The Computer Society of Kenya

Since 1986


Cybercriminals are now shifting their targets to physical points of vulnerability as in-person commerce resumes to pre-Covid-19 levels, a new report shows.

The Visa Global Risk Investigations report shows that while fraud during the pandemic period was concentrated to online scams, in-person attacks are now trending higher as criminals widen their gambits.

According to the report released Tuesday, card-present threats such as physical skimming on ATMs and point-of-sale terminals increased 176 percent during the 12-month period to December 2021.

“As in-person commerce returns to pre-pandemic levels, crooks are back to exploiting the physical points of vulnerability in stores, while continuing to capitalise on e-commerce through malware, ransomware and phishing attacks, among others,” said Visa Chief Risk Officer, Paul Fabara.

Digital commerce, which was vastly accelerated by the pandemic remains the richest target for cyber-attacks.

“The Covid-19 pandemic gave a boost to digital money movement, from online purchases to contactless payments and smartphone wallets, as consumers worldwide sought to shop without touching anything or going anywhere,” notes the survey of global business done by the MIT Technology Review Insights.

Close to three-quarters of fraud and data breach cases investigated by the Visa team involved e-commerce merchants, with a huge chunk of attacks relating to social engineering and ransomware.

In Kenya, hacking attacks targeting financial systems, including mobile banking, rose nearly three-fold to 444 million in the year ending June 2022 from 158 million in a similar period last year.

The country’s increasingly digitised economy buoyed by deep penetration of handheld devices that link mobile money through telcos and banks, has exposed Kenya as a highly prone target for online fraud, with banks losing hundreds of millions annually.

There were over 200 million cases of malware attacks, which accounted for the majority of cyber hacks in Kenya during the period ending June, the most prevalent form being Ransomware.

Financial malware includes viruses that are designed and developed to retrieve financial information and pinch money from individuals and firms.

The Communications Authority of Kenya (CA) issued 7.9 million advisories in the year to June 2022, up from 93,696 issued in a similar period last year in an effort to curb the rising attacks.

Widely circulated links promising free airtime, money and other products have been used in phishing attacks to collect personal data and use it to siphon cash.

CA advised users to choose applications and plug-ins carefully as most backdoors hide inside seemingly benign apps and plugins.

Kenya is set to benefit from erecting of one of Africa’s two Internet Corporation for Assigned Names and Numbers (ICANN) data centre meant to increase internet speeds and make it harder for hackers to jam networks.

The facility will provide higher bandwidth and improve data processing capacity, reducing the risk of the internet going down because of a cyber-attack.

The Visa report argues that the rising adoption of digital financial services—mobile banking, online purchasing, and peer-to-peer payments—means that these days, money most often passes not through human hands but from computer to computer.

“No cash, no plastic cards, no paper bills or checks or envelopes or stamps. Digital is no longer just another way to move money. Every organisation that moves money must meet users via computers, smartphones, and other devices, and offer rapid, secure payment services,” the report notes.

Share this page