Data from the Communications Authority of Kenya (CAK) shows that cybercrime incidences in Kenya rose by over 50 percent in the fourth quarter of 2021 to 56.2 million, from 35.1 million threats reported in 2020.
Media reports also indicate that savings and credit cooperative societies (SACCOs) lost Sh106 million in the 17 months to March 2021 due to cyber theft. These losses have been a result of an increase in the use of digital platforms for financial transactions.
A study by the Financial Sector Deepening (FSD) Kenya however paints a positive picture of online financial services. The sector recorded strong growth in mobile money accounts – about 3 million in three months from the onset of the first Covid-19 case in the country in March 2020. This number has been on the rise since.
Fintechs are accelerating at a dramatic rate, both in Kenya and around the world. Fintech solutions such as cashless payments, mobile banking, and other technology-powered solutions are reshaping how customers, financial companies, and banks manage their finances.
However, the wide berth of financial innovation that fintechs are creating comes with new and emergent challenges in data privacy which must be tackled. As the demand for mobile banking rises, so does the need for reinforced systems for fintechs and community banks to protect the billions of Shillings they hold.
Fintechs face similar issues on the horizon, given the amount of data they collect from their platform users. Security of the user data is therefore important for their growth and stability.
According to IBM, the average cost of a data breach in the financial industry is $5.85 million. As digital transformation engulfs the financial sector, mobile banking and payment apps have become one of top targets by cybercriminals.
Malware and application attacks continue to rank highly among the factors that have contributed to the surge in cyber-security challenges. In 2017, Kenya lost approximately Sh21.2 billion to cybersecurity, second only to Nigeria which lost Sh65.5 billion.
Kenya has a population of close to 31 million people with access to the web, according to a report by Jumia Business Intelligence, most of whom use their mobile devices for financial transactions and access to loans. For obvious reasons, the security of their data should be foolproof.
Examples have begun playing out on what happens when customer data lands in the wrong hands. It can be disastrous for the user. Not so long ago, investigations by the media highlighted how personnel from loan app companies, who often charge exorbitant interest fees, harass users who default on their payments. Loan apps have also come under scrutiny for illegally sharing clients’ personal information with third parties.
What steps can fintechs take to make sure their systems are infallible and rock-solid?
Using data encryption algorithms to secure the data can help prevent third parties from obtaining critical information about users. This is fundamental while assigning special keys only to data protection officers who will be held accountable in the event of data theft.
To minimize data breaches, secure authentication methods should be present in fintech solutions. For example, software users should regularly change passwords or add another security layer by introducing biometric authentication, based on a person’s features – fingerprint, voice, iris pattern amongst others.
Flexible regulation can help reduce uncertainty. Kenya’s Data Protection Act of 2019 protects the rights and interests of Kenyans on issues touching on data, providing clear guidelines for companies to handle their users’ data with care and trust.
Updating data security and privacy standards is important for establishing the scope of what data a consumer can authorize and setting limits on data use. It also leads to the establishment of a consent structure by fintechs that guides consumers on what they sign off on their personal information – how it can be accessed, shared, or sold.
Ultimately, at a time when trust is more important than ever before in financial services, consumers want more transparency and control of their data. It’s the responsibility of fintechs therefore to prioritize customer data against current and future threats to ensure a stable and thriving relationship with their users.
By Antony Wanaswa
The writer is the Growth Marketing Manager (KE/RW/UG) at Chipper Cash