Global Tech Security & Privacy

Cyber Vulnerabilities Threaten Kenya’s Vaunted Fintech

Mobile banking. Credit: Azariah Kararu, courtesy of iStock/ Getty Images Plus

Kenya has led the world in the adoption of mobile money, and now it is moving to the next stage, with the formation of a government-backed Blockchain and Artificial Intelligence taskforce. But as the country positions itself to reap even more economic benefit from the global digital revolution, the security of the system may become the next big challenge.

M-Pesa, the then-revolutionary mobile money product pioneered a decade ago by local telecom powerhouse Safaricom, is a global model for how countries with fewer traditional banking services can leapfrog their economy and bring millions of new users into the formal economy with tools for transaction and savings. Now this new blockchain and AI group is charged with creating the road map for the application of emerging technologies for financial inclusion, cybersecurity, land tilting, election process, single digital identity and overall public service delivery.

The formation of the taskforce came a day after the Kenyan President Uhuru Kenyatta announced the country’s plan to study  digital innovations around Blockchain and the Internet of Things (IoT) at a digital symposium dubbed “Digital Drivers, Enabling the Growth of the Digital Economy in Africa.”

But some have doubts as to whether both government and the private sector are investing adequately in cybersecurity. Being on the bleeding edge can have a downside. Kenyan bank accounts are more prone than those in some other countries to cybercrime, partly because of  the growing use and adoption of fintech and mobile money. According to a Cybersecurity Report published in 2016 by Serianu Limited, an IT services and business consulting firm, Kenya lost about $175 million in 2015 to cybercrime.  The World Economic Forum notes that $445 billion is lost annually to global cybercrimes.

Recently, Teddy Njoroge, Country Manager at ESET Kenya, the local office for global internet security solutions provider ESET, likened the Kenyan digital economy to a slow, plump gazelle stumbling through the “cyber savannah” in the full view of agile and hungry cyber predators.

The East African nation is a leader in mobile money transfer and financial technology not only because of Safaricom’s decade-old M-Pesa but also Equity Bank’s Equitel.

President Kenyatta says Kenyan technological innovations show that the country has the potential to continue leading in the digital revolution. “M-Pesa, M-Kopa, GroIntelligence, Andela and others, show that we can lead the world with innovations that drive financial inclusion, access to energy, better data to drive our agriculture, and the essential skills required to support the young innovators of the future,” he said during his speech at the digital symposium.

According to Bret King, an author on financial technology, the takeup of mobile phones in Kenya has been the key to financial inclusion. The country’s Communication Authority of Kenya (CAK) estimates mobile penetration to be at 88 percent. According to CAK sector statistics report, in the first three months of 2017, M-Pesa transactions hit US$11.7 billion.

The mobile revolution, however, left financial institutions to play catchup with the nation’s telcos in delivering services. An umbrella body, the Kenya Bankers Association (KBA), recently introduced an interbank money payment switch dubbed PesaLink that moves money through mobile phones, internet, agents, Automated Teller Machines and branches, on a real-time basis. The platform is expected to help the banking industry regain dominance in money transfers. Safaricom’s M-Pesa has up until now been steadily gnawing at market share for the banks.

However, these new fintech platforms come with a high risk that has regulators attention, particularly as cryptocurrencies take hold.

With more than 75 percent of Kenyan citizens formally included in financial services through financial technology, Teddy Njoroge, of ESET Kenya, observes that “one would logically expect a correspondent increase in cybersecurity investments in the financial services sector. Regrettably this is not the case in most Kenyan banks.”

Cybersecurity researchers at ESET have cautioned about a rapidly changing mobile software landscape as they see a proliferation of malware and trojan downloaders targeting the Android-based devices that dominate the landscape in Kenya.

“For the first time ever we are seeing mobile malware as one of the most prevalent attack verticals globally. And given how active Kenyans are on their smartphones, security has to become a key focus area for individuals and companies who have adopted buy your own device (BYOD) in the workspace” says Alistair Freeman, ESET East Africa’s Chief Executive Officer.

Chief Security Officers cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security capabilities.

However, faced with a rising incidence of cyber-attacks on state-owned websites hosted locally, last month President Kenyatta ordered the country’s communication authority to move $10 million to the directorate of criminal investigation to help combat cybercrime.

Kenya is also set to pass a computer and cybercrime bill that will criminalize cyber offenses such as computer fraud, cyberstalking, child pornography and unauthorized access to computerized systems.

Still, industry observers say the gains the country is making toward financial inclusion remain at risk as long as public and private stakeholders continue to underinvest in security.

Tags: ,