Technology savvy fraudsters prey on M-pesa’s runaway success
Safaricom CEO, Michael Joseph. Photo/FILE
Technology savvy fraudsters have stolen an estimated Sh21 million from Kenya’s revolutionary mobile phone-based money transfer system, M-pesa.
Michael Joseph, the chief executive of Safaricom — the telecoms operator that owns M-pesa — said the operation has reported suspected or actual fraud in 0.006 per cent total transactions since its inception three years ago.
“Suspected or actual fraud stands at less than 0.006 per cent of all recorded transactions with a downward trend,” said Mr Joseph.
He declined to disclose the exact figures, saying Safaricom had shared the data with regulatory authorities who have the mandate to receive such reports. M-pesa has handled an estimated Sh350 billion since it was launched three years ago.
Increasing attacks
The revelation of M-pesa’s loss comes in the wake of reports that the financial services industry has come under increasing attacks from cyber criminals since Kenya entered the world of high speed internet with the landing of fibre optic cables in the country mid last year.
The financial services sector loses more than Sh100 million to cyber criminals every month, according to the Central Bank’s anti- fraud department.
Anti-fraud experts have feared that M-pesa’s unparalleled success in the money transfer business would catch the attention of cyber criminals and expose the system to huge losses, but the revelation that the money transfer platform has lost less than one per cent of the total cash moved should help clear any concerns over its safety.
Industry sources said M-pesa’s extensive network of 16,000 agents and nine million customers presents a massive security challenge to its managers and that the low level loss is an indication of how far the company has invested in securing the system from cyber criminals.
M-pesa said the number of attempted fraudulent transactions has been rising since last year, but most have been unsuccessful.
“A month does not pass without a new form of fraud. These people are very innovative,” said one agent who declined to be named.
The latest form of fraud targets agents and Safaricom.
The criminals send themselves self-made M-pesa messages indicating that the recipient can withdraw up to Sh35,000, the maximum amount allowed for a transaction.
Subscribers, however, hold up to Sh50,000 in their virtual accounts.
The messages look exactly like the authentic M-pesa texts, but come with made-up codes that have helped agents expose the fraud.
Mitigating cyber crime risk is expected to become a priority operation for players in the financial industry in the coming months as internet use grows and technology becomes the main driver of the business.
Controlling the number of points where customers can access their cash either through their phones, credit cards, or ATM cards is becoming the single biggest challenge for players in the financial sector.
With over 30,000 merchants or agents now providing some kind of financial service, establishing how to stem the flow of fraud incidents emanating from the outlets is now a focus for the industry which is being hit hard by rising incidents of fraud.
“We are telling the banks that up to 80 per cent of fraud can be stopped at the merchant level. There is simply not enough education in the market,” said Reshma Sookran, fraud control executive, Visa Sub-Saharan Africa.
In response to the growing threat, many financial institutions are investing heavily in technological solutions that will help them track processes more efficiently.
Barclays, which claims to have the largest market share in the credit cards business invested in an enhanced card system dubbed Prime 3, which provides real-time account access.
PAYE Tax Calculator
Note: The results are not exact but very close to the actual.
