July 18, 2024

Top 5 Banks to Face Waves of Lawsuits over MPesa Hacks After High CourtRuling


A recent High Court decision has Kenyan banks bracing for a possible wave of lawsuits from customers who lost money to M-Pesa scams.

The court’s ruling establishes that banks have a legal obligation to safeguard their customers’ funds, even in instances where fraud is perpetrated by a third party.

The banks include Standard Chartered Bank, Stanbic Bank, ABSA Bank, KCB Bank and NCBA Bank.

Previously, Kenyan banks held immunity from liability in cases where fraud occurred on MPesa. The High Court’s decision opens the door for a potential wave of lawsuits against banks by customers who have been defrauded. 

These lawsuits could seek compensation for a range of damages, including financial losses incurred due to unauthorized transactions, legal expenses associated with reclaiming funds.

They also include fraudulent loans taken out in their name, and even damages for emotional distress. 

C:\Users\Secretary Desk\Downloads\Bard_Chart_Image (8).png

Banks are anticipated to fortify their risk management practices, with a particular focus on cybersecurity measures.

This may involve implementing advanced security protocols such as multi-factor authentication, a process that requires users to provide two or more verification factors to access their accounts. 

Additionally, banks are likely to adopt robust encryption methods to safeguard sensitive customer data. They may further implement real-time fraud detection systems that can identify and flag suspicious transactions as they occur.

Banks will also likely conduct comprehensive risk assessments to identify vulnerabilities in their systems and prioritize mitigation strategies.

Establishing clear protocols for responding to cyberattacks, including communication strategies with customers and regulatory bodies, will be essential in minimizing disruption and reputational damage. Maintaining strict adherence to regulatory requirements pertaining to cybersecurity and consumer protection will also be paramount.

The High Court ruling has far-reaching implications beyond the immediate challenges faced by Kenyan banks.

It serves as a wake-up call for the entire Kenyan financial sector, highlighting the critical need for robust cybersecurity measures across all digital financial platforms. 

This includes mobile network operators, mobile money service providers, and other financial institutions that handle sensitive customer data. 

Kenya has emerged as a leader in mobile money adoption, with MPesa boasting over 30 million users. A major cyberattack targeting a financial institution could disrupt essential services, cause widespread financial losses, and erode consumer trust in the digital financial ecosystem. 

The High Court ruling, while posing challenges for banks, presents an opportunity to build a more secure and resilient digital financial landscape for all Kenyans.

A common M-Pesa trick is where fraudsters deceive and manipulate M-Pesa users into revealing confidential details about their accounts.

The fraudsters would then use this information to swap the SIM cards of the unsuspecting account owners.  So many people have been robbed of their hard-earned money through SIM-swapping scams. 

In 2021, a FinAccess survey found that nearly half of the Kenyans using mobile money had fallen victim to fraud or accidentally transferred money to the wrong recipients.

READ ALSO: How KCB Group Thrived in FY’2023 amid Rising Non-Performing Loans

That figure was 8.4% higher than the previous year. In 2022, a CBK report showed that 6.1% of mobile banking users and 25.9% of mobile money users had lost money through cybercrime. 

In February 2023, Kenya’s Directorate of Criminal Investigations (DCI) arrested eight men alleged to be members of a criminal syndicate that had defrauded mobile money users of more than 500 million Kenyan shillings ($3.8 million). 

Other victims include Farah Bashir, a medical lab scientist who was in Johannesburg on a two-week assignment when scammers remotely swapped his Safaricom SIM card and transferred 2.6 million Kenyan shillings ($19,756) out of his Absa mobile-banking accounts. 

John, a 35-year-old planning officer in a Nairobi public hospital, said he lost around 36,000 Kenyan shillings ($274) to mobile money fraud, despite never having shared his mobile money PIN or personal details with anyone.

The high court decision highlights the importance of transparency and consumer awareness regarding mpesa charges and transaction fees. It emphasizes procedures for reversing unauthorized transactions, including paypal to mpesa transactions. 

Furthermore, the ruling emphasizes the significance of understanding mpesa withdrawal charges in 2024. This is as part of the broader efforts to combat cyber fraud and ensure financial security for users.