Mobile Communications

The Changing Face of Cyber Security in Africa

“I got conned,” Njoroge said as we headed off to our lunch break. Njoroge was an older employee edging closer to his retirement and needed to find ways to grow his income in preparation. He was also one of the many Kenyans who fell victim to mobile money fraudsters pretending to be officials.

“They called me and told me that I had won a pickup [truck]. They needed some money from me to process my prize. Once I sent the money, the line went dead.”

This phenomenon has grown bigger and bigger in Kenya. Now it is common to receive unsolicited text messages of “promotional winnings”. The telecom companies are using official lines to announce the true winners of promotions. But the fraudsters have conjured up other means to siphon money from unsuspecting users. However, this problem is just the tip of the iceberg.

As Africa becomes more connected to high speed internet, it is becoming increasingly vulnerable and it may not be ready to combat the resulting security threats. The great advancement of mobile phone usage presents a new security headache that the whole world is having to adapt to.

Later on this year, Kenya will have three mobile virtual network operators, mainly dealing with mobile money transfers. The three companies: Finserve Africa Limited, a subsidiary of Equity Bank; Tangaza’s Mobile Pay Limited; and Zioncell Kenya Limited; will ride on existing telecom companies’ networks to launch their services.

Equity Bank will look to counter the leading mobile money payment service, MPesa by Safaricom. With over eight million accounts opened in the country, and subsidiaries in Tanzania, Uganda, Rwanda and South Sudan, Equity will put mobile banking in the hands of its users without using a third party company, such as Safaricom.

Yet these positive developments mean serious security threats have emerged to haunt the mobile money sector.  And the recently released Kenya Cyber Security Report 2014 has damning excerpts on the gaping holes in mobile banking products in the country:

“The continued adoption of online and mobile banking services is leading to new threats for customers and local financial institutions. Many financial institutions are introducing vulnerable web and mobile applications,” the report said.

“In a recent study we sampled 33 online banking portals. Out of the 33 banking applications sampled, only two banking portals had adequate online security deployed on their web application,” it continues. “[The] majority of the web applications reviewed lack strong encryption and are susceptible to phishing attacks.”

These vulnerabilities could expose customers’ funds to be manipulated. The report also indicted cases of mobile fraud that is on the rise:

“The continued popularity of mobile money adoption in the region has attracted criminals who are now targeting this new money transfer channel. In 2013, we noted an increase in mobile money fraud targeting individuals and organizations. The fraudsters are getting innovative and are very fast on finding loopholes in new controls implemented by merchants, banks and consumers.”

It is now quite “normal” to receive fake text messages notifying users of wins on ongoing promotions.  Fraudsters have also taken it all a step further and con mobile money agents, where mobile money users deposit and withdraw funds.

A local newspaper reported a new technique where fraudsters call mobile money agents pretending to be officials from mobile money companies. They then trick the agents into giving them their personal identification number, then go ahead to withdraw money from the agent.

“Those targeting mobile money subscribers would send a text message purporting to have transferred cash from their account by mistake. They would then call the person and plead with them to revert the cash,” the article detailed.

“These tricks that saw agents and subscribers lose cash to the fraudsters came to the fore, with telecoms warning mobile money users to protect their passwords and shun calls from people purporting to be their employees.”

Online banking in Kenya has not been spared also. The Kenya Cyber Security Report details that only two banks out of the 33 sampled had sufficient security for their customers to log in.

“The study revealed that Kenyan online banking portals have limited security mechanism to protect the customer’s login credentials to the platform. Out of 33 banks sampled, only two banks had client side encryption implemented. This means that for the remainder of the banks, a sniffer on a customer or end user PC network will reveal the user’s password in plain text.”

The Kenyan government has also released its Cyber Security Strategy, underlining how public entities can safeguard information from cyber criminals.

The cyber security strategy envisions having policies, guidelines and laws that could curb and deter insecurity. The government, through its strategy paper, said that growing cyber threats could be a hindrance to the development of the country.  It has put in place a system to digitize its information so that the Kenyan citizen can easily get information through the web or through USSD commands. To ensure public confidence, mobile insecurities should be dealt with head on.

In addition to the cyber security strategy, the government has launched the National Public Key Infrastructure (NPKI) that will issue every citizen with an online identity in a bid to nab cyber offenders in the country.

In the interest of enhancing the mobile money landscape, public and private sectors need to come up with preemptive measures to block the exploitation of mobile money by cyber criminals. This will boost trust in such services, develop a culture of cashless transactions and help ordinary citizens like Njoroge.


Vincent Matinde is an international IT journalist highlighting African innovations in the technology scene


« The Bizarre Phenomenon of World of Warcraft


Social Communities: Male Breast Cancer Awareness »
Vincent Matinde

Vincent Matinde is an international IT Journalist highlighting African innovations in the technology scene.

  • Mail


Do you think your smartphone is making you a workaholic?