Barry Silah @obel_barry
As Kenya grapples with fraud targeting online cash transactions, Central Bank of Kenya (CBK) is in the market to rein in errant businesses through a guideline for payment service providers (PSPs).
The draft guideline on cyber security outlines how to save vulnerable Kenyans who lost an estimated Sh21 billion last year, according to Serianu Africa Cyber Security report.
Under the new guidelines, the banking sector regulator has compiled what it would deem solutions to avert lurking dangers in the PSP space. Backed by Cyber Security Policy which focuses on governance, identification and protection, CBK has outlined an all–round guideline document to address the loss of millions occasioned annually by PSPs locally and by extension the clients doing payment transactions.
Bright Gameli, who heads cyber security services at Internet Solutions Kenya, says the country needs to improve awareness on cyber security to enable citizens to safeguard their hard-earned resources.
“Savings and credit co-operative societies (Saccos) could unknowingly be losing millions of shillings per week through cyber crime, and the figure could increase with time as more organisations start using online payment solutions,” he warned.
Some of the key findings that targeted specifically large value payment systems and retail payment systems were that PSPs posing a lower level of risk and entities or companies falling under a certain threshold would be subject to less stringent requirements.
Firms could be tiered on different dimensions such as funds holding, payments values or volumes, market significance and the degree of interconnectedness with other payment systems. Smaller firms could be permitted to self-assess the operational reliability of their internal systems while the larger firms could be required to conduct third-party assessments.
The guidelines basically outline minimum requirements that PSPs shall rely on in the development and implementation of strategies, policies, procedures and related activities aimed at cyber risk exposure. CBK is seeking public participation on the same over the next few days but experts will be keen to see the impact. The comments should be submitted by September 14.
Industry players will be looking forward to getting serious solutions to the problem that have affected their credibility. Firms in the telecommunications sector lost a whopping Sh3 billion while the e-based mobile transactions also had Sh2.5 billion go up in smoke through shadowy characters.
Huge responsibility has been accorded senior management of financial technology (fintech) companies to formulate protection strategies around the workplace.
All PSPs authorised under the National Payment System Act, 2011 would be subject to the new guidelines even as they await formal ratification.