Kenya, bracing for $23 million in online fraud, to support African cybercrime pact

African Union ministers will meet next month on a legal framework for a regional deal on cybercrime efforts

Amid revelations that Kenya could lose up to US$23 million this year through cybercrime, the Kenyan government has announced its support for the ratification of the African Union (AU) convention on the establishment of a credible legal framework for cybersecurity in Africa.

According to cybercrime statistics released by Fred Matiangi, the Kenyan cabinet secretary for information and communication technology (ICT), the banking industry is the most affected by cybercrime.

As more Africans use the Internet for their banking needs, the number of fraudsters eyeing online financial transactions has also multiplied. The Kenyan government statistics indicate that on a daily basis, close to 1,000 Kenyans fall victim to Internet fraud.

Meanwhile, Africa's heads of state are expected to meet in January next year to discuss the ratification of the AU convention on the establishment of a legal framework for cybersecurity in the region. The AU convention on the establishment of the legal framework seeks to harmonize African legislation related to e-commerce, personal data protection and cybercrime control.

Two months ago, the Kenyan government announced it would assign each person using the Internet a virtual identity in a bid to curb the rising tide of cybercrime. Through the Kenya ICT Board, the government said it would soon establish a public key infrastructure, which will allocate virtual identities to Internet users.

The publicity surrounding the region's cybercrime is raising fears that Africa may face a slowdown in international investment in the telecom as well as the financial sectors. In Southern Africa, Zambia, Zimbabwe and South Africa have in particular been experiencing an increase in mobile and Internet banking fraud, resulting in millions of dollars in losses.

A number of local and international banks in Zambia and South Africa have reported phishing attacks on their Internet banking systems, and in some cases they have been forced to temporarily close branches to protect customers' money.

Officials in these countries have been warning banks that they should not compromise on security in light of the increased risks.

In East Africa, Kenya has been hit the hardest while in West Africa, Nigeria and Ghana have suffered the most attacks.

Africa is experiencing an explosion of mobile money services as banks and mobile service providers compete for customers who would otherwise not have a bank account. This has increased phishing activities on unsuspecting customers, in an effort to lure them to fake sites.

Banks in the region are encouraged by the growing mobile customer base to launch innovative payment options to reach millions of the so-called "unbanked." But that is putting citizens more at risk of cybercrime. In South Africa, there are more than 13 million unbanked people while in Zambia, 60 percent of the population is currently unbanked.

The problem has further been compounded by the fact that very few banks in the region that provide Internet banking services are also able to offer security software to curb cybersecurity attacks.

"The AU convention will help move faster the harmonization of cyberlaws and give authority to countries to arrest and prosecute cybercriminals regardless of where the offense was committed. This will help in the fight against cybercrime," said Edith Mwale, telecom analyst at Africa Center for ICT Development.

Cybercrime in the region is said to have increased following the lowering of bandwidth and connectivity costs as mobile service providers and international cables compete for customers. Over the past few years, African has been trying to harmonize cyberlaws to deal with cross-border criminals by allowing member countries to prosecute criminals wherever a crime is committed in the region. However, progress has been slow in several countries.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitylegislationgovernment

More about FredWest

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Malakata

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place