Investors ordered to provide debit card copies in KenGen rights issue

KenGen shareholders at a past meeting in Nyeri town. PHOTO | JOSEPH KANYI

Investors in the Kenya Electricity Generating Company (KenGen) rights issue that ended on Friday were exposed to possible breach of personal data as a number of stockbrokers demanded they attach copies of debit cards on application documents.

Selling agents such as Dyer & Blair Investment Bank and Suntra Investment pointed an accusing finger at Image Registrars, saying the registry services provider had demanded the electricity producer’s shareholders provide copies of their plastic cards.

But in a quick rejoinder, Image Registrars chief executive Lawrence Kibet said they had not imposed any such a condition, adding that existing shareholders are not obliged to provide any information beyond what is required in the provisional allotment letters.

The upshot of KenGen shareholders giving out their ATM/debit card details is that a third party can use one’s card number and security code to carry out an online transaction such as paying for goods and services.

“The registrar requires that the shareholder attaches evidence that the bank account provided belongs to the shareholder,” said Cynthia Mbaru, Director of Corporate Finance at Dyer & Blair Investment Bank.

State-owned KenGen has more than 191,000 shareholders and collecting their card details poses grave risks such as card fraud and data theft.

“There is no requirement to have a copy of the ATM cards as proof of bank account details. There is no requirement for shareholders to provide copies of ATM cards for them to participate in the rights issue,” Mr Kibet said in an interview with the Business Daily.

READ: State uptake of KenGen rights to cut finance cost

AIB Capital, one of the selling agents in the Sh28.8 billion KenGen cash call, said it was not demanding copies of the cards for one to take part in the rights issue which closed on Friday last week.

“We are not doing it. It doesn’t make sense. I don’t understand why any selling agent would demand a copy of shareholders’ debit cards,” said Paul Mwai, chief executive of AIB Capital.

Capital Markets Authority boss Paul Muthaura had not commented on our queries by the time of going to press.

John Kiptum Juma, an IT risk and internal control consultant at NetGuardians, said with copies of one’s card details, a hacker can clone the card — copying the information to create a new card with similar details and access your account.

Such card details may also be sold online to hackers, Mr Juma warned.

“This is a serious breach. Sharing your card details is sufficient to reproduce a similar card and can be used to transact. One may also sell such information online to hackers,” said Mr Juma in an interview.

KenGen boss Albert Mugo said the requirement of copy of debit cards was “strange”, adding that a “review needs to be done” to arrest the breach.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.

Get it First!

Stay up to date on the editors' picks of the week.

Latest

  1. Senior Talent CEO Nduati Maina

    PRIME Nduati Maina’s marriage character development

  2. President William Ruto

    Ruto stops schools reopening indefinitely

  3. Geoffrey Odundo

    Former NSE chief Odundo joins CPF Group

In the headlines

View All