Guy Daniels, TelecomTV (00:10):
Hello and welcome to our special program on how France is using network APIs to reduce financial fraud. I'm Guy Daniels and during this webinar we will explore how the major French mobile operators, Bouygues Telecom, Free Orange and SFR are collaborating through the GSMA open gateway initiative to reduce fraud by deploying network APIs. We're joining me now to discuss how these network API innovations are driving work on fraud prevention are Amelia Newsom-Davis, who is director payment messaging and identity at Orange, Dau Phi Nguyen, who is carrier relation manager at Free, Didier Cadars, who is Network API and RCS product manager at SFR and Lina Taguengayte, Head of Innovation Projects at Bouygues Telecom. Hello everyone. Good to see you all. Thank you so much for taking part in our program today. Let's start by taking a look at the French telecoms market. And Lina, can I ask you to give us some background and tell us who are the major players?

Lina Taguengayte, Bouygues Telecom (01:31):
Yes, of course. So historically in France we had only three operators, Orange, SFR, and Bouygues Telecom. But in 2012, Free entered the market which make the competition more hard. This change pushed operators to offer high quality services at affordable prices. As a result, consumers benefited from rapid access to cutting edge technologies and continually improving mobile and internet services such as 5G and fiber optics. So the competition in France is pretty strong. This competitive environment also encouraged operators to explore additional revenue leading to initiatives like Open Gateway as part of a broader diversification strategy. Moreover, both the telecommunication and banking sectors in Europe are heavily regulated driving operators to prioritize customer security. S-M-S-O-T-P, for example, have been implemented to ensure safety reflecting a longstanding collaboration with banks. In this regard, the camera project represents a further steps in strengthening this size. Meanwhile, many virtual operators are adding variety to the market. Recently the major operators have been acquiring the smaller ones to focus the market around themselves. Now most of these virtual operators are owned by one of us, which is great for camera because the French market coverage is almost at 100%. So yeah, the consolidation in France happened and it'll make easier to use camera appear in France.

Guy Daniels, TelecomTV (03:22):
Thank you very much Lena. And we're going to talk later and go into more detail about the nature of this collaboration, but whilst we're staying on background facts, I had like to mention the fact that only last December it was revealed that 80% of French companies had experienced online fraud attempts. Now that's a huge number. Amelia, what does this mean for the economy and why is it important for us to focus on ways to reduce fraud?

Amelia Newsom-Davis, Orange (03:53):
Well, that's the correct figure guy that was given by the French Ministry of Interior. They're actually 40% of an increase in 40% in the number of attempts at identity theft. Why is this happening? I think the reason is because our lives are increasingly moving online. When transactions are taking place online, that's where the fraudsters go. So we see a huge rise in the number of cases of digital identity theft or fraudsters trying to dupe customers into making payments they don't want to make. Why is it important for us all to fight fraud? Obviously first and foremost we need to protect our customers. That's the key reason. And the other reason is that if we want to make sure that we continue to have confidence in the digital economy, then obviously we can't let fraud happen. So these are the two reasons that are really key in the APIs and the program that we've developed.

Guy Daniels, TelecomTV (04:50):
Great, thanks very much Amelia and we're all looking ways to combat fraud and reduce this. But Didia, if I can turn to you now, why are the French operators so well placed to address some of these challenges?

Didier Cadars, SFR (05:05):
Yes, hello French operators like many others in the world, in a strong position to address through the fraud challenges in a digital world, the mobile number has become central to identity. It's used for authentication, verification and access across many services. So what sets operators a partner is that the issue and manage this information. They know when the sim card was activated, if the number has been recently ported and also in any other activity with the mobile phone number, it gives them access to real time trustworthy data that no one else can provide. We standardized the APIs, this intelligence be shared securely with partners to help detect fraud early on. User trust in short, mobile cooperators and French ones in particular are no longer just connectivity provider. They're becoming key player in digital trust and security.

Guy Daniels, TelecomTV (06:16):
Yeah, thanks very much Didier. And as you mentioned there trust is a major issue and shows why the operators are in such a great position. Now we have some actual demos to show network APIs in action. So let's take a look at our first one and to illustrate the work that the French operators are doing in anti-fraud, we have a short video demo from Info BP that shows how common network APIs can be used to combat fraud in online banking.

