Home A
Homepage #1
Home B
Homepage #2
Home C
Homepage #3
Product A
Product #1
Product B
Product #2
Product C
Product #3
Contact A
Contact #1
Contact B
Contact #2
Contact C
Contact #3
About
About
Case Study
Case Studies
Single Case Study
Case Study
Integrations
Integrations
Single Integration
Single Integration
Pricing
Pricing
FAQ
FAQ
Sign In
Sign In
Create account
Create Account
Reset password
Reset Password
Legal
Legal
Book a demo
Book a demo
Blog
Blog
Article
Article
404
404
Password
Password
Pages
Get full access on request after purchase
Ultra
Buy
Blog

Agent-network fraud is not a network-layer problem

Agent-network fraud is not a network-layer problem

Mobile-money operators across sub-Saharan Africa often ask whether Tensormobile's APIs can help with their fraud problem. The answer depends on which layer the fraud sits in. Network-layer attacks like SIM swap and call forwarding fall squarely in our coverage. Agent-side fraud, which happens at the human and process layer of the mobile-money stack, sits in a different category and needs different tools.

This post describes what agent-side fraud looks like, what the research shows about its scale, and how network-layer signals like TensorShield fit alongside the agent-governance work that addresses it. The two layers are complementary, and a clear mapping of which tool handles which layer is more useful to operators than collapsing them under a single label.

What agent-side fraud looks like

Mobile-money services in markets like Kenya, Uganda, Tanzania, Ghana, and Nigeria run on a distributed network of retail agents. Agents are the physical interface between cash and digital balance. A user walks into an agent's kiosk, hands over cash, and receives an equivalent balance deposited to their mobile-money account, or the reverse. Agents are typically small business owners who register with the operator, pass a basic KYC check at onboarding, and earn a commission on each transaction they process.

The agent network is also where most mobile-money fraud happens. Five common patterns show up in the published research.

Deposit fraud: the agent collects cash from the customer and claims the deposit failed, or pockets the cash without crediting the customer's account.

Withdrawal manipulation: the agent processes a withdrawal at one amount but reports a different amount, pocketing the difference. This usually targets customers who don't carry receipts or check their balance on the spot.

PIN capture and account takeover: the agent watches the customer enter their PIN, or asks the customer to share it under a pretext, and later uses that PIN to access the account from a separate SIM.

False enrollment: the agent registers a new customer with documents the customer never provided, or with attributes that make a future account takeover easier.

Agent-initiated phishing: the agent or a collaborator sends SMS messages posing as the operator and directs the customer to share credentials or transfer funds "to correct an error."

The research is consistent on the drivers. An exploratory study of Ghana's mobile-money fraud landscape interviewed operator employees, agents, banking supervisors, and the national communications authority, and identified weak internal controls, limited detection tooling, inadequate agent training, and low agent remuneration as the main causes. Agents who are poorly paid, poorly supervised, and poorly trained are the typical fraud vector. The interventions that work sit in operator governance, not network signalling.

A broader analysis across sub-Saharan Africa interviewed customers, agents, fintech developers, and regulators, and mapped four relationship-level fraud and risk axes. The customer-to-agent axis is where most observed fraud occurs. Agents are trusted intermediaries who translate between cash and digital balance, and that trust is the surface attackers exploit.

How widespread it is

The clearest quantitative comparison is between Uganda and Kenya. A 2021 Innovations for Poverty Action survey found that 31 percent of Ugandans and 3 percent of Kenyans reported being defrauded by mobile-money agents. The ten-times gap reflects underlying market structure. M-Pesa Kenya has longer institutional maturity, stronger agent supervision programs, and a more consolidated market. Uganda's mobile-money landscape is younger and more fragmented, with weaker agent-level governance as a result.

A 31 percent population-scale fraud rate is not an edge case. It's the baseline experience for a meaningful share of mobile-money users in a country with active financial-inclusion programs. Operators deploying authentication or fraud-intelligence products into this market need a clear picture of which fraud class their tooling actually addresses, because the dominant class in their customers' lives is not necessarily the one a network-layer product covers.

