Identity Theft Nightmare: Kenyans Are Losing Millions to Fraudsters

Picture this...you wake up one day and upon going through your morning routine, you finally get to check your phone when a text message sends you reeling.

'You' just drained your entire life savings, or rather, someone pretending to be you just did. Millions, gone in an instance.

Well, this nightmare scenario is more fact than fiction, with Kenya top among the countries where identity theft cases are on a relentless, upward trajectory.

Identity theft involves the obtaining of an individual’s personal identifiable information for financial gain. 

Personal identifiable information (PII) is information that, when used alone or with other relevant data, can identify an individual. This may include full names, ID numbers, medical records and bank or mobile phone details. ‍

How Personal Data is Stolen

With such information, fraudsters can then easily assume your identity and undertake financial transactions such as taking on loans including mobile loans, making purchases using your credit card, transferring money from your account to another one among other schemes.

Over the last decade, Kenya has seen a recent surge in fraud at an alarming level.

Financial institutions have been at the forefront of these attacks as criminals target consumer accounts by constantly engineering new ways to gain access

As the world embraces technology and traditional models of business decline, the threat and risk of fraud also has been increasing.

Financial institutions have been continuously trying to improve their security systems to protect themselves and their customers from increasingly cunning fraudsters. 

The Business Daily reports that Safaricom is planning to introduce a feature that will prevent Lipa na M-Pesa merchants from fully viewing the customer phone numbers when they make a transaction. 

“The plan is to hide your number where it will display say the first two or three numbers and the last ones and block out the middle, just the way banks do,” a Safaricom executive quoted by the publication stated.

The telco seeks to put an end to a trend of these contacts being traded to third parties without consent being sought. These third parties include advertisers, bulk sms service providers and even fraudsters. 

Online Fraud on The Rise in Kenya

In 2019, data from Truecaller -the Stockholm-based caller identification app, ranked Kenya in the top three for countries where users receive the most spam texts across the world.

Spamming isn’t limited to texts as mobile phone users on the continent are also susceptible to receiving spam calls.

The pandemic has only exacerbated the situation as a Communications Authority of Kenya (CA) report released in January 2021 shows a 159.9% increase in cyber threats in July-September 2020 as compared to the previous three months. 

Of the 35.1 million incidents recorded in the period, 27.4% were linked to online fraud.

There has also been a surge in targeted or randomised promotional messages over the last  year, with thousands of Kenyans taking to social media platforms to vent their frustrations. 

"Sasa you pay via mobile money at a club. They take your number and start texting you random promotional messages..Is that not an invasion of privacy?" one fed up Kenyan posed.

Some have gone as far as claiming that the moment you buy a SIM card and activate it in Kenya, at least 12 random promotional messages will pop up before you even get to make your first call.

Betting firms were mentioned quite often during the discourse as Kenyans called for actions to be taken to protect personal data.

However, it is important to note that while getting random promotional messages is annoying and not a lesser form of privacy infringement, identity theft is an even more worrying possibility. 

Compromised staff members at financial institutions as well as government offices that collect personal data have proved to be a major challenge in the collective fight against online fraud in Kenya.

There are various documented cases involving collusion between such staffers and fraudsters.

Forkbombo has to be one of the most famous cases of online fraud, with billions of shillings siphoned by elaborate con artists.

By March 2017, a former Kenya Revenue Authority (KRA) officer and two American nationals were among the list of Forkbombo suspects accused of making away with Ksh3.7 billion that was siphoned from personal accounts.

It is alleged that the infamous gang of hackers were brought together by a former Directorate of Criminal Investigations (DCI) officer.

They are said to have infiltrated several systems including the Judiciary as well as the revenue authority.

A 2020 survey by Credit Reporting agency TransUnion Africa showed that the identity details that people fill in visitors books while going to places such as offices, schools, companies, buildings and various organisations are a soft target for conmen out to steal your cash.

The study further showed that Kenyan banks are losing over Ksh13 billion each year to fraudsters through identity theft.

With the advent of digitisation and automation of financial systems, financial crimes have become more electronically sophisticated. 

It is therefore very important to learn how to stay safe online.

Tips To Avoid Fraud

• Never disclose your phone PIN or mobile money PIN to a third party.
• Make sure your PIN is not easy to guess. Avoid using PINs such as year of birth.
• Do not provide your call records to a third party.
• Ensure you only respond to customer care calls through official designated phone numbers.
• Contact your financial institution as soon as you suspect your details or phone has been compromised
• When interacting on social media (Facebook, Twitter, LinkedIn, Instagram etc.) – updating profiles, uploading photos, sharing media, ensure that personal information you want to keep private is not made available to the public.
• Ensure that your social media apps require a login password. Do not set them to automatically logon.
• Make a habit of Login off your profile when not actively using it.
• Change your social media password regularly.
• Refrain from using the same password for all your social media accounts. The same applies for your PINs (Debit card/Credit card PINs, SIM card PINs etc.)