apidays LIVE Jakarta 2021 - Accelerating Digitisation
February 24, 2021
Leveraging Business Growth with Telco API
Iwan Pujo Satoto, General Manager Data Solutions Operations and Delivery at Telkomsel
2. 2
170mn
99%
>20Mn
>250K
# of subscribers
making Telkomsel the largest mobile
operator in Indonesia with ~65%
market share
of populations
have access to Telkomsel
network coverage; 85+% for
3G coverage and 80+% 4G
coverage
Of aggregated MAUs
across all Telkomsel digital assets
(incl. MyTelkomsel, Maxstream, etc.)
# of Digitized POS Network
All over Indonesia
As the largest telco
operator in the nation,
we have a strong
commitment to become
a digital company
3. 3
API Enablement
OTT/CP/SP Service SI Developer Enterprise/Vertical
Capability Exposure Partner Service Service Operation
Capability Integration
Network IT
Cloud
Device
Transmission Data
Comm.
Contextual
info.
Charging
& payment
Identity
& Auth.
Network
Optimization
Cloud IT Data & info.
Telco Capability Category
Telco Assets
Open Ecosystem
APIs are the gateway to enable information exchange between client applications
and core telco assets
APIs build digital society and digital
business work by connecting people,
businesses and things. Those
connections enable new digital products
and business models and business
channels. [Gartner]
4. 4
Telco Assets bring new capabilities and complexity for the API Product Development
Telco
connectivity-based
API Telco Services
Low
complexity
Single
parameter
Profiles
of customer
without modelling
API Dynamic Profile
Medium
complexity
1or multi
parameters
Prediction
of customer
with modelling
API Insights
High
complexity
Multiple
parameters
Personalization
Product and service personalization
Authentication
Verification
Fraud Management
Fraud assessment and prevention
Optimization
Operations excellence
& cost optimization
Risk Profiling
Credit profiling and early warnings
Use Cases
5. 5
Use case Application in the Industry
Personalization
Product and service
personalization
Authentication
Verification
Fraud Management
Fraud assessment
and prevention
Optimization
Operations excellence
& cost optimization
Risk Profiling
Credit profiling
and early warnings
Use Cases / Industries
API
Telco
Services
API
Dynamic
Profile
API
Insights
FMCG/Retail Financial
Institutions
Transportation
& Courier
OTT
E-Commerce
& OTA
The use cases application may be varying across industry. Some potentially to have all use cases applicable
6. 6
Application of API Product in each use cases
API product can be categorized into 5 group of use cases
Personalization
Product and service
personalization
Authentication
Verification
Fraud Management
Fraud assessment
and prevention
Optimization
Operations excellence
& cost optimization
Risk Profiling
Credit profiling
and early warnings
Active Status
SMS
Active
Status
Recycle
Number
SIM Swap
OTP
Header
Enrichment
2FA
Roaming
Status
Data Quota
Verification
Call Forwarding
Status
Credit Balance
Verification
7. 7
Fraud detection and prevention systems are of fundamental importance to the digital economy. Identity fraud is a growing concern for
online businesses and users alike.
Examples include Account Take Over (ATO) attacks, where a legitimate user’s details are stolen to take over their online account and
profit from its value.
OPERATORS’ MOBILE IDENTITY TOOLKIT
Fraud Detection and Prevention
designed to spot patterns which represent fraudulent behavior, ideally in real time
indicators of an
Account Take Over
last SIM change
recycled number
SIM Swap
Banks and
financial
companies,
especially, need
to protect their
customers from
ATO attacks.
8. 8
Output data:
• YES, If <timestamp> is
longer than deactivation
time. Phone number had
been recycled and
could lead to a
possibility of new user.
