Work collaboratively to address growing cybersecurity threats - expert

CYBERSECURITY   

Financial service providers have been urged to work collaboratively to address the growing cybersecurity, Anti Money Laundering (AML) and Combating Financing of Terrorism (CFT) threats.

The appeal was made by the HiPipo chief executive officer Innocent Kawooya following a security breach that saw the management of Stanbic Bank, MTN and Airtel issue a joint statement indicating that they had experienced a system incident forcing them to temporarily suspend bank-to-mobile money/wallet and mobile money to bank transactions.

According to the statement issued on October 3, a third-party service provider experienced a system incident, which impacted service provision.

It is reported that the breach happened at one of the leading financial technology companies (Fintech) that integrates mobile money transactions between the three top companies, enabling payment of utility bills.

"The unfortunate events that have seen operators jointly issue press statement of a Fintech security/fraud incident are very regrettable for the fast-growing industry. The immediate need is to contain the incident impact and bring back the services live as soon as possible. This is key to ensure the trust of disgruntled and impacted customers is not further damaged and lost," Kawooya said.

HiPipo is a local digital and financial inclusion company that is spearheading interoperability of financial technology systems in Uganda. 

"The industry is interconnected where you have a store of value, channels and modes of payment in many cases siting with different range of players.

"If the players collectively share information and implement effective controls, the industry will prevent fraud, quickly detect and stop incidents to minimize impact. This will enable us to continue to build trust and not risk eroding the gains we have made for financial inclusion," Kawooya explained.

Although the companies said that balances on both bank and mobile money accounts were not impacted by the incident, some sources indicate that billions of shillings were lost.

This comes at a time when mobile money is increasingly gaining prominence in Uganda, with sh79.8 trillion transacted through the platform by June 2020, according the Bank of Uganda's deputy governor Michael Atingi-Ego.

Mobile money transactions were accelerated during the lockdown to control the Covid-19 pandemic as most companies, entrepreneurs and individuals relied on mobile money to effect payments.

Also, a growing number of banks are closing some branches as people continue to adopt digital banking.

Through mobile banking and internet banking, customers enjoy increased access to their accounts by exercising Bank to Wallet (B2W) or Wallet to Bank (W2B) provisions.

Average monthly B2W transfers in the year to April 2020 stood at sh148.26b, while W2B transfers stood at sh66.23b; up from sh101.89b and sh41.17b, respectively.

This growth is representative of a shift towards digital payments for an array of services, both local and international remittances, school fees, loans, utilities, and savings.

Cyber insurance

Speaking during a two-day Fintech landscape exhibition at Sheraton Kampala Hotel in July, Oscar Ofumbi, the Head of Business at Lend in a Box, urged Fintechs to embrace cyber insurance so as to externalise risks by allowing the insurance company take on any related costs suffered in case of an attack.

It should, however, be noted that despite being launched as a product about five years ago, the uptake of cyber risk insurance in Uganda is still very low.

The public service state minister David Karubanga also alluded to the rising cyber risk threats, saying that players need to invest in building robust security systems to ensure safety of users' information and funds.

He noted that government is trying to work with international organisations to address the challenge but urged players to report cyber risk occurrences to help the government investigate.

Kawooya also alluded to the need to secure payment platforms, saying that without that, people will lose trust and confidence in the digital payments systems.

"Without cybersecurity, you cannot achieve full financial inclusion because if there is a lot of fraud and businesses losing money in an ecosystem that is not secure, people will not use it; they will keep it in their bags or assets and in the end, we shall not have money to grow the economy," Kwaooya said.

Although the 2017 Uganda Cyber Security report put cybercrime-related losses at over $42m (sh154b), it is said that majority of cybercrime incidents in Uganda go unreported, mainly due to fear of brand reputation damage.