Banks upgrade systems to stop cyber criminals

Kenyan banks are tightening their systems against a new wave of global cyber crime that has seen thousands of British online bank customers lose savings to criminals in one of the most sophisticated attacks of its kind.

The fraudsters used a malicious computer programme that hides on home computers to steal confidential passwords and account details from at least 3,000 people.

Standard Chartered Bank says it is changing the mode of accessing the online banking from having user name and password by introducing use of name and one-time password which their more than 16,000 mobile banking customers will receive through their phones.

This also comes in the wake of a recent Central Bank of Kenya report that indicating that commercial banks are losing an average Sh100 million to fraudsters every month — signalling the level of the threat in the industry and the amount of investments that need to be made to keep customers deposits safe.

Apart from Standard Chartered that says it is introducing the new service in Africa before the end of the year, Equity Bank plans biometric authentication.

Mr David Awcook, the group head of technology at Standard Chartered, said the reduced cost of communication and improved bandwidth has raised the profile of mobile and Internet banking, creating demand for banks, while exposing clients to global cyber criminals.

“As a bank, we continue upgrading our banking systems to make them secure but the real threat is on the customer behaviour or collusion,” said Mr Awcook, saying there was an urgent need for customer education on the crimes.

In the past two years, the Kenyan banks have invested more than Sh20 billion in security solutions meant to safeguard their clients from cyber attacks, mainly targeting new product lines such as online banking, card businesses and e-commerce channels.

Fintech Technology Solutions general manager Raymond Mutura says as financial institutions adopts online transaction, insecurity is rising, leading the institutions to look for ways of cushioning themselves from possible losses.

“There is a shift where organisations, especially financial institutions, go from the two mode ( password and PIN) to three-pronged method by adopting biometric method,” said Mr Mutura.

The adoption of biometric technology by financial institutions is seen as a means of enhancing information access and data security.

The method requires personal transactions and use parts such as thumbs.

It comes at time when banks are moving to Internet banking, which requires that users maintain a high level of confidentiality, for example not revealing passwords or PINs.

Biometrics can be applied to uniquely identify an individual, based on his/her physical or physiological or behavioural traits, features or attributes, which include facial recognition (visage is such an example), DNA, fingerprint, and voice recognition, among others.

CBK’s fraud department data indicates that the incidence of banking fraud rose to three per cent of total financial transactions last year, from 0.5 per cent five years ago, helped by increased bandwidth.