Zlatan Garibovic, Infobip (06:50):
Hello, my name is Zlatan Garibovic and I'm product manager for identity and security in Infobip telco requirement area. So actually what we are demonstrating here today is combination of RCS as a new channel with an enter KPIs and adding additional value to our clients. So for example, what is here happening? We are showcasing the Sims 12 check with the KYC info and then utilizing the RCS as a branded better channel to actually communicate with the end user. So let me just show you briefly what is happening. So as a starting point, let's say that for some reason you are in the bank gap and you want to make a intersection. Once you want to pay verify bank usually do some security checks. Let's say that you have first time sending money to the location that you never sent or for example you'll log for a strange IP address and there are suspicions going on and bank wants to verify that it is actually behind it and that there is no scan going on. So what is happening? So here there is a demo of the banking app and we are then doing some security checks and then

(08:02):
First we want to utilize the RCS to pass the user by RCS because it is off-net. So usually you don't want to do verification, the same application, maybe the phone number is not present there. So we want to use a phone number as a security channel. We will check for the sim swap. So this type of attack is where the attacker usually frauds the telephone operator to reissue the new SIM card and then he has the victim's phone number and then he can receive S-M-S-O-T-P and do a lot of stuff. Because of that, we want to make sure that we are not talking with the attacker, that we're talking to the right person behind it. After the C swap check, we are initiated the RCS conversation and as you see there is the message through the chatbot where basically saying this is your bank, we want to do some security checks, please, you will answer some questions.

(08:54):
So now we are collecting the first name, last name, date of birth, and you can also have mother's name, maiden name or something like that. It doesn't matter whatever banks wants. And once the flow, what the user answers you will submit to the bank to verify it. So now here's the name, last name, address, date of birth, and we confirm the verification. When verification is done, we are initiated the KYC checks. So matching are, although all those things same at the operator side as user claimed and once we are verifying transac section is completed and then user is notified on the chat bot as well that everything went fine. What else does this bring to the bank? Basically new better branded channel. We are also saving money cost of the personnel so nobody needs to pull the user and ask some security questions so we cut time.

(09:48):
So we use the best of both worlds RCS chat bot on top and also then the network KPIs is security. Actually there are a bunch of different ideas about the network KPIs. So for example, we already have the device location. What we are now talking about is the account tenure. So this service tool to see how old is the account. So because most of the fraud for example is done via new prepaid burner phones also number recycle. So was this phone number issued to somebody else? So if I, for example, a lot of applications today have a phone number as the main login ID and if I inherit for example your phone number, I put access to your content and we don't want to do that. Also, there are some anti-fraud new products. There are some, let's say network capabilities like quality of demand where you can for some short period of time have a priority on the cell tower to actually utilize better connection.

(10:47):
Let's say that you have important call and you want to have best possible connection in congested area, you can activate the service and for some period of time your connection will have better latest C iterate. So on the industries which could really benefit from the network KPIs are vast. So I already spoken a lot about finance sector, right? Banks, fintechs, crypto wallets about the anti-fraud part, but there are also governmental, let's say eSports, e-commerce, everybody who wants to either improve the user experience or want to protect themselves or the fraud or want to know more about their users or they want to verify the user location and so on. So I mean today you have APIs like is the user enrolling for geofencing and even insurance companies could offer you travel insurance once they see that you are now in the roaming not in your country anymore. So the possibilities are enormous and just imagination is the limit,

Guy Daniels, TelecomTV (11:47):
One of the most common uses of network APIs globally, but as we saw very effective. Well let's return now to our guests and your four companies are all competitors. You don't normally work together but dfi, let me ask you, why is it important for you to collaborate now to address fraud issues?

Dau Phi Nguyen, Free (12:13):
Yes. Well as I stated before, we're competitors in terms of trying to attract as many subscribers as possible each individually, but in this fraud combat we need to be efficient and to be efficient we need to have the highest reach on the market and we need to collaborate to decide altogether which APIs we are going to release, what will be in the roadmap. And for this we're working very closely with the GSMA that can coordinate our initiatives and also give us some feedback on what's happening in other parts of the world to help us decide on which API we're going to be releasing in our roadmap.

