Technology is a great enabler. Over the years, advancements in tech have allowed us to do more than we could do in the past. And one of the major wins has been in the financial sector. Things that previously took a lot of time are now done pretty much instantaneously. Be it with business transactions, school fees payments, healthcare costs payments, or access to loans to fund our ideas. We’ve gotten to the point where we can access so many services in our hands with just a few taps on our phones.
However, as some would put it, the enabling nature of technology cuts both ways: enabling both the good, and the bad. And as we are constantly reminded each time we hear a case of someone being duped, or losing money, technology has surely also enabled more sophisticated ways for bad players to try and dupe innocent individuals.
In a world of constantly advancing technologies, the possibilities with fraud seem unfortunately endless. Many bad players can try and find loopholes within systems to try and con people, or even just affect the existing financial systems.
In 2018, the World Economic Forum noted that fraud and financial crime was a multi-trillion industry. In the same year, in the UK, customers lost over KES. 68 Billion in online scams including fake purchases, and investments. That should give you an idea of just how big and widespread cases of money fraud are all over the world.
Recently, we’ve seen a lot of discussions in Kenya about customers finding their accounts wiped, or losing money in ways they may not be able to explain. According to a report by Kaspersky, about 47% of users in Africa and the Middle East have experienced, in one way or another, attempts at banking fraud. Those of us who use technology constantly or have learnt about cybersecurity can easily point out that many of these reported issues are cases of some form of social engineering. However, most Kenyans probably still can’t – only realizing something wrong is happening, when they’ve already lost their money.
Whenever we try and make something simple, more accessible, and easier to use, that ease of use brings about the opportunity for a bad player to find ways to con an unsuspecting user who may not be too tech-savvy to notice. And this is something that affects many banks, and even mobile money systems.
We cannot however argue against simplicity, or ease of use with technology. If we make stuff harder, the whole point about tech being an enabler becomes lost. What we can do, nevertheless, is make things clearer, more understandable, and properly streamlined. So that we don’t have fake third parties get in the way of unsuspecting customers.
With more people using USSD codes, apps, or websites to interact with their bank accounts, there needs to be proper understanding of measures to be adhered to when using these systems. First of all, use the official services offered for banking, don’t trust any third parties. You should also never trust information that’s not sent directly from your bank. Also, remember to set strong passwords and PINs that are not easy to guess, and enable two-factor authentication for all transactions. Some banks already enable this by default. For example, on Equity’s EazzyNet internet banking, customers get a One Time Pin (OTP) to enable them to transact successfully. The OTP is sent to the mobile number registered at the bank. This is a way by which the company ensures the transaction requested is valid.
Should you lose your phone, it is important to notify your bank immediately so as to block your SIM card and prevent possible transactions.
This is information that banks need to find proper channels to share with all their customers. And this can be done through different mechanisms like having a single point of contact that all customers know of.
A growing trend we’ve seen is attempts by fraudsters to tell you your account has been locked, or suspended, or deactivated. These are lies that shouldn’t receive any actions from customers. With one point of contact from banks to customers, such attempts can be thwarted easily because customers will know that’s not their bank reaching out to them. For example, all Equity SMSs come only from EQUITY or EQUITEL and all calls come from 0763000000. Any other communication claiming to be from them via other means should be taken as false.
All customers need to be made very aware of their respective bank numbers, so that whenever they see a suspicious number calling them, or texting them, they immediately recognize it as an attempt to steal from them if it doesn’t come from the specific number, or from the proper SMS sender ID. Customers should be encouraged to report such attempts so that these numbers can be blocked, and those perpetrators found. Equity has for long pushed the number 333 as a channel to report all numbers that may call you, or text you weird things that appear as attempts at scamming you.
Reaching out to the bank in case of any issues should also be easy. Not everyone has access to the social media pages banks have. So, there needs to be numbers to call, or text whenever customers want to reach out to the bank.
But all these measures aren’t enough. Banks need to also properly pass information about any new tech developments they may bring about be it to their apps, or websites. Or even to USSD codes. In case of any new developments, whether it is permanent, or not, banks need to send this information out to all their customers, and to make sure they understand how the development affects them, and whether anything is required of the customer. For example, if there are maintenance schedules that render apps unusable, the banks need to send this information out. If there are issues with using the USSD codes at certain times, customers need to be aware. This not only deals with the frustrations customers may encounter when using a system and finding it is not working, but also brings familiarity so that whenever a customer is interacting with an app, or a code, they know of new features, and how to use them. In this way, bad players won’t have it easy trying to dupe customers either by taking advantage of new features they’ve never heard of, or by lying to them about the introduction of new features.
Equity has shared a couple of things customers need to understand and avoid:
- No Equitel or Equity Staff will ever call to ask you for your PIN, ID Number or any other personal details.
- Should you come across any people purporting to be Equity / Equitel employees, pretending to be testing for Equitel network signal do not give them your phone or engage with them.
- Avoid participating in any promotions that are not licensed. All Equity promotions will never ask you to send money in order to participate nor will it be communicated through personal numbers.
- Some fraudsters may also impersonate Equity sales agents for SIM Cards, phones or technicians checking signal strength. Please note that all Equitel SIM Cards and phones are only sold at Equity Bank branches and selected Equity agents. If you meet such people, please ignore them and contact the bank immediately. Avoid direct confrontation.
- Delete all text messages from the Bank especially before you share or sell your device.
As we’d already established, the possibilities of fraud remain endless. Each new day, the advancements in tech bring in fresh ways for bad players to try and steal, or dupe unsuspecting people. Meaning, banks and all financial systems need to always try and be one step ahead. This means banks need to invest in having the best tech teams that try and check for any vulnerabilities in their systems, that build systems that learn user habits and know when something is normal, or when it peculiar, and that focus on making the user as unaware of all the complexities that enable safe banking as is technically possible.