Is cyber fraud the biggest headache for fintechs?

Digital finance executives are facing a crisis over a rising spate of cases involving cyber fraud targeting payment platforms. 

In October 2020, a major hack that compromised Uganda’s mobile money network plunged the country’s telecoms and banking sectors into a deep crisis.

The security breach on a consumer finance aggregator, Pegasus Technologies, mainly affected bank to mobile wallet transfers. 

Close to $3.2m (Shs11b) is estimated to have been stolen in the incident with some reports quoting a much higher figure.

This financial figure rose to Shs40 billion in 2021 as cybercriminals continued to plough their claws into payment platforms’ transactions, according to the Police cybercrime unit. 

It is for this reason that top chief executives in the banking, fintech and telecom space met last week to discuss ways of mitigating such emerging cases. 

Wim Vanhelleputte, MTN’s chief executive notes the current threat in cyberspace has been the human being described as the weakest link of the chain in the entire system.

As technological defences become more robust, Vanhelleputte notes cyber criminals are increasingly using social engineering techniques to exploit the weakest link in the security chain - people.

Cyberfraudsters are using a variety of means – both online and offline – to con unsuspecting users into compromising their security, transferring money or giving away sensitive information.

According to Proofpoint’s 2019 report, ‘The Human Factor’ 99 percent of cyber attacks use social engineering techniques. 

Such techniques can include pretexting; a more complex social engineering attack in which the con artist gains a victim’s trust, typically by creating a backstory that makes them sound trustworthy.

Other techniques also include; voice phishing , a form of targeted social engineering attack that uses the phone to send recorded messages telling recipients their bank accounts have been compromised. 

Victims are then prompted to enter their details via their phone’s keypad, giving them access to their accounts.

“We are facing extremely smart in psychology and social engineering to trap into sharing your digital assets. People are being tricked into sharing their personal details,” Vanhelleputte says. 

Vanhelleputte says telecoms and financial technology firms are embarking on aggressive cybersecurity knowledge sharing of, “Don’t share your personal identification number” to minimise tricks of cybercriminals on customters. 

Cyber security is not just an expense but a cost you must undertake. 

“Cyber security is now a business where people are continuously looking for vulnerabilities,” Irene Sewankambo, the Uganda Communications Commission director says. 

 The probability of fraud happening for larger amounts has been happening during transfers between aggregators and banks, according Murali Manoj, Airtel’s managing director.

Senior citizens remain high targets too according to a profiling of attacks made by Airtel that was meant to understand the major victims of the attackers.

Stepping ahead 

Financial technology must up their game and think ahead of fraudsters as such cases intensify...

Manoj says the country must boost its efforts in training more cyber security experts, though currently, there is a talent shortage in cyber security skills. 

Wilbrod Owor, the Uganda Bankers Association’s executive director, says the increasing fraud incidencess should involve telecoms, fintechs and banks sharing information. 

“Working together in sharing information is critical. We need a framework to formalise an information sharing network,” Owor says. 

Tumubweine Twinamanzi, Bank of Uganda’s director of supervision, says an arrangement for information sharing is currently being undertalen under the East African Council Governance. 

“We are developing a cyber security security sharing platform across central banks in East Africa,” Twinemanzi says.

One of the vulnerabilities in cyberfraud is the cashing out money through bank withdrawals, or money remittances.