byte chronicals

  The False Sense of Security in Your Pocket You set a PIN when you installed your banking app. You memorized it, maybe even changed it once after a security prompt. You feel safe. But here's the uncomfortable truth: that four- or six-digit number is the digital equivalent of a padlock on a screen door. Kenya has become one of Africa's most vibrant digital banking ecosystems. From M-Pesa to KCB Mobile, Equity Bank's EazzyBanking, Absa Kenya, Co-operative Bank's MCo-op Cash, and NCBA Loop, millions of Kenyans now manage their finances entirely on smartphones. This convenience is remarkable — and it has also made Kenyan mobile banking users one of the most targeted demographics for digital financial fraud on the continent. In 2024 alone, Kenya lost an estimated KSh 6.4 billion to mobile and internet-based financial fraud, according to data from the Communications Authority of Kenya. A significant portion of those losses involved compromised PINs and passwords. Two-f...

  DIGITAL BANKING & CYBERSECURITY Imagine this: It's a busy Monday morning at your Nairobi office. Your accounts payable manager receives an email from the CEO asking them to urgently transfer KES 4.2 million to a new supplier account. The email looks legitimate — right name, right email signature, even the right writing tone. The finance officer, not wanting to bother a busy CEO over something already pre-approved, processes the transfer. Two days later, the CEO asks about the payment. She never sent that email. This is Business Email Compromise (BEC) — and it is one of the fastest-growing and most financially devastating cyber threats targeting Kenyan businesses today. Unlike ransomware or malware attacks, BEC does not need to hack your systems. It simply needs to manipulate your people.   What Is Business Email Compromise? Business Email Compromise is a sophisticated scam in which cybercriminals impersonate a trusted individual — usually a CEO, CFO, su...