Guy Daniels, TelecomTV (13:05):
Great, thanks very much Doy. Well I want to pick up on what you said there and Amelia I'll come across to you. Did any organizations help bring you together to aid this collaboration? Because obviously the G SMAs played and still plays a big part, but how did you all start?

Amelia Newsom-Davis, Orange (13:24):
Well, originally it started actually with a French multi operator association called the afm. We worked just three operators, so SFR Bogan Orange as free was not part of the movement at the time and we developed a suite of five APIs to common standards that was back in 2021, which we launched here in France and more recently we were lucky to be able to integrate the GSMA Open Gateway initiative and of course we're delighted that FREE has now come to join us. That gives us that important market reach that that DFI was talking about. And why is it important for us to be able to work with the GSMA? It allows us to construct a common roadmap and also to address market related problems in a controlled environment. That's obviously important for operators to make sure that we're working within a controlled environment on these issues and we were particularly lucky, I think, to be able to show three demos at mobile word Congress organized by the GSMA in Barcelona with our partners and Fabi, DQE and TMT.

Guy Daniels, TelecomTV (14:32):
Great. Thanks very much Amelia, and it's really good to hear that all four of you are collaborating on this. I'd like to ask what technical solutions you are deploying to combat fraud and why is it important to use standardized kamara network APIs? Lena, let me put that question to you because you mentioned the role of Kamara earlier.

Lina Taguengayte, Bouygues Telecom (14:57):
Yes, like Amelia said earlier, five years ago at I fdo we launched mobile id. This commercial offer aims to secure customer journeys by making certain operator data available through APIs. For example, we developed an API called SIM Verify, which allows to determine if a SIM card has been changed within a given period. We have a lot of use case to address and some are more specific to the French market. For example, we developed an API called Home Verify. So when someone wants to rent an apartment or get a loan, they have to provide a telecom bill which will serve to authenticate the person's address and to provide this document more simply, we have developed this API and it's very specific to the French market. Of course, we are in a digital world where identity fraud has increased and operator data represents an effective way to better identify fraud during banking transaction or subscription processes.

(16:11):
Functionally, the APIs developed for mobile ID are the same as those four camera. For example, SIM Verify is based on the same principle as ciwa, which shape the camera version. However we encountered a major problem. The non standardization of our API, indeed the technical connections are not the same depending on the operator. This represents a commercial obstacle because we think that the primary goal of network API is to access data easily and simply without worrying about the technology of the system that produces the data and that's why we are all working together this years with mobile, ID have demonstrated that there is a strong market interest and now French operator wants to go further with camera. The four French operators are involved like Amelia said, and we have made efforts to have the same APIs technically and functionally, and now a company present in several countries can use French API because they have been developed in the same way as all other member of the open Gateway initiative. So yeah, we think that the standardization is a key to unlock even more opportunity for network APIs.

Guy Daniels, TelecomTV (17:32):
Great, thanks Li and all this helps with scale as well. It's just great. Thanks very much for those insights. Amelia, let's come across to you again. Can you describe the approach taken to implement these APIs in addressing anti-fraud challenges within the French market?

Amelia Newsom-Davis, Orange (17:49):
Well, in France we don't sell the APIs directly to brands, so we work with a group of channel partners. We have about 10 at the moment and they will aggregate and package the APIs for third parties and that makes the life easier for the enterprises who want to use them as they don't have to interface directly with all four operators in France. They just have to integrate once with the channel partner. So we obviously tested these APIs extensively before we launched them. We did quite a few proof of concept and since then we're delighted that they've been adopted by a number of big financial institutions in France, for example. For example, BFA Bank, which is subsidiary of the big French bank K or Forio, which is a subsidiary of the other big French bank, K Mutual arch who are both using KYC match through our partner DQE. Now we've got more than 20 enterprises using our APIs here in France mostly from the financial sector and we are really pleased to see that the usage is growing faster from month to month.

