Financial institutions have been challenged to ramp up investment in data and advanced fraud prevention technologies to mitigate risks and protect against rising threats, according to Metropol, a business information company with operations in East Africa.
The challenge comes on top of heels of an increasingly AI-powered cybercrime activity that are disrupting businesses, a daunting reality that has seen regulators impose penalties running in billions.
A 2023 report by the Communications Authority of Kenya (CK) revealed that the country lost Ksh.10.71 billion ($83 million) to cybercrime 2022, ranking second in Africa after Nigeria’s $1.8 billion loss. Uganda followed with $67 million, Botswana with $39 million, and Lesotho with $2.3 million.
Locally, businesses and agencies affected by cyberattacks spent an average of Ksh.561 million ($4.35 million) to restore services.
Metropol Credit Reference Bureau (MCRB) Chief Executive Gideon Kipyakwai cautioned that cyber-enabled financial fraud is now a significant concern, allowing criminals to steal massive volumes of identity information, a growing trend among fraud specialists targeting banks.
“The latest report shows financial institutions are losing close to Ksh.500 million every month to fraud,” said Kipyakwai, adding that about 47 percent of organisations “have faced fraud cases in the last two years. Institutions must leverage data and technology to safeguard against these threats.”
He said fraud cases are most prevalent during the customer onboarding process, where some banks struggle to verify identities effectively. This loophole enables malicious actors to pose as legitimate customers, commit fraud, and erode trust.
Also Read: Metropol Unveils Enhanced Analytics Platform to Deepen Credit Market Insights
“We are seeing two major sources of significant fraud. First is during onboarding, where KYC processes trigger vulnerabilities such as identity theft. Secondly, transactional fraud where genuine customers’ data is stolen and used to run multiple unauthorised transactions,” he explained.
Kipyakwai spoke during a stakeholders’ forum hosted by Youverify, in partnership with Metropol and Geni, which focused on strengthening compliance and fraud prevention in financial services.
The warning comes against the backdrop of a recent survey from the Central Bank of Kenya (CBK), which put to light an acute shortage of cybersecurity professionals in the country’s financial sector.
This even as these institutions are still relying on manual monitoring systems and limited access to real-time security technologies, leaving them exposed to sophisticated cyber threats.
The CBK survey also found that many banks are still struggling to meet baseline compliance requirements due to staffing constraints and rising costs of technology and training.
Manual monitoring system, according to Mbaabu Muturi, is due to a talent gap that is leaving the institutions much exposed.
“If cybersecurity experts in the financial sector do not shift from simply implementing security measures to leading the development of security across organisations, tougher times lie ahead,” said Muturi, a Cybersecurity specialist and Adili Risk Advisory Services consultant.
The National KE-CIRT/CC detected 1.1 billion cyber threat events in 2023 — a 16.5% increase from the previous year’s 971 million. The surge was attributed to increased exploitation of system vulnerabilities, driven by the country’s growing use of insecure Internet of Things (IoT) devices, poor system configurations, outdated software, and emerging technologies such as AI.
