Time flies with great content! Renew in to keep enjoying all our premium content.
Prime
Watch out for mobile money fraudsters in festive season
The 2022 Sasra report revealed that the Sacco Societies Fraud Investigations Unit, which investigates fraud in the sacco sector, handled cases involving Sh232.5 million in the past two years.
As Kenyans settle in for the festive season cheer, fraudsters are sharpening their tools as they target distracted bank and sacco customers using mobile banking, online payments and other digital platforms to send money, shop and travel during the holidays.
The period between Christmas and the New Year has become a prime hunting ground for scammers and the rising use of digital platforms for transactions has served to heighten customers’ vulnerabilities.
In 2024 alone, the amount lost by bank customers to fraudsters nearly quadruped to Sh1.59 billion from Sh412.47 million a year earlier, mostly due to digital transactions.
As the festive season spending peaks, banks, saccos and telecommunications companies are stepping up warnings to consumers about the surge in digital fraudsters preying on mobile banking, online payments and fake promotions.
Across social media platforms, SMS alerts, mobile banking apps and official websites, financial institutions are asking customers to be more vigilant as they cheer to the festivities and the transaction volumes surge.
December typically records higher spending on travel, shopping and family support, with much of it conducted through mobile money and digital banking channels. Some banks have tailored special messages for the festive season, reminding their customers to be cautious.
“Please never share your PIN, password, any codes or card details with anyone. Not even people who claim to be bank staff. Happy festivities!” reads Co-operative Bank of Kenya message accompanying confirmation of any digital transactions.
Several institutions have emphasised that they never ask for such details through phone calls, text messages or emails while others have limited most requests for PIN resets to physical visits at branches.
Standard Chartered Bank of Kenya has been emailing customers to alert them to the growing threat of scam emails, while educating them on how to identify and avoid such schemes.
“Do you know who’s behind the message? Don’t’ fall into the fraudsters’ trap. Are you sure about that seemingly urgent email from a supplier asking you to make an overdue payment? Or that unusual request from an acquaintance in need of urgent money? Are they genuine?” poses StanChart in an email to customers.
Central Bank of Kenya (CBK) data on the Sh1.59 billion fraud showed mobile banking was the hardest hit, with criminals siphoning off Sh810.68 million in 2024 or a 344 percent rise from Sh182.41 million in the prior year.
The CBK report showed card fraud, computer fraud, online banking scams and identity theft also surged sharply. The overall amount exposed to fraud—money targeted by fraudsters before recovery efforts—jumped almost threefold, from Sh680.9 million in 2023 to Sh1.96 billion in 2024, showing how much larger the fraud attempts have become.
Banks and saccos have also increased messages cautioning customers against sharing personal information such as PINs, passwords and one-time passcodes.
‘If an offer looks too good to be true, it probably is, especially loan offers with sketchy links. Don’t click on suspicious links to stay safe,” says Equity Bank in safety alerts to customers.
“Fraudsters create websites to steal your Equity Card number, CVV (card verification value) and one-time password. Before you check out, check the URL, the security padlock and the quality of the site itself. If anything feels off, don’t enter your card details and leave the website immediately.”
The Sacco Societies Regulatory Authority (Sasra) recently warned that cyber incidents tend to increase during holidays and long weekends when staffing levels are lower and response times slower.
In a circular issued early in the month, Sasra acting CEO David Sandagi warned saccos that the three long weekends and holiday windows—Jamhuri Day (December 12-14), Christmas (December 25-28) and New Year (January 1-3)—pose heightened danger.
"Periodic analysis and intelligence monitoring of the trends of cyber-threats and security breaches in the regulated sacco subsector shows that a majority of the cybersecurity breaches and attacks mostly occur during the long-week end public holidays," said Mr Sandagi in a circular.
Telecommunications companies such as Safaricom are also amplifying fraud awareness campaigns given that mobile money services remain central to Kenya’s payments ecosystem.
“Not every kind stranger means well. Fraudsters are getting smarter, and they prey on empathy. Your phone and your M-Pesa PIN are personal. Never share them with anyone, no matter the reason,” says Safaricom in latest digital safety campaign on X platform.
