advertisement

Markets

PesaLink reports hacking attack to the central bank

A KCB BRANCH IN NAIROBI. FILE PHOTO | NMG
A KCB BRANCH IN NAIROBI. FILE PHOTO | NMG 

Kenya’s commercial banks Thursday confirmed a cyberattack on their inter-bank transfer platform PesaLink, but said neither cash nor customer data was lost or stolen.

Integrated Payments Service Ltd (IPSL), the operator of PesaLink, which is jointly owned by banks, said it had nipped in the bud a hacking attempt into the low-level real-time gross settlement channel.

“We write to confirm that an attempt to access the PesaLink platform was recently intercepted,” said Jennifer Theuri, chief executive of IPSL. “Our cyber security team successfully managed to trace and stop the transactions in close collaboration with the banking partners,” Ms Theuri said in response to our queries.

Sources who spoke to the Business Daily had claimed the attack on the platform may have resulted in loss of millions. PesaLink, which is owned by lenders’ lobby group Kenya Bankers Association, said it had reported the attack to Central Bank of Kenya. It moves an average of Sh50 million daily.

“The actions were duly reported to the Central Bank of Kenya with further investigations to unmask the individuals involved now under way and the perpetrators will be prosecuted to the full extent of the law.” The platform has signed up 28 banks and allows transfers from as low as Sh10 to a high of Sh999,999 to any signed up bank account, without going through telcos’ mobile money wallets.

The hacking disclosure came as KCB customers remained locked out of the PesaLink service for the past fortnight in what the lender attributed to an ongoing upgrade of its software. The bank said it was racing to resolve the outage that has seen its 12 million customers unable to transfer cash using the new platform. PesaLink was launched in February and had transacted Sh7 billion by August.

“On the issue raised, (it) is that some of our PesaLink services have been affected due to a system upgrade which we hope to complete in the course of the day,” KCB Group said.

“The bank is undertaking a normal internal system review of the bank’s interface with the Pesalink interbank money transfer service.”

The PesaLink is normally integrated into banks short code m-banking service and mobile banking apps.

The PesaLink system downtime has forced KCB customers to resort to the lender’s internal bank-to-bank transfer.

KCB Bank on Wednesday sent out text messages to customers informing them of the PesaLink outage.

The interbank money transfer platform.

Kenyan commercial banks hatched the plan to establish a mobile phone-based direct money transfer system in 2012 in the heat of financial pressure from services such as M-Pesa and MobiKash. Despite strenuous denials that they were out to compete with the telcos, banks have argued the telcos were eating into their transaction fees.

advertisement