About Jumia
Jumia is a leading African eCommerce platform, offering a wide range of products and services to millions of customers across the continent. Jumia aims to connect buyers and sellers by facilitating seamless transactions, secure payments, and fast deliveries to enhance the online shopping experience for African consumers.
The challenge
Jumia was experiencing a high rate of SMS fraud attacks, a scam where fraudsters exploit premium rate numbers and 2FA/OTP mechanisms to generate funds for themselves and mobile network operators (MNOs).
SMS-based authentication
Jumia's primary user authentication method involved SMS verification, wherein users received a code to confirm their phone number during the account creation process. However, attackers exploited their account creation process by attempting to receive SMS verification codes without fully completing the account creation. The attackers were associated with specific mobile network operators and likely had a commission-based arrangement for SMS verification.
Increased costs
The constant loop of SMS verifications by attackers incurred significant costs for Jumia. The SMS volume increased substantially during the attacks, leading to higher expenses for Jumia. Also, manual monitoring and intervention in the verification process diverted resources from other essential tasks. These attacks cost Jumia more than $40K annually.
Impact on legitimate users
The inadvertent impact of Jumia's previous SMS fraud mitigation attempts resulted in dissatisfaction among genuine customers, experiencing delays or blockages in their SMS verifications.
Why Fingerprint
Jumia's reliance on a third party for SMS communication led to limited visibility and overuse of blocking and identification of malicious traffic. Furthermore, it was determined that bad actors may have leveraged cloud-based services hosted in the U.S. for their automated SMS attacks. Over time, the bad actors modified their tactics to evade detection and continue their SMS fraud activities, making it a challenge for Jumia to predict and prevent attacks effectively.
As a result, Jumia sought a new solution that offered complete visibility over detection and prevention measures. From their research, Jumia discovered that Fingerprint provided the most accurate solution to address their SMS fraud attacks.
"We found value in Fingerprint because we have full control over what's going on, and we desired the ability to block the traffic ourselves." - Jose Santos, Director of Engineering at JumiaPay
Using Fingerprint identification, Jumia associates each verification request with a visitor ID of a specific browser or device. They then limited the number of verification requests from a single browser. So even when a fraudster switches accounts, they know it's the fraudster and can block the request.
Fingerprint's device intelligence continuously adapts to evolving attack patterns, helping Jumia stay ahead of fraudsters and minimize potential losses.
Results and achievements
Fingerprint gives Jumia complete visibility and the ability to block malicious traffic
Fingerprint enables Jumia to take charge of identifying and blocking malicious traffic independently. This level of visibility is crucial for Jumia as it allows them to respond swiftly to emerging threats and adapt their security measures as needed.
Delayed SMS verification
Jumia can delay SMS verification sends from 20 seconds to 20 minutes if they detect it’s the same visitor ID conducting multiple SMS verifications. Fingerprint offers Jumia the ability to implement a customizable "cool-off" period for SMS verification sends.
Enhanced customer experience
The previous SMS fraud attack solution led to delayed or blocked SMS verifications for legitimate users, causing frustration and inconvenience. With Fingerprint's accurate identification of legitimate users and swift blocking of malicious traffic, Jumia ensures that genuine customers can complete the account creation and login processes smoothly and efficiently.
Conclusion
Fingerprint has proven to be a game-changing device intelligence solution for Jumia in their battle against SMS fraud attacks. As a leading African eCommerce platform, Jumia faced considerable challenges with fraudsters exploiting their SMS verification process to generate funds through premium-rate telephone numbers.
With Fingerprint's 99.5% accurate device identification, Jumia achieved unparalleled protection against fraud, safeguarding their business and bolstering customer trust.
