The news:
- In a recent debit card fraud incident, hackers targeted Kenya-based Equity Bank, making away with $2.1 million.
- Kenya”s largest bank sent a letter to the country’s Directorate of Criminal Investigation outlining how the stolen funds were transferred to over 500 bank and mobile money accounts.
- At the time of publication, the bank stated that it had restricted all accounts that received the stolen funds and had apprehended 19 suspects in connection with the incident.
The police, which hopes to bring in everyone connected to the crime, stated that investigations are ongoing.
The perpetrators reportedly executed a “card-not-present” scam, using stolen card details to shop online, to defraud unsuspecting victims. Typically, the funds are finally moved to other bank accounts.
In a letter detailing the preliminary investigations signed by Gerald Munyiri, General Manager Security at Equity Bank, it was discovered that KSh 179.6 million ($1.3 million) was paid out fraudulently to the 551 Equity Bank accounts between April 9 and 15, 2024.
Safaricom received KSh 63 million ($478,360), with KSh 39 million ($296,015) going to eleven commercial banks.
A part of the letter noted that the bank is working closely with Safaricom and the other banks involved to follow the movement of the funds.
Kenyan banks require customers to provide information for transactions exceeding $10,000, whereas mobile wallets have a daily limit of $1,900 per transaction, with a maximum of $3,800. This suggests that the fraudulent transactions had to be done in batches.
Fraud has recently become a major concern in the country’s financial services industry. In the three years before July 2023, Kenya’s Financial Reporting Centre (FRC), an agency charged with monitoring transactions in the country’s financial institutions, flagged over $600 million tied to card fraud, corruption and terrorism financing.
The Equity Bank fraud incident comes only days after Kenya’s National Assembly approved the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024.
The regulations, which will set up the framework to monitor, detect, and address cybersecurity threats within the country’s cyberspace, stipulate how to deal with scams, identity theft, hacking and Internet fraud, among other things.
Be the smartest in the room
Join 30,000 subscribers who receive Techpoint Digest, a fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