• NO, If <timestamp> is
sooner than
deactivation time and
phone number had not
been recycled
Required data:
• Phone number
• Last Deactivation Time
Required data:
• Phone number
• Specific timestamp
(i.e., User’s registration
time, user’s last active
transaction time)
• Consent ID
Use Case – Account Opening/New User Registration
Customer Journey
Customer Risk Classification
Done by Client based on
information received
Registers on an e-Comm / FI site
When a customer register into the
service, customer enters Name,
Mobile Number, Address
Validation of Mobile Number & Customer
from the app routes to registered partner(s)
app server and hit two API :
API Active Status
(Check for Mobile Number Status)
API Recycle Number
(Deactivation Status)
2
2
2
3
+62XX
1
4
Mobile Verification
Client server hit API SMS OTP for
mobile verification
Customer input OTP
Registration Complete
Registered Partner(s) calls the
API with a phone number, a
specific timestamp, Consent ID
Applicable Industries :
§ E-commerce
§ Bank
§ FI
§ Startup/OTT
Compared <timestamp>
and Last Deactivation Time
Telkomsel maintain Last
Deactivation Time for all
Telkomsel’s Numbers
How API Recycle Number Works
§ Improve data quality during
registration time
§ Clients can additionally validate
“risk” associated with a customer
prior to allowing a registration
Benefits:
9. 9
Use Case – Online Transaction-Payment / Account Take Over
How It Works
Customer Risk Classification
Done by Client based on
information received
Payment Confirmation
• Customer redirecting to e-commerce/FI
web/mobile app payment page
• Customer input and select payment method
Validation of Customer & Transaction
from the app routes to registered partner(s)
app server and hit API:
API Active Status
(Check for Mobile Number Status)
API Recycle Number
(Deactivation Status)
API SIM Swap
(Check for SIM Swap in last 24 hours)
2
2
2
3
+62XX
1
4
Mobile Verification
If OK, client server hit module payment gateway
for next-step transaction validation
(e.g., SMS OTP / 3D secure)
Output data:
• compare the last SIM
Swap Time and
Today’s Time
• score result for the
differences
1 = Before 24 hours
2 = 24 – 48 hours
3 = 48 – 72 hours
4 = > 72 hours
Required data:
• Phone number
• Last SIM Swap time
Required data:
• Phone number
• Consent ID
Registered Partner(s) calls the API
with a phone number, Consent ID
Calculating score of
Registered Partner(s)
Request
Telkomsel maintain Last SIM Swap
Time for all Telkomsel’s Numbers
How API SIM Swap Works
Applicable Industries :
§ E-commerce
§ Bank
§ FI
§ Startup/OTT
§ Reduce potential Fraud in online
transactions
§ Prevent chargeback, customer
security
§ Prevent misused on account of
stolen identity
Benefits:
10. 10
API Telco Product Catalogue
Active Status
Check phone number status
Input:
Phone number
Output:
Active/Grace/Churn
Call Forwarding
Status
Check call forwarding feature status
Input:
Phone number
Output:
Yes/No
Data Quota
Verification
Check quota status based on
trace hold
Input:
Phone number & Quota
Benchmark (e.g., 100Mb)
Output:
Yes/No
Credit Balance
Check remaining balance based on
trace hold
Input:
Phone number & Balance
Benchmark (e.g., 10.000)
Output:
Yes/No
SIM Swap
Check for SIM Swap in last 24 hours
Input:
Phone number
Output:
Score
Recycle Number
Check phone number deactivation
status
Input:
Phone number, timestamp
Output:
Yes/No
2FA
Multi factor authentication
Input:
2FA Generator
Output:
Token & SDK for authentication
Header Enrichment
Authenticate using phone number
verification through http header
Input:
Phone number
Output:
Yes/No
11. 11
Seamless API Integration
Becomes
To
From
1. Integrate API and client
server manually
2. API only dedicated for single
purpose only, no modularity
1. Using layered approach to
maximize de-coupling and
reusability API module
2. Semi-automatic API
integration, manual
exposure configuration
based on requested API
1. DIY integration process
capability
2. Electronic contract
3. Usage Dashboard, global
monitoring, and automatic
settlement
12. WE TAKE SERIOUS PRECAUTION FOR OUR
CUSTOMERS RIGHT OF DATA PROTECTION
Any individual insight can be granted once we obtain our customer's
consent. There are 2 ways to obtain this:
Telkomsel reach out to ask customers consent directly via SMS and
ask customers to reply if they agree. The result can only be sent
once the customers reply.
FI can update their TnC (Telkomsel can provide the
recommendation guidelines that’s comply with GDPR) to allow
customers giving their consent automatically