Africa is celebrated as the birth place of mobile money revolution, piloting the initiative that has seen more people come into the financial fold in many countries in the region and front running developed nations with much advanced form of financial inclusion.

But the mobile money revolution that the continent is experiencing comes with unprecedented cyber security challenges. Unlike other technological challenges that Africa imports from other developed regions of the world, mobile money challenges are unique and do not have any copy-paste solutions.

“When it comes to end user security Africa has a number of challenges because we are adopting phones and moving into mobile money. In a typical sense we usually rely on the west to help us protect our IT systems, but with mobile money and mobile fraud we have to build our own routes around that,” Wiliam Makatiani, CEO Serianu Limited, told AFKInsider on the sidelines of a Cyber Security Workshop in Nairobi.

“So there are no models to copy and that is where we are going to face challenges. I’ve seen some people from Harvard and Oxford building some controls but I think we have to reinforce these ourselves.”

Serianu, a Kenyan based business data analysis and protection firm, together with Telecommunications Service Providers Association of Kenya (TESPOK) launched Kenya’s cyber security report 2014 on Wednesday.

Makatiani says even with the other technologies imported into African countries the security levels are still wanting and the continent, with its lax ICT laws and policies, remains the most exposed region in the world.

Building Processes

“The challenge is we have adopted new technologies without really building processes around those technologies. We are very exposed,” he said.  “North Africa is a little bit ahead because of their proximity to Europe, but as you come back to sub-Sahara Africa there is a huge gap.”

Kris Senanu, TESPOK’s chairman and also CEO AccessKenya — a previously Nairobi listed IT firm — said the situation is however not all hopeless. Governments in the region are now catching up to the needs of the sector and are putting in place measures to check the increasing threat of cyber security.

Several government websites have fallen prey to hackers, putting huge amounts of citizens data and even government revenue collection systems at risk. In a specific case  in 2012 over 100 Kenya government websites were defaced by an Indonesian hacker.

“The government is playing up catch up again. The internet has grown much faster than governments can develop regulation. We as private sectors are the ones to guide government in terms of policy for the internet. We are willing to go into private-public partnership to deal with these issues. Right now we are working CCK in Kenya and in the region ICANN to do this together,” Senanu told AFKInsider.

The other challenge is the lack of authenticity when it comes to identifying persons in Africa doing business on the internet, a loop hole unscrupulous persons mostly in Nigeria have taken advantage of.

“We have a big threat but the problem is that we don’t have proper visibility. But if we want proper e-commerce and mobile-commerce (which seem to be moving much faster and growing) then we must be ready to deal with the issue of security,” Senanu said.

“We need digital certificates and digital IDs so that we can know who’s doing what online and we can easily identify people if there is an issue. It is all about securing the cyber space and the mobile space. The law also need to define cyber crime so that the police can be able to catch it and prosecute.”

SIM Card Swiping

Tyrus Muya, head of information security at  a regional IT firm Cellulant, said some of the serious frauds involving mobile money his firm had encountered were in Tanzania where criminals would swipe subscribers cards and steal their victims’ ‘virtual’ money.

“What the fraudster does is get someone internally (at a MNO) to swipe your information on a blank sim card and since they already have your mobile banking details they simple enter your pin and perform a transaction on your behalf. What you’ll experience is momentarily losing connection to the network and you may not even think about it,” Muya told AFKInsider.

Regional African blocs such as COMESA, SADC and Africa Union are working on harmonizing cyber security regulations in member states to ensure there are no loopholes that criminals can use by changing location from one state to the other. But this legislations are still very low in proirity compared to other serious issues the continent is facing.

With only about 16 percent of the nearly a billion people accessing internet , cyber security falls short of a serious concern in a region grappling with food insecurity, conflict and extreme poverty. Data from the International Telecommunication Union (ITU) show that all the bottom 22 countries with the worst internet accessibility and affordability are in Africa.

“The one group (bloc) that is ahead in harmonization is the South Africa group – SADC,” Makatiani said.