The real problem.
Not policy. Identity.
Your agents operate across SIM registration, airtime, mobile money, device provisioning, and multiple applications. Each one logs in separately. Credentials get shared across teams. Fraudsters swap SIM cards through vendors under the pretext that their phone was stolen. Blacklisted agents deactivated at one location re-enrol at another under a different name because the blacklist is tied to a credential, not a biometric.
The audit gap. When fraud happens, the investigation stalls. The log shows an agent ID and a timestamp. It does not show who was physically at the counter. The gap between policy-level compliance and identity-level assurance is the gap your next audit will find.
Shared credentials, ghost shifts
One agent ID. Multiple humans through the day. Every action logged to the wrong person, every fraud investigation hits a wall.
Blacklists tied to credentials, not humans
A deactivated agent re-enrols at another location under a different name. The blacklist follows a username. It should follow a face.
SIM swap fraud through vendor pretext
Fraudsters swap SIMs claiming a stolen phone. Without a live biometric at the counter, vendors cannot tell the customer from the criminal.