Safaricom, Ltd is a leading mobile network operator in Kenya.
M-Pesa is a mobile phone-based money transfer, financing and microfinancing service, launched in 2007 by Vodafone for Safaricom and Vodacom, the largest mobile network operators in Kenya and Tanzania
Originally designed as a system to allow microfinance-loan repayments to be made by phone, thus reducing the costs associated with handling cash and making lower interest rates possible. But after pilot testing, Safaricom's M-Pesa was broadened to become a general money-transfer scheme. It's success story. Still one of those told every day by proud Kenyans has also spread worldwide. This article follows its daring launch in countries like Tanzania, Afghanistan, and most recently India. With all of its success, it has the Kenyan regulators worried that it could disrupt the economy.
At the time of MPESA launch in 2007, only a few visionaries could have conceived that the scheme could achieve such success. And now, it's deeply entrenched into lives of more than 25 million Kenyans, not to mention other countries' users. A sizable portion of Kenya's economy is into it, almost, if not entirely. In 2015 alone, $28 billion, an equivalence of about 44% of the country's Gross Domestic Product (GDP) of $68 billion, was transacted through the platform.In the first quarter of 2016, it counted to about $25 billion. And it continues to grow.
Kenya’s first major international cyber crime case, which exposed some of the cyber vulnerabilities and gaps the country faces, was a direct target of the financial scheme. In December 2014, 77 foreigners — one Thai national and 76 Chinese — were arrested in Nairobi. They were found in possession of equipment capable of a massive cyber attack, such as infiltrating Safaricom’s M-Pesa (mobile money transfer) system, cash machines and bank accounts (Agence France-Presse 2014). Such an incident, was it to reoccur, would devastate and significantly disrupt
“The financial and other institutions linked to this system would be susceptible, possibly amounting to the value transacted through the channel, was this risk to materialise,” noted the government in a recently released budget report (pdf pg.58).
Easily suspected consequences like loss of deposits and potential state revenue and intractable damage to market confidence would put pressure on the government to compensate for such losses.
The roots of these worries date back to 2007 due to the relatively relaxed regulatory approach to M-Pesa soon after its launch.When Kenya's central bank received an application from Safaricom, seeking authorization of M-Pesa as a mobile money transfer service, approval would mean having to navigate attendant risks posed to the financial system. The Telco would also submit monthly status reports to the central bank.Stringent anti-money laundering and counter-terrorism economic policies were also to be adhered to.But from inception, M-Pesa was conceived as a low-risk mobile money transfer service. This, of course, led to a complete overlook of the regulations above.
According to Steve Chege, Corporate Affairs Director at Safaricom, more measures are continuously being placed to curb system security threats “We continually work with the Central Bank of Kenya and other regulators to test and review the policies put in place and to ensure they are of the highest global standards,” he says. Mobile money providers have further implemented policies to manage operational risks, safeguard funds and protect consumer interests and plans for business continuity. The migration of M-Pesa servers from Germany to Kenya in April 2015 has also significantly improved the performance and reliability of the system.
However, even with all the measures, threats are still real and very tempting as the cyber criminals target more mobile based platforms. More is to be done, of course.