This archive report was first published on 16 July 2019.
Kenya's Central Bank of Kenya (CBK) has stepped up its surveillance on cyber fraud, requiring banks and mobile money firms to report cyber-attacks within two hours, starting from October.
The new regulations, which became effective this month, require firms with systems that clear huge amounts, such as bank-to-bank transfers, to immediately file reports. Firms with systems that move huge volumes of cash, such as mobile money, will also be required to file a preliminary report.
CBK noted that banking systems referred to as Systemically Important Payment System (SIPS) are sensitive and their failure 'could potentially endanger the operation of the entire economy.' The failure of mobile money platforms or System-Wide Important Payment Systems 'could also create disruptions due to a large number of users relying on the system, thus affecting public confidence.'
Payment service providers, including telcos operating mobile money and traditional mobile cash platforms, have been given up to December 31 to file strategies on how they have protected themselves against cyber fraud. This includes having their personnel well-versed in cybersecurity and strategies to ward off possible threats.
Between January and March this year, the Kenya – Computer Incident Response Team (KE-CIRT) detected 11.2 million cyber threats. In 2018, the economy lost Sh29.5 billion to cybercrime.