A survey by the Kenya Bankers Association released in February 2022 indicated that “six out of every 10 bank customers (58.4 percent) preferred Mobile Banking, with another two out of 10 (20.3 percent) recording their preference for Internet/ Online Banking.”
The last two years have seen growth in the adoption of mobile and internet banking services as the government encouraged people to adopt cashless transactions as a means of reducing COVID-19 infections.
The increased adoption of out-of-branch transactions while offering convenience to Kenyan bank customers has also come with its fair share of challenges.
Key among them is increased targeting of digital banking platforms by Fraudsters who have also evolved and are now using advanced technologies and social engineering techniques to defraud targeted institutions and customers.
Some of the common fraud schemes affecting customers include account takeovers, where a fraudster successfully gains access to a customer’s bank account and performs fraudulent transfers. This could be through the unauthorized access of personal information that allows the fraudsters unauthorized access to customer accounts.
When it comes to mobile banking, SIM Swap Fraud is one of the common ways in which fraudsters gain illegal access to bank accounts. To do this, the fraudsters illegally substitute/ hijack a target customer’s mobile number. In other cases, fraudsters can also pretend to be officials/ employees from a trusted institution such as the bank and dupe the victim into disclosing confidential information or transferring funds to accounts controlled by the fraudsters.
While banks are continually investing in technologies that enable them to prevent and identify fraudulent transactions, customers too have a responsibility to play in keeping their own bank accounts safe.
How then do customers ensure that they are safe when using these platforms?
Equity, which is one of the largest commercial banks in the region with extensive digital banking products advises customers to never share personal information such as username, password, PIN, and OTP (One Time Passwords) with anyone including merchants, and relatives, or friends.
Additionally, avoid storing sensitive information such as passwords or account numbers on your mobile phone as it has a high likelihood of being stolen or lost. You are also encouraged to make immediate reports to your mobile phone service providers whenever your mobile phone loses connectivity or reports a SIM card issue to avoid being a victim of SIM Swap fraud.
For those using mobile apps, ensure that you sign out of your mobile banking App when done using it as opposed to just closing the app. This protects you from unauthorized transactions on your bank account in the event that your device lands in the hands of someone else.
Ensuring that you regularly update your mobile banking application and are using the latest version also provides you with an additional layer of protection as banks regularly update their systems to detect fraudulent transactions better. Some of these enhanced features that come with updates may also require that your mobile device is using the latest software (Android or iOS) version.
It is also important to only download mobile banking applications from trusted sources (Google Play & App Store) and review the privacy policy and data access of the apps before installing them. To limit unauthorized access to your device, which may also compromise your bank account, always set your device to require a passcode to gain access if the feature is supported in your device and disable phone features not actively in use such as Wi-Fi, Bluetooth. When changing your mobile phone, delete all information stored on the device before the phone change ownership.
When using internet banking platforms, do not share your online banking information such as username, password, or OTP with anyone. Only submit online account login information to websites using encryption which is indicated by “HTTPS://” (the “s” is for secure).
For additional protection, create difficult passwords by use of a combination of letters, numbers, and symbols whenever possible. These should not be personal details that may be easy to guess like date of birth, city or town of residence or birth, or names of family members. Avoid using the password autosave feature on your web browser. It is also advisable to change your passwords frequently and do not re-use them.
It is important to avoid using cyber cafes or public WiFi when accessing your bank account. Do not click on random links in email, social media pages, and online advertisements or download unsolicited files as they may contain malware that can be used by hackers to access your account. Always ensure that you log off or sign out of your online banking sessions. Simply closing the browser window does not necessarily end your sessions. It is also important to ensure your computer is running on the latest software version.
For Equity customers, the bank has set up special channels they can use to contact the lender whenever they feel that they may be targets of fraud. They can reach the Bank via its verified social media channels on Facebook and Twitter: @KeEquityBank and also call 0763 000 000 with details of your fraud complaints.
Customers are also encouraged to forward suspicious SMS messages and numbers to 333. Equity avises that it will only call customers from 0763 000 000, and to ignore anyone who calls from another number pretending to be from Equity. Always remember, your PIN is your secret, and Equity staff will never call to ask for your PIN.
