of mobile connectivity continues to grow, along with the number of African consumers accessing digital services, an explosion in the number of digital identities will surely follow. With this growth comes an increase in the identity risk for theft and associated fraud. Hence, it’s essential that digital service providers supply robust authentication technology for the digital economy. For instance, in Tanzania it has become compulsory to register each SIM card against the biometrics of the users. By using mobile phones, the government has been able to distribute an equivalent of a digital ID card linked to biometrics to the mass market.
The phone can combine something you have (the handset) with something you know (a passcode or one-time password), for the most secure combination. Africa’s emerging digital service providers, retailers, banks and governments are choosing mobile as the best channel for authentication. A mobile phone, known for its reach as well as its support of higher factor authentication, is by far the most suitable channel to meet these demands and verifying issues. Nowadays, cybercriminals are improving their attacks. As a result, security teams are facing plenty of authentication-related challenges. Therefore, companies are implementing more sophisticated incident response strategies, including authentication. Here are some common authentication methods used to secure modern systems:
- Password-based authentication: Passwords are the most common methods of authentication; they can be in the form of letters, numbers or special characters. For this reason, it is important to create passwords that include a combination of all form options to be more secure. Still, it remains relatively easy for hackers to guess user credentials by running through all possible combinations and finding the one that matches.
- Multi-factor authentication: MFA is a method that requires two or more independent ways to identify a user. Examples can include codes generated from the user’s smartphone, fingerprints or facial recognition. The multi-factor method increases the confidence of users by adding multiple layers of security. Its pitfall is that people may lose their phones or SIM cards, making it impossible to generate an authentication code.
- Biometric authentication: Authentication using biometrics relies on the biological characteristics of an individual to provide security. Some of the advantages of using this method: the biological characteristics can be easily compared to authorized features saved in a database. In addition, biometric authentication can control physical access when installed on gates and doors. Multi-factor authentication can also include biometrics. This technology has been adopted due its ability to achieve a high level of security without creating impediment for the user.
OBA via USSD in Africa
Unstructured supplementary service data (USSD) is a communication technology that is used to transfer data between mobile devices and a network in a safe and secure manner. An out of band authentication (OBA) procedure requires that the channel used for authentication be different from the channel used for initiation. As a result, this method provides an additional layer of security. Furthermore, OBA via USSD is a popular choice for mobile authentication in Africa because it provides a powerful authentication method and provides access to 100% of a service provider’s addressable market.
Why USSD technology works for authentication in Africa?
First of all, it’s universal. USSD runs on any GSM handset and does not require a data connection to send or receive messages. Moreover, it is real-time and session-based. USSD messages are up to 182 alphanumeric characters long and a USSD session allows for a two-way exchange of information, unlike SMS. No third party can store the information, and it is not vulnerable to being intercepted or stolen. In addition, its instant USSD messages go directly from the operator to the handset. There is no intermediary to delay this process. That means communications are almost instant – critical with time-sensitive use cases like access and authentication. USSD does not incur charges for roaming; text can be notoriously expensive, whereas USSD is free to customers.
Authentication technology is always changing. Businesses must move beyond passwords and think of authentication as a way to enhance user experience. Authentication methods like biometrics eliminate the need to remember long and complex passwords. Implementing enhanced authentication methods and technologies will prevent attackers from exploiting passwords, thereby minimizing data breaches.