Safaricom has a pretty efficient customer service team in place that can be reached through various avenues. Social media, text messages, physically at its retail outlets across the country or even the self-care portal.
Every other time you reach out to them, you are asked for authentication before the customer care agents can proceed to either divulge sensitive information with regards to your Safaricom line like your SIM’s PUK number or your M-Pesa account like, say, transaction records. So, what happens is usually the subscriber furnishing the agent with personal information like full names as well as more specific details pertaining to the Safaricom line in question like the date of the last transaction or the value of the last transaction or the date of the last top up etc.
While it can be irritating, this is all done in good faith, for security purposes. Because, as you may have witnessed over the last few years, there is an increase in the number of people who are out to siphon as much user data as possible in well-planned social engineering schemes.
However, just as it has been the trend on the smartphone and other tech gadgets that we use, those measures are hardly enough as it is very likely that someone can do a good job mimicking you if they happen to know just enough information about you. It’s really not that hard to get someone’s national identification card number if you want to. Depending on how close you are to the targeted victim, other details like the last transaction done on mobile money services like M-Pesa or airtime recharge value, can also be obtained.
Where does that leave us?
The good thing is that there have been lots of advancements in the security side of Information Technology over the years. I mean, we are talking about facial unlock mechanisms being core features on most smartphones entering the market this year. Fingerprint sensors have been a mainstay on smartphones and laptops for the last few years…
What fingerprint sensors and those face unlock mechanisms have in common is that they use features that are unique to one’s body to determine that it’s really them before granting them access to a device. That, in many words, is what we refer to as biometrics.
We all know why the “bio” in biometrics exists, right? The metric bit is because computer systems don’t perceive things like me and you do. They only understand 0s and 1s. So, if a face is enrolled for authentication, the system maps it and identifies several unique points that it will “remember” and refer to every other time it is presented with a face, reducing what is probably a very pretty face or voice (in the case of voice biometrics) to just a secure string of numbers and characters.
Since the start of the year, Safaricom has implemented the use of biometrics to add an extra layer of protection as well as streamline the process of providing services to customers. By use of voice biometrics (the same technology that is relied on by the likes of Apple and Google to know it’s really you who is talking to Siri or Google Assistant and respond accordingly), customers enroll their voices just once and only have to repeat a single pass phrase (at Safaricom, my voice is my password) when requesting for support or assistance from the customer care team in order to be served. Just that. No need to remember your last top up amount (a detail I usually forget).
How to enroll
- Call 100 or 200 (if you are a postpaid subscriber)
- Select your preferred language (English or Kiswahili)
- Press 4 on your phone’s dial pad to go to the Jitambulishe menu
- Press 1 to enroll your voice on Jitambulishe – you’ll be prompted to key in your ID number
- Enter your national ID card number followed by #
- Repeat the pass phrase after the tone – follow the prompt, you may be asked to do this a number of times and once complete, you’ll be notified that your voice has been successfully enrolled for use as your vocal pass code
- A request will be sent to your device via the SIM toolkit asking you to key in your M-Pesa password in order to complete the Jitambulishe enrollment. From my experience, since this process is based on a short code with a short timeout window, you can easily miss it while you are still in the dialer so it’s advisable to exit the dialer on your device and stay on the home screen so that you don’t miss the pop up screen since doing so won’t quit the call anyway and, at this point, even if the call ends, the job is already done.
Now, the next time you have a query and call 100, 200 or 234 (the M-Pesa helpline), this is what will be used to authenticate you before proceeding to be served. Easy?
Other use cases
By having Jitambulishe in place, it not only makes it easier to authenticate subscribers, it also makes it possible for other associated services.
Like M-Pesa for the visually impaired, for instance, which was introduced late last year and which uses it to read out M-Pesa balances to those who are not able to see. In order for one to get their M-Pesa balance, they need to key in their PIN. How is that possible when you can’t see? While most probably have that (inputting numbers like PINs) figured out already, the challenging bit is likely when to do so. That’s where the IVR system that M-Pesa for the visually impaired uses and Jitambulishe come in.
Note: While Safaricom’s Jitambulishe is a noble feature, you still have to take as much care to make sure any personally identifying information is not given out to malicious people who may try to use it to take over your SIM as that could be disastrous given how we are heavily reliant on our mobile devices and the services accessible through them.