There has been a surge in the number of websites in Kenya allowing online transactions and financial institutions offering online banking services.
There seems to be a race on which bank is more digital with several offering their services through mobile applications. In this race to out-do each other, most financial institutions have forgotten their number 1 mandate; securing our money.
I was recently at the first ever African Conference on Information Security (Africa Hackon) where over 120 individuals made up of black, white, grey hats (The different types of Hackers), CTOs & IT Managers were gathered for a full day discussion on Security in Technology with a keen focus on Kenya. (Check out the #AfricaHackon hashtag on twitter)
Below is a summary
Out of the 33 banks offering online banking,
1. Only 6 banks use a virtual Keyboard.
Why is this important? One of the ways someone can get your account details and passwords is by using a software called Key logger that is able to monitor your keystrokes or anything you type on your keyboard thereby obtaining your online banking details.
2. Only 4 banks offer 2 page authentication
Just as it is in the physical world, the more sensitive a physical location is, say, meeting the president, the more security checks on will have to go through.
The online equivalent is a series of authentications that verify you are who you say you are. A 2 page authentication process is the standard for any bank offering secure online banking services.
3. Only 2 banks have client side encryption
Any information we send online can be intercepted by a hacker. Therefore sending bank authentication or account details over the internet requires that the information is encrypted in a way that even a hacker cannot decrypt. Think of it as locking your information in a box over the internet, anyone opening that box would need a key.
Online Payment & Shopping Sites
1. All 4 online payment sites and 6 online Shopping sites in Kenya do not offer Client side encryption.
What this means is, if you are buying anything or paying for anything online on a Kenyan website, whatever information you give on that website, mostly, your credit card number, code etc is visible to anything who knows how to look for such information (hackers mostly)
So before you fill that form by your bank for online banking services or give your payment details on a Kenyan website, check out for the above security measures.
The Full Kenya Cyber Security report will be release in May and made available for download here