Guy Daniels, TelecomTV (18:55):
Great, thanks very much Amelia. There's a lot of interest out there on different go-to-market approaches and which is working well, so thanks for that. In this video from TMT, we will demonstrate how network APIs can be called across the customer lifecycle to provide both impactful customer experience and defense against bad actors and fraud.

Matthew Hornsey, TMT ID (19:19):
Hi, it's Matthew, head of product at T-M-T-I-D and we're going to demonstrate how we're using network APIs from the mobile French carriers to create powerful identity stories based on mobile phone numbers. First example is logging into a bank, going to provide a mobile phone number and I'm going to select login. We're going to check the phone numbers real, we're going to check which network is serving it. This time it's orange. We're then going to prove that this is the phone number being used in session in real time to log into this bank. We're going to check there's no recent sims swap attempts, which would suggest there's an account takeover taking place which would prevent the account being accessed. Everything is good. I've been allowed into the bank account. If I click back into the front screen, I'll go into now an e-commerce journey and I'll pretend that I'm registering for this e-commerce platform, so providing the typical name address information that you would expect.

(20:19):
This time I'll use a different mobile phone number to evidence the service working on a different carrier and I'll click register. Same thing will be checked, the phone number's real, which network. This time it's SFR. We'll then check the account. Tenure is good. There's no recent sim swap. We'll check the name is a match, the address is a match, the email is a match and we'll again prove that this mobile phone number is the one being used to create this journey in real time on this mobile device. All being well, were approved for the account. If I then go back to the front screen and I log in as if I've already registered using the same mobile phone number, hopefully the store recognizes me and allows me to log back in. Numbers found once again on SFR, we're checking now that this phone number is the same phone number logging into this trainer store and indeed, hopefully I'm approved to log in. And that's just two examples of how we're using the network APIs from the French mobile networks to inform powerful mobile identity stories for e-commerce and financial services.

Guy Daniels, TelecomTV (21:28):
A good example there of how different industry sectors are building network APIs into their customer journeys. Well a final question for today and let's look ahead to the future. Didier, let me ask you this one. How do you see these anti-fraud solutions evolving?

Didier Cadars, SFR (21:52):
I guess that the network API project opens up new opportunities. First on the project side, the camera API catalog with nearly 50 APIs allows us to address new use cases, not only in fault product prevention but also in other markets. These APIs give us powerful tools to better connect network capabilities with real world needs. Second, from a business model perspective, the camera API standard led us to expose our APIs on marketplaces and that's crucial because I think we are confident developers on this platform are full of ideas and they will surely create new unexpected use cases in Ford and beyond. Of course, we'll keep listening closely to the market, working with partners on their customer to enhance existing a APIs performance and deliver the right future as needs change. Our goal is to stay aligned with fast changing fraud scenarios. It's a big challenge. Round one. We look forward to working with GSME on the Wall network, API Community.

Guy Daniels, TelecomTV (23:16):
Didier. Thank you very much indeed. Yes, there's challenges there. Certainly. Amelia, can I come across to you? Are we going to expect any developments from Orange?

Amelia Newsom-Davis, Orange (23:28):
Yes, we have an announcement to make for all the operators, not just Orange. We are pleased to say that we are launching two APIs in Kamara format. They are KYC Match and SIMS swap and they will be available as of now commercially from the month of May.

Guy Daniels, TelecomTV (23:45):
Amelia, that's great. We're going to look forward to seeing those and Doee come across to you as well.

Dau Phi Nguyen, Free (23:52):
Yes. I wanted to point out that the beauty of the GSMA is also the certification part where all the camera APIs that we're launching individually or certified by the GSMA, meaning that we really stay with the standard and there's no deviation from the standard defined by the Linux Nation.

Guy Daniels, TelecomTV (24:19):
Dfi, thank you very much. That's an important point, an important reminder about the certification. Thanks for making that. We must leave it there though. Thank you all for taking part in our discussion and joining us on this special program today. If you'd like further information from the partners and operators featured in this session, then please do follow the links below this video. We're going to have everything there underneath this video for you to click through and do watch out for the Open Gateway Summit and that takes place at MWC Shanghai on the 18th of June. Click on the link below to register your interest. For now though, from all of us here, thank you so much for watching and goodbye.