How secure is Online Banking, Payment & Shopping in Kenya

The global Hacker logo made famous by a group called Anonymous
The global Hacker logo made famous by a group called Anonymous
The global Hacker logo made famous by a group called Anonymous

There has been a surge in the number of websites in Kenya allowing online transactions and financial institutions offering online banking services.

There seems to be a race on which bank is more digital with several offering their services through mobile applications.  In this race to out-do each other, most financial institutions have forgotten their number 1 mandate; securing our money.

I was recently at the first ever African Conference on  Information Security (Africa Hackon) where over 120 individuals made up of black, white, grey hats (The different types of Hackers), CTOs & IT Managers were gathered for a full day discussion on Security in Technology with a keen focus on Kenya. (Check out the #AfricaHackon hashtag on twitter)

What I found of keen interest for this article are the statistics on Online Banking in Kenya. The findings are from , yet to be released Kenya Cyber Security Report 2014 by
Serianu Ltd.

Below is a summary

Online Banking

Out of the 33 banks offering online banking,

1. Only 6 banks use a virtual  Keyboard.
Why is this important? One of the ways someone can get your account details and passwords is by  using a software called Key logger that is able to monitor your keystrokes or anything you type on your keyboard thereby obtaining your online banking details.

2. Only 4 banks offer 2 page authentication
Just as it is in the physical world, the more sensitive a physical location is, say, meeting the president, the more security checks on will have to go through.
The online equivalent is a series of authentications that verify you are who you say you are. A 2 page authentication process is the standard for any bank offering secure online banking services.

3. Only 2 banks have client side encryption
Any information we send online can be intercepted by a hacker. Therefore sending bank authentication or account details over the internet requires that the information is encrypted in a way that even a hacker cannot decrypt. Think of it as locking your information in a box over the internet, anyone opening that box would need a key.

Online Payment &  Shopping Sites

1.  All 4 online payment sites and 6 online Shopping sites in Kenya do not offer Client side encryption.
What this means is, if you are buying anything or paying for anything online on a Kenyan website, whatever information you give on that website, mostly, your credit card number, code etc is visible to anything who knows how to look for such information (hackers mostly)

So before you fill that form by your bank for online banking services or give your payment details on a Kenyan website, check out for the above security  measures.

The Full Kenya Cyber Security report will be release in May and made available for download here

Facebook Comments

7 comments

  1. Gideon Kimani (@GideonKimani) Reply

    Excellent article. Any ideas/suggestions on how to improve online security? This would be great for a follow-up article.

    P.S. Your first sub-heading (Regarding Virtual Keyboards) has a minor grammatical error.

    • admin Post authorReply

      Thank you. I will do a follow-up article after speaking to a few Info-sec experts. Typo edited.

  2. george ngoru Reply

    thanks, please advise us on how to check these security features in the online banking/payment/shopping websites.

    • admin Post authorReply

      Some of the security features happen in the back end thus, what you need to do is visit your bank or any that is offering ebanking and ask them these questions. Ideally, they are supposed to have a booklet informing you of what security you are assured of but most don’t because the regulator has not prevailed upon them to.
      Something like a virtual keyboard is easy to identify, same thing with 2 page verification. The client side encryption is something they would have to tell you.

  3. Pingback: What the halt of Windows XP support means for ATM Machines security | AfroMum

  4. Pingback: BAKE Organises a Cyber Security Workshop on the Risks of using Social Media - AfroMumAfroMum

  5. Pingback: Black Friday Takes off in Kenya as Online Shopping becomes Safer & Easier - AfroMumAfroMum

We'd love to hear your thoughts on this article

This site uses Akismet to reduce spam. Learn how your comment data is processed.