Just how easy is it for hackers to snoop into your phone?
The first emotion to hit you when you have been defrauded is why you never listened to the twist and turn in your gut when the voice coaxing you for passwords or into short codes did not sound like a villain. Did they use dumba or was their voice, call center smooth, too convincing to be coming from inside the walls of Kamiti.
Most fraud comes from somewhere that scares us the most, or from places we placed our trust and simply let our guard down.
Many Kenyans wonder how their details, such as passwords that they have guarded jealously even from their girlfriends, can be accessed by strangers who then proceed to wipe their bank accounts clean like they left the doors to their safe open.
The truth is that we have become less vigilant using our passwords to access bank accounts while connected to public Wi-Fi, giving our devices to friends/relatives who borrow from Fuliza on our behalf or download games and free offers that can read messages and communicate with the device without your knowledge, including reading your saved passwords and transmitting them to unknown servers.
Today’s cyber-criminals do not need users’ approval or awareness to access valuable data. They are hacking our phones with malware, which are viruses designed and developed to retrieve financial information and steal money from individuals and firms, or hack our trust in call center voices.
The recent twitter furor about a bank and its customers losing money to fraudsters underline how technology, the biggest triumph of this day and age, has an Achilles heel when combined with our money and demands eternal vigilance.
For a long time now, financial service providers have sought to redefine the customer experience in the face of 21st century technological advancements. The main objective has been to leverage on technology to provide increased convenience for everyone.
Unfortunately, the quest for convenience has been visited by alleged cases of fraud even for banks who are known to invest heavily in secure systems and customers’ awareness. Obtaining a safe and secure environment for banking is the most important concern for all banking and financial sector players. However, despite the efforts and money poured into securing transactions, skilled criminal hackers are now acquiring data from unsuspecting customers and accessing their accounts, mostly without the user’s knowledge.
When bank accounts are accessed and funds transferred or ‘made to disappear’ without the owners ‘consent,’ it becomes easy to point fingers at banks. It is indeed their primary responsibility to secure our money having convinced us not to keep it under our mattress for the very reason that it would be a dead giveaway to thieves.
Read also: Banks hawking properties to auctioneers amid buyer dryspell
While the bank has created interventions to increase security of transactions, financial processes, and at the same time held a sustained public awareness and consumer education on common fraud tactics in the industry, lapses on the customer side are hard to identify given the overwhelming number of attacks and soft vulnerable spots. Hacking attacks on Kenya’s financial systems, including mobile banking, rose nearly three-fold to 444 million in the year ending June 2022 from 158.4 million a year earlier. This are the reported cases, while many go unreported, those that do have to undergo investigations much to the chagrin of the customers and frustrations that have underlined social media complains.
Based on data, the primary threat has been through sim swap services. This is where a fraudster gets hold of your phone, and even a copy of you ID, and proceeds to literally become you. These cases are not uncommon nowadays and since financial services have diversified to allow you to withdraw, send and borrow money from your mobile phone, a person having your SIM card and ID number can be disastrous.
We have seen the increase in court cases where people’s savings have been wiped out and since there is no one to blame, financial services providers are automatically allotted all the blame. The truth is, if we were more careful with our personal information and in taking time to understand the license agreements of the apps we install on our phones, we can avoid the bulk of these cyber-attacks.
Telecommunication service providers need to work closely with security agencies round-the-clock to increase surveillance around Sim swap services. Someone having an ID should not automatically qualify to be the owner of the said Sim card. There needs to be another level of fool-proof verification. The ease of sim swap services is putting banks and other e-banking service providers on the spot.
According to the PwC’s Global Economic Crime and Fraud Survey, 2022, 69 percent of reported incidents of fraud were committed by an external perpetrator or collusion between an insider and an external party. With the adoption of digital platforms, fraud continues to expand nearly exponentially as data grows in volume, variety, and velocity as more sophisticated forms of fraud emerge. Based on these insights, the war against fraud and financial crime can only be won from a united front with all the stakeholders including the relevant government agencies in security, the judiciary, data protection agencies and private players in the financial services and telecommunications sectors among others.
As institutions continue to invest in technological advancements, it is important to invest in educating customers and the public to be vigilant against fraudsters at all touchpoints. However, all key players including the public have a critical role to play in the ecosystem. Once we close in the glaring loopholes, everything else will follow and fraud cases will be reduced by a great percentage.