57 percent of licensed commercial banks in Kenya have ZERO chills to online security!

Published in

Due.com

6 min readMay 11, 2017

Fifty seven percent (Twenty four out of forty two) of the licensed commercial banks in Kenya have insecure websites that send unencrypted information across their network including the Kenya Bankers Association who is supposed to guide on leading industry standards.

This means that for every ten people you meet on the streets who have bank accounts , five of them are vulnerable to online fraud because of their banks inability to progress with technological advancements.

I can remember in the late 90s , my parents had bank accounts at Post Bank and their banking was still at a manual stage where deposits and withdrawals over the counter were recorded on pass books.Banking fraud was not rampant because there were a lot of manual checks involved to mitigate fraud rings.This slowed down service delivery because of the long queues and manual operations that were witnessed .Some opted for multinational banks like Barclays and Standard Chartered even though they charged very high account opening and maintenance fees.What excited them was their relatively faster service delivery process compared to their local counterparts . This was the competitive advantage that banks in the industry would strive for at the time.

Now , almost two decades later, the banking industry has been disrupted by different players from different industries and they are no longer just competing amongst themselves.Today, Kenya is on track as a result of that continued disruption to realize her goal of financial inclusion to her people of ensuring the unbanked get banked while also having independent institutions who can report consumer credit worthiness.A lot of these efforts have happened during the last decade and we have witnessed the rise of mobile wallets such as Mpesa and agency banks in our neighborhoods. These developments have been promoted by the rise of smartphones from feature phones and increased Internet connectivity around the country.This means that we now share a lot of our personal information with many different institutions.

Due to increased competition for retaining and attracting new customers , banks have come up with different ways of customer acquisition , engagement and retention.Most of these strategies have revolved around online on-boarding through mobile phone applications and websites extend their banking services as online products.

However, some of these banks have cared less on the security of their websites and this article is meant to us on how prone we all are to hacking.

Let’s remind ourselves a few things about banking systems!

Banks use legacy systems with a lot of proprietary technology that were built in the late 70s and early 80s such as mainframe computers.Their technology which includes their systems and databases are layered in a secure network that can only be accessed internally.At this level , a breach would be possible only if their credentials leaked.

Banks have connected their banking network with payment networks like Visa and Mastercard to ensure processing of payments and sending of money globally.Both payment networks advocate and implement strongly the standard regulations by The Payment Card Industry Data Security Standard to ensure minimal intrusion into their network.

Then the big question is how do you connect with your bank online?

Well, we all use their websites or mobile phone applications.When you access banking websites or mobile phone applications , you interact directly with them.

Most of the banks have separated their websites from their core banking system so that they are loosely coupled and they can minimize the risk in case of any possible intrusion.Few have had the guts to give their clients a very seamless customer experience by integrating their web and mobile applications to their core banking system.

Lets dive a little bit deeper to those banks that have separate websites not linked to their systems.It turns out they are aware they struggle with security compliance procedures and they would rather have a website just to advertise and market their banking products.These type of banks pose a huge online threat to you as their customer because they have left those websites unsecured and communication over the Internet is unencrypted meaning any intruder can grab you details or even change the destination of that information.Due to the sensitive nature of information we share with them like passwords, card numbers with their CVV details, names , it is unacceptable for them to turn a blind eye on us.

However, we are not that powerless.I have listed all the banks that have shown us that not only do they care about themselves and our money but they have also turned a blind eye on technological progress that will surely burn their feet.

0.Kenya Bankers of Association