The warning by the Central Bank of Kenya (CBK) of the rising risk of fraud from remote registration of mobile money customers should be taken seriously.
With the mobile money industry’s enormous growth, financial hazards such as mobile money scams have also been on the rise. Some of these rip-offs include SIM swaps, where criminals get a new SIM card registered on an existing user without their knowledge and use it to transact and borrow funds.
Unlike the highly regulated formal banking system, mobile money service providers (MMSPs) do not have stringent know-your-customer requirements and are thus vulnerable to fraudsters.
The CBK said MMSPs should address this vulnerability as a matter of urgency.
They must properly identify customers and implement the financial and economic crimes law, Proceeds of Crime and Anti-Money Laundering Regulations 2023 and Prevention of Terrorism Regulations 2023.
Mobile money services such as M-Pesa have grown in stature in the financial services sector, interlinked with banks, micro-finance banks and saccos, meaning that any risk, on their end, can find itself in the rest of the financial institutions.
While MMSPs have often requested customers to upload scanned copies of identification documents during the registration, the CBK, in a circular that also roped in banks, warned that this could not be synonymous with identifying the person.
Financial institutions must remain proactive in identifying and addressing potential vulnerabilities and regularly update and improve security measures based on emerging technologies and evolving threats.
To safeguard against these risks, financial institutions, including MMSPs, could implement two-factor authentication involving sending a one-time password to the registered mobile number or use biometric methods such as fingerprint or facial recognition to identify persons registering remotely.