BCK Kenya Limited, a leading provider of ICT services in East Africa, is working with Boloro Global Limited, a New York City-based technology company, to provide Boloro Authentication.
The authentication is to secure digital money transfers and other user cases involving identity verification and transaction validation.
“The vulnerabilities of the Internet to hacking, and the prevalence of malware on Operating Systems, is well known, and fraudsters are becoming more and more sophisticated,” said Karl P. Kilb III, CEO of Boloro Global Limited.
“Boloro’s patented process separates the authentication from the Internet and Operating System, providing a secure, user-friendly way for people to verify their identity and validate their transactions.” he added.
Boloro Authentication uses the secure signaling layer of the cell phone, the USSD channel, to send a verification message directly to the user.
The user must respond to the message on its physical mobile handset with its memorized PIN for the transaction to be processed.
Once the response is entered, the message disappears from the handset without a trace.
In addition to eliminating fraud, the authentication process creates a key-stroke-by-keystroke audit trail that provides a transaction history that can be used to establish credit worthiness, promoting financial inclusion.
The solution is compatible with all cell phones, including smartphones and feature phones, and users do not need to download an app.
Testifying at the High Court of Kenya, Anand Venkatanatayanan, a specialist in cybersecurity and computer fraud forensic analysis, said that vulnerabilities in the National Integrated Identity System (NIIMS) hosting the Huduma Number project would only end up providing avenues to hackers costing the government millions.
Anand added that by using the NIIMS Kenyans have no guarantee that their data, including personal contact details, would be secure.
“This fear is not farfetched,” said BCK CEO Pat Muthui.
“In 2018, skilled hackers disabled security features of the Aadhaar enrolment software (India’s Huduma Number equivalent), leading to the compromising of more than one billion biometric details of its citizens now freely available in the dark web. Early this year, the Directorate of Criminal Investigations (DCI) published posters with the faces and names of 130 suspects wanted for hacking into bank accounts in Kenya.” Muthui said.
According to Kilb, “With Boloro Authentication, verification requires possession of your physical handset and knowledge of your memorized PIN, meaning your security is always in your own hands. Even if your government ID has been compromised, Boloro’s Authentication protects you because the process requires your physical phone and memorized PIN and avoids the Internet and Operating System.”
ALSO READ : Strathmore University, Hungarian Embassy in Partnership to improve Cyber Security