Uganda Electronic Banking Systems Could be Vulnerable to Cyber Criminals

3-April-2012

Banks and telecom companies that offer financial services through sophisticated technology such as the use of Automated Teller Machines (ATMs) to access bank accounts, and money transfers through mobile phones, are increasingly becoming targets for cyber criminals who create loopholes in the system to allow them to steal huge sums of money from customers and businesses.

Whereas Rwandan banks and telecom companies report that the rate of cyber crimes in Rwanda is still very low, there are still no policies to draw upon if there is a financial loss arising from cyber criminality.

Banque Populaire du Rwanda (BPR), which is heavily investing in electronic banking, says that it has not experienced any cyber attacks on its network for almost four years. However, it says that it is increasing security on its network by deploying firewalls to protect its clients and systems from intruders.

But Alex Kioni, alliance manager at IBM, says that firewalls alone are not enough. It is not only the amount of attacks that is expected to increase, he says, but also the complexity and sophistication of attackers that bypass the firewall.

Banque Commerciale du Rwanda (BCR), another local bank that is increasingly adapting to electronic banking, says that in addition to the firewalls, it is testing vulnerability of its network. BCR Managing Director Sanjeev Anand says that the bank is trying to prevent cyber crime proactively.

However, the two banks are yet to develop procedures and policies with detailed guidelines that would determine compensation in case a customer incurs a financial loss rising from cyber attack.

And it seems that the issue of compensation is not well discussed within other local banks and telecom companies either.

Neither William Katete, the head of Corporate Communications and Public Relations at the National Bank nor Damien Ndizeye, Chairman of ADECOR, a consumer rights' organization, could confirm the existence of laws that ensure compensation of victims of cyber crime in case of a financial loss.

MTN Rwanda's Head of Mobile Money Albert Kinuma says that if a consumer experiences a cyber attack and incurs a financial loss, compensation depends on the situation in which the attack happened. This view is also shared with BCR's Anand. However, with no developed procedure on how to investigate and make an evaluation, customers may be left without compensation.

Last year's report by a global consulting firm Deloitte & Touche indicates that 60% of banks in East Africa are susceptible to security threats costing the region about $245 million every year. This is partly on account of low Information Technology (IT) budgets to put in place strong systems that would deter intrusion.

During a recent conference on cyber security held in Kigali, it was disclosed that in the East African Community (EAC)--Uganda, Kenya, Rwanda, Tanzania and Burundi--, the cost of cyber crimes grows by $3 million every month.

The conference brought together participants from the banking sector, ICT and government organs to discuss and share best practices in fighting cyber crime. But the issue of compensating victims--customers--was not tackled.

Kioni says that since businesses such as banks and telecoms are the fastest adopters of new electronic financial services such as mobile and internet banking, it is logical to assume that the security risks rises alongside these increased advancements.

Mind Mabhunu, who shared the experience of Standard Bank of South Africa with regard to strategies that would ensure maximum security of networks and clients, said that it is essential for the government and the private sector to partner in dealing with cyber security. He said it is better to have security than to need it when things have gone wrong.

BY JULIE VULPIUS:The Independent Newspaper