Hackers have turned to Savings and Credit Cooperative societies (Saccos) as banks embrace military grade safety controls against a barrage of cyber attacks.
Saccos lost Kes106 million in 17 months to March 2021, with attackers targeting weak controls of the systems given minimal verification of members’ identity
Sacco systems are vulnerable as most societies buy cheaper systems and operate with lean staff to monitor their systems.
The Central Bank of Kenya in the 2020 Financial sector Stability report says Sacco system have very minimal verification by members which make them easy targets.
CBK said some saccos using systems provided by third party vendors do not even have clauses in their agreement where lost cash can be refunded.
“All Saccos must now review and enhance their IT security including their service level agreements to ensure that affected Saccos are compensated by the vendor in the event of an attack where the vendor is culpable. Saccos are also encouraged to undertake indemnity covers to safeguard against attacks,” CBK said.
Kenya’s highly digitized economy linked with mobile money through telcos and banks has made the country a target for cybercrime and online fraud.
Cases where links are widely circulated promising free airtime, money and other products have been used in phishing attacks to collect personal data and use it to siphon cash.
Banks are also facing cyber-attacks targeting weak points in servers especially as lenders operate remotely from home or transition systems.
Eight Kenyan arrested in Rwanda for hacking Equity Bank have been handed an eight-year jail term and fined Kes5.6 million.
The eight are part of a 12-man gang arrested in 2019 by the Rwandan Investigation Bureau (RIB) that included three Rwandese nationals and a Ugandan.
Regional security teams had trailed the gang linked to bank hacking attempts in Kenya and Uganda and had notified Rwandese officials when they set up shop there.