Kenya’s mobile money fraud problem
It’s an open international tender by the communications authority of Kenya inviting bids for the supply, delivery and installation, testing and commissioning of an automated device management system.
Amongst other things, the system is supposed to accurately register and aggregate IMEIs (international mobile station equipment identities) which are invalid, duplicated or cloned or attached to mobile phones declared counterfeit, cloned, substandard and not type-approved.
The system is also supposed to generate and manage a centralised register of unified black and grey lists of illegal mobile phones to be shared with public ICT network operators to help enable denial of service. Finally, the public is supposed to be able to directly query the IMEI database via SMS or any other medium.
Why did it catch our eye?
Well, a few weeks ago, we drew attention to research from October’s FinAccess Geospatial Mapping Survey, which noted amongst other things that:
Mobile money service providers reported the highest instances of fraud at 37 percent as compared to 10 percent of bank agents.The research also noted that the greatest type of fraud reported amongst service providers in forex bureaus and mobile money providers was ‘counterfeit money’.
Keeping all this in mind, back in September 2012 the BBC reported that as of the end of that month Kenya was planning to switch-off all counterfeit mobile phones and ban new “fake” devices from being activated on networks.
As the communications secretary Dr. Bitange Ndemo stated (our emphasis):
“In this era of mobile banking, use of counterfeit devices, which are manufactured without due consideration to the recognised security standards, may expose our mobile money systems as well as the wider banking and financial system to unnecessary risks,” said the communications secretary Dr Bitange Ndemo.The Kenyan government went ahead with the black-list as threatened. And yet, by 2013, there was an increase in mobile money fraud as fraudsters became more sophisticated and innovative at exploiting loopholes in controls implemented by merchants, banks and consumers.
“The government cannot allow this to happen and thus our decision to have all unregistered SIM cards and counterfeit handset mobile phones phased out by 30 September 2012.”
According to the 2014 Kenyan Cyber Security Report the most common schemes were fake SMS promotions wherein mobile-money users are promised a reward after they send money to certain numbers. Other times, agents were called using fake numbers so that fraudsters could get access to funds and PIN numbers. There were also insider incidents.
By the 2015 Kenyan Cyber Security report, however, things had got even worse:
Locally, saw a sharp rise in financial fraud within banks through mobile money, system tampering and mobile network exploitation.Tyrus Kamau, information security consultant and chair of AfricaHackOn, added there was now a real concern about the very fast proliferation of technologies such as NFC, which he said have inherent vulnerabilities which banks and merchants need to address sooner rather than later.
Furthermore, as the report also noted, Kenya’s growing adoption of mobile money had generally opened up new targets for cyber criminals. Instead of targeting banks, cyber criminals were now routinely targeting payment systems and mobile money service providers with which to access bank systems.
Telecommunication service providers in Kenya have, as a result, become key cyber criminal targets.
It’s clear the government is trying to get abreast of the problem.
Needless to say, whether cybercrime, counterfeit mobiles and more pertinently still fake mobile money supply is successfully nipped in the bud with the simple roll-out of an integrated and publicly accessible IMEI blacklisting system (a.k.a. a type of mobile credit checking system) is another story.
The costs of maintaining an up-to-date system are not small.
Meanwhile, Barclays reports on Tuesday that Kenya’s headline inflation rose to 7.3 per cent year on year in November from 6.7 per cent in October as food inflation rose from 11.3 per cent to 12.7 per cent. Nonfood inflation remained unchanged at 3.6 per cent y/y in November. They add:
With food prices and FX remaining key threats to the inflation outlook, we expect further policy tightening in early 2016.Add that to fake money supply, cybercrime on the up plus a mini banking crisis on the back of two collapsed Kenyan banks in the last quarter and questions over the role of auditors in the collapses…
…and well, it’s a tough time for what is considered to be the most sophisticated banking sector in east Africa.
To wit, it’s probably no coincidence that Patrick Njoroge, the new governor of Kenya’s central bank imposed an indefinite moratorium on new banking licences last month in order to buy the central bank time to remove what he called “blind spots” in its supervisory capacity.
As the FT reports on Tuesday:
“We’re doing a deep cleaning of ourselves,” he said. “I need to have new people. I need to train them. I don’t want to be sending them around to various banks with a new portfolio and the guy has insufficient training.”
The question is, will mobile payments purveyors remain profitable under that new supervisory regime?
Related links:
Kenya central bank head seeks to weed out ‘bad apples’ – FT
What mobile money giveth, it also taketh away – FT Alphaville
Mpesa: the costs of evolving an independent central bank – FT Alphaville
When financial inclusion stands for financial intrusion – FT Alphaville
Mobile Money Fraud Rampant in Kenya - PaymentsAfrika
Nessun commento:
Posta un commento