Where TensorShield fits

TensorShield covers a specific attack envelope at the signalling layer:

SIM swap detection: the IMSI-MSISDN pairing was changed recently, with a known timestamp.

SIM farm clustering detection: a number's serving MSC co-locates with other recently activated numbers in a pattern consistent with farm operation.

Call-forwarding activation detection: unconditional or conditional forwarding is active, with destination information.

Route integrity signals: an A2P message traversed a route class consistent with authorised termination, or did not.

IMEI blacklist and device-binding verification: the device presenting the SIM matches the enrolled device against EIR and operator registration state.

Each signal resolves against data the operator already holds. Each one catches a specific attack class that lives at the signalling layer, and together they reduce exposure to network-layer fraud measurably.

What they don't catch is agent-side fraud, because that fraud doesn't touch the signalling layer. An agent who sends a phishing SMS uses a real delivery path. An agent who captures a PIN later authenticates from the customer's own enrolled device. A withdrawal manipulation happens entirely in the accounting between cash and digital balance, with nothing visible at the network layer.

This is a useful boundary to be clear about up front. Operators who plan a fraud strategy with both layers in mind get more value from TensorShield than operators who expect a single product to cover the full surface.

Two layers, two solutions

Mobile-money fraud splits into two categories, each with its own tooling. Network-layer fraud is addressed through signalling-layer visibility, route-integrity checks, and operator-side detection. These are the primitives licensed operators expose through APIs like TensorShield. Agent-layer fraud is addressed through operator governance: agent training, fairer remuneration, supervision programs, customer education, and agent-fraud detection that watches transaction patterns rather than network signals.

These are different product categories with different vendors. Some companies do agent-supervision tooling. Some focus on financial-literacy education programs. Some build operator-side fraud detection that works at the transaction layer. A complete mobile-money fraud strategy combines tools from each category, matched to the specific risks the operator faces in their market.

For a customer asking us about fraud coverage, the practical answer is layered. Network-layer attacks like SIM swap, SIM farm, call forwarding, and route hijack we address directly, with measurable signal output. Agent-layer attacks like deposit fraud, PIN capture, false enrollment, and agent phishing belong with an agent-compliance partner, a customer-education program, or the operator's own fraud-investigations team. Our product complements those workstreams rather than replacing them.

How Tensormobile fits in a fraud strategy

Most of what Tensormobile builds is for the network layer. TensorShield covers the SIM swap, SIM farm clustering, call-forwarding activation, IMEI blacklist, and route-integrity signals listed above. For operators in mobile-money markets, those signals address the share of fraud that lives in the network and signalling stack. The agent-layer surface, which dominates in some markets, gets paired with operator-side governance and detection tooling that runs alongside ours.

Naming this division up front is part of how we work with operators. A customer who understands the boundary buys the right tools for the right layers, plans their fraud strategy with full information, and gets durable value from the parts of their stack that we cover. We're happy to help map out which fraud categories sit where, and to point at complementary partners for the categories outside our coverage. Tensormobile is most useful as the network-layer specialist in a complete fraud program.

Skip the aggregator. Talk to the network.

Get Early Access
Take to an Engineer
logo single
Company
Home
About
Blog
Contact
Product
TensorConnect
TensorSignal
TensorAuth
TensorShield
More
Legal
Create Account
Sign In
© Tensormobile Telecom d.o.o. Hrvatska
Matrix Office Park, Zagreb, Croatia
“My favorite subscription by far. Fresh supply of templates and ready-to-use sections that save us hours on every project. Absolute no-brainer.”
Jeremy Olley
Small Agency
best deal
Save with BYQ Supply Ultra
BYQ Supply Ultra is our premium subscription that gives you access to our templates and 1800+ copy/paste sections library for half the price.
Webflow Marketplace
1 template for $129
With byq ultra
3 templates for $46 each + 1800 sections
3 template credits every quarter
Full access to 1800+ copy paste sections library
All new templates added during your subscription
With code CRAFTED20 only $46/month for the first quarter.
Cancel anytime.
Get Nerdstack with ULTRA