As savings and credit co-operatives ( saccos) in Africa and other parts of the world embrace digitilization in their bid to enhance efficiency and financial inclusion among other benefits, it has become necessary for them to put in place effective cyber security measures. This new world of technological advancement that has opened doors for fast access to products and services has also come with its own challenge; cyber insecurity. In today’s digital era, where finance services are delivered online, the integrity of members’ savings and confidential information are at risk. This needs to be mitigated.
The digital leap for SACCOs
Before the onset of digitalization, Saccos were primarily manual, member/ community-run organizations. Members used them as savings outlets or for obtaining credit in a more traditional ledger office setting. Although this promoted members’cohesion, it also worked against scalability. Recently Saccos have adopted the use of online platforms for conducting transactions, mobile bank accounts, online loan management and cloud-based record-keeping systems. This has occurred in response to the demand for convenience by their members as well as the growth of the mobile money environment in most countries such as M-Pesa in Kenya. Clearly the use of online platforms has several advantages for Sacco members as they can save, borrow, and check their accounts’ status using smartphones. But as a byproduct of this digital frontier, it also means vulnerability to risks which did not exist or were less serious within the analogue environment.
Understanding the cyber threat landscape
Digital systems are prone to attacks. Hackers keep inventing ways to attack vulnerabilities. For Saccos, the risks of cyber threats can be grouped into the following areas:
1.Data breaches and theft
Personal member information held within digital databases, such as names, identification, account information and contacts can be intercepted and stolen as a result of system break-ins. Such stolen information may be used for phishing and other types of fraudulent activities.
2. Mobile banking frauds
Since many of the Sacco members are using applications or USSD codes for transaction purposes, SIM swap fraud, counterfeit mobile applications for banking, and spoofing SMS are major threats. The fraudster may con the members into disclosing their personal identification numbers and passwords, resulting in withdrawal of funds without their consent.
3. Ransomware Attacks
This is a type of malicious software that encrypts data in an organization, making it unusable unless a ransom is paid. For a Sacco, the impact of such an attack would be devastating, as it would make it difficult for the members to access their money.
Are member savings really at risk?
The level of security in a fully digital Sacco can never be stronger than its weakest link, and a single incident can compromise thousands of members’ accounts. It is therefore essential to make a distinction between the concepts of risks and inevitability. The existence of cybersecurity threats does not mean members’ savings are inevitably safe, provided proactive steps are taken.
Mitigating the risks
In order to ensure the safety of members’ savings, Saccos should develop a wide-ranging cybersecurity plan that involves the following:
• Two Factor- authentication
By including an additional form of verification such as one time password (OTP) for Saccos, an extra level of security is provided beyond the use of normal login passwords.
• Robust encryption and secure system.
All digital systems must employ robust encryption standards to secure their data during transit and at rest. Update and patch management for software play critical roles in fixing vulnerabilities.
• Regular security audits and testing
Cybersecurity audits and penetration testing can also help to detect potential weaknesses before the cyber criminals. Some experts can conduct an attack stimulation to test the system’s resilience.
• Members’ education and awareness creation
Most of the breaches come about as a result of members falling victim to social engineering tricks. Saccos should therefore educate members on how to use the internet safely, such as never revealing their PINs, checking the authenticity of messages purportedly sent by the Sacco or being cautious when encountering links.
Regulatory and collaborative efforts
Government and financial regulators have a vital function to play in determining the standards for cyber safety in digital finance. The Communication Authority of Kenya and the Central Bank of Kenya have guidelines related to data protection and mobile money safety. In that regard, fintechs should also strengthen security.
Trust and confidence
Digitilization seeks to make financial services easily accessible, but it also puts to the test the root of trust, which exists between the Saccos and their members. Members need to feel comfortable knowing that their money is safe, even if they cannot physically go to the branch to access money. Building trust entails being transparent. Saccos should therefore educate their members on cyber security safeguards.
