It is the Christmas season, meaning the shopping frenzy will lead to a surge in purchase transactions. And this comes from cyber attacks and fraud attempts in the retail sector. Is it time to panic?
A report by TransUnion, a global information and insights firm, shows that suspected online shopping scams have grown 42 percent in Kenya in the run-up to the festive season.
The study found that 5.4 per cent of all Kenya’s e-commerce transactions during the period have been suspected to be potentially fraudulent.
Further, the report adds that the average number of suspected digital fraud attempts on any given day during the holiday season globally is 82 percent higher than during the rest of the year.
The trends start showing around November 23.
Elsewhere, a Visa Global Risk Investigations report last month showed that cybercriminals are now shifting their targets to physical points of vulnerability as in-person commerce resumes to pre-Covid levels.
According to the report, card-present threats such as physical skimming on ATMs and point-of-sale terminals increased by 176 percent during the 12 months to December 2021.
So, in the middle of all this uncertainty and vulnerable exposure, the biggest headache in most people’s minds would be how to protect themselves from being ensnared by these fraudsters as they go about running their festivity errands.
“Flood gates are open for cyber-scams and hacking attempts and this requires people to be extra vigilant,” says Dr Ken Okong’o, a data protection and ICT policy expert.
Despite the sophistication of cybercrime, much of the fraud that succeeds can be attributed to ignorance on the part of the user.
As a transaction initiator, you can increase and improve your online security.
Most online transactions will require you to key in a card verification value (CVV) or card security code (CSV), which is a three-digit number at the back of the card to ensure that you are physically in possession of the card.
Experts advise that you can add an extra layer of protection in the form of an aside personal identification number (PIN) that is different from the CVV to authorise the transaction.
Salome Makau says having a PIN ensures that even when the card is stolen, no transactions can be carried out without proper authentication.
In addition to keeping all invoices and receipts, she recommends comparing your statements with all invoices and receipts you receive online.
As an additional measure, you can request for periodic statements to be emailed to you by your bank to make it easier to spot any irregularities in the transaction.
Many banks today offer online and mobile banking services that notify you as soon as a transaction is made using your card.
Kaspersky advises that you should only open safe pages using trusted browsers to keep phishers at bay. Widely circulated links promising free airtime, money and other products have been used in phishing attacks to collect personal data and use it to siphon cash.
“Look for those with https:// at the beginning of the link or a padlock to ensure your details are being keyed into an encrypted and secure site. You can also use a security keyboard provided by anti-virus companies to increase user protection when entering sensitive data,” says the cybersecurity solutions provider.
Other remedies include avoiding the use of free Wi-Fi at public facilities, switching off the auto-fill and ‘remember password’ functions when browsing and refraining from keying in sensitive data while in public spaces.
As add-ons, experts recommend the use of strong passwords, avoiding clicking on and installing strange apps and shopping with reputable retailers.
During the three months to September this year, cybercrimes and related threats in Kenya rose 199 percent to 278 million with small firms reporting the highest number of incidents.
The Communications Authority of Kenya has in the past advised users to choose applications and plug-ins carefully as most backdoors hide inside seemingly benign apps and plug-ins.
