Kenyan banks are racing to secure their systems against a new wave of cyber crime that has seen them lose hundreds of millions of shillings to fraudsters and eroded consumer confidence in technology-based banking services.
The Central Bank of Kenya’s latest supervision report indicates that commercial banks are losing an average of Sh100 million to fraudsters every month – signalling the level of threat in the industry and the amount of investment that needs to be made to keep customer deposits safe.
CBK’s fraud department data indicates that the incidence of banking fraud rose to three per cent of total financial transactions last year, from 0.5 per cent five years, helped by increased bandwidth that came with fibre connectivity and increased use of technology by banks.
Central Bank says that although most criminals still use traditional methods of stealing cash through bank break-ins, use of fraudulent cheques or electronic fund transfer taps has pushed up computer related fraud and compromised point of sale devices.
Concern over cyber security has been rising in recent months after a number of financial institutions reported illegal activities targeting their operations with millions of shillings at stake.
In the past six months, anti banking fraud experts have reported the copying of a bank’s website and its posting online to capture sensitive client information.
A foreign national has been caught withdrawing large amounts of money from a bank’s ATM hall and an international bank’s ATM has been hacked, resulting in loss of customers’ money.
Card theft, information skimming (insertion of electronic devices in ATM machines to capture customers’ personal data), compromised PINs, vandalism and cash trapping are top on the list of the most common forms of banking sector-related cybercrime.
Analysts reckon that the introduction of online payment portals for e-commerce could be the next frontier for cyber criminals.
“Hackers were originally kids trying to show off. But it is no longer about fame and showing off, it is about making money and harming the individual,” said Mwenesi Muasalia, the Country Manager at Symantec, an online security company.
The growing threat posed by this sophisticated breed of criminals has forced financial institutions to look into their processes afresh.
Though the amount of money lost to cyber criminals is big enough, bankers insist the real damage is on increased operational costs, a build-up of bad debt, erosion of customer confidence and steep drop in revenues as banks are forced to invest in new technology to protect customer information.
In the past two years, the banks have invested more than Sh20 billion in security solutions meant to safeguard their clients from cyber attacks mainly targeting new product lines such as online banking, card-related businesses and e-commerce channels.
Bankers say the increased number of ATM networks and use of credit cards in ordinary business transactions is posing the greatest challenge to securing their online operations.
Equity Bank, Kenya’s biggest financial institution by customer base, recently admitted that its on-line security needs had significantly increased and clinched a deal with a Belgian business partner for a card management system that speeds up transactions made at more than 3,000 points to curb fraud.