The four leading mobile network carriers (MNOs) in France have teamed up to combat identity theft and online fraud. To help online companies fight fraud and digital identity theft, Bouygues Telecom, Free, Orange, and SFR announced on December 3 that they will introduce two network Application Programmable Interfaces (APIs) for the French market in the first half of 2025. This initiative is part of the Open Gateway system of the Global System for Mobile Communications Association (GSMA).
About GSMA
The GSMA, a trade association representing the global interests of mobile operators, was established in 1995. As of 2024, it has more than 750 members. In 2023, the GSMA launched the Open Gateway Initiative, aiming to create digital solutions that work seamlessly across devices, regardless of the nation or operator.
Since its inception, the program has onboarded 67 mobile network operators (MNOs) and 26 channel partners, representing 278 networks and covering three-quarters of global mobile connections. Developers can access these network capabilities via APIs through the CAMARA repository, an open-source initiative by the Linux Foundation.
“This aligned market launch of CAMARA APIs from France’s leading operators will make it easier to keep people safe from the growing threat of fraud. The initiative benefits businesses, mobile operators, and their customers, saving developers time, money, and effort while allowing for the quick launch of innovative new services.”
Role of APIs in Mitigating Fraud
1. KYC Match API
Purpose: Cross-check user-provided information with verified data stored by the mobile network operator during the Know Your Customer (KYC) process.
The KYC Match API validates details such as mobile phone numbers, names, postal codes, and email addresses, without transferring any personally identifiable information (PII).
France is the first country to have all its national MNOs adopt KYC Match. Several financial institutions, including Crédit Agricole's online subsidiary BforBank and Credit Mutuel Arkéa's Fortuneo, are already utilizing this API in collaboration with DQE Software to screen new customers.
2. SIM Swap API
Purpose: Detect recent SIM card changes to prevent account takeover fraud.
This API checks if a phone number has recently had its SIM card swapped, helping financial institutions verify the relationship between a customer’s phone number and their SIM card during transactions.
Use Case: This helps prevent fraudsters from using stolen personal data and social engineering tactics to take over accounts.
“For example, at the time of a financial transaction, a financial institution can check whether the relationship between the customer’s phone number and SIM Card has been recently changed, helping them decide whether to approve the transaction or not.”
What’s Next?
Following the launch of KYC Match and SIM Swap APIs, French MNOs plan to release a third API, Number Verification, which will provide robust authentication for mobile numbers, potentially replacing SMS-based multi-factor authentication (MFA) solutions.
Key Benefits of These APIs
- Enhanced Security: Protects users from identity theft and account takeover.
- Operational Efficiency: Saves businesses and developers time and resources.
- Improved Fraud Detection: Strengthens verification processes without compromising user privacy.
By adopting these APIs, French mobile carriers are setting a global benchmark for digital security and fraud prevention, making online interactions safer and more secure for businesses and consumers alike.