With almost every bank warning its clients about cybercrime in Kenya, it seems like this type of criminal activity is making waves across the country. But it’s not just banks that are sending alerts about cybercrime. The government and other stakeholders in society are also voicing their concerns about it. But what exactly is cybercrime in Kenya, and how can you stay safe? This detailed guide sheds light on this emerging issue.
What is Cybercrime in Kenya?
Cybercrime in Kenya refers to any illegal action done using a computer or a mobile phone that infringes on another person’s rights and goes against the Laws set out in the Computer Misuse and Cyber Crimes Act. Therefore, cybercrimes are those illegal activities that are banned under these Laws and also include illegal activities that are banned under the Data Protection Act. These are two main legal statutes on the basis of which acts done digitally are defined as being illegal in Kenya and punishable if one is found guilty of committing them. The Laws also provide for the punishments to be meted out to the culprits of these crimes.
What is the impact of Cybercrime in Kenya?
Cybercrime in Kenya has a great negative impact on the economy of the Country. How so?
Loss in Investor Confidence.
Cybercrimes deplete the confidence of investors to invest in Kenya, especially in the technology sector. As such, this hurts the digital economy by reducing the financial returns of players in that sector.
Theft of Personal and Financial Data.
Cybercrimes can result in the exposure of sensitive data to persons who are not meant to access it. It helps to note that most of the crimes in this area target the financial sector and its connectivity to its clientele in mobile banking. When the criminals access the bank accounts of the bank’s clientele, they are able to withdraw and transfer funds from the accounts. They have also been able to get hefty amounts of money from the banks themselves. These activities can also be replicated in the mobile phone wallet services used intensively by Kenyans through their mobile phones.
This mobile money technology is supposed to smooth the money transactions between banks, their clientele, and also between private individuals. If it becomes insecure, most people will avoid it, resulting in higher costs of accessing financial services for all the stakeholders.
In recent times, there have been complaints against the leading telecom in Kenya, Safaricom in particular, which has been alleged to have unlawfully sold and released sensitive data of its clientele to criminals.
Impact on Individual Well-Being.
Sometimes, cybercrimes have negative psychological effects on the victims, as they at times include cyberbullying and harassment. It is also notable that the crimes keep on going up, further hurting the digital economy, the people’s wellbeing and the Kenyan financial sector at large.
What Are the Main Laws That Help to Deal with Cybercrime in Kenya?
As earlier stated, there are two main laws that help to deal with cybercrime in Kenya, and these are the Computer Misuse and Cyber Crimes Act and the Data Protection Act.
These two Laws cover all the activities that are illegal and committed in cyberspace, such as:
- Hacking,
- Illegal infiltration of data accounts and theft of data,
- Misuse of data,
- Spreading viruses and cyber harassment, etc.
These laws cover these specific crimes in detail, together with the punishment meted out to the culprits of the same.
Specifically, the Data Protection Act covers how information is collected, used, and stored by corporations and other organizations in the country. This information is from the Kenyan public, and the legislature helps to make sure that informed consent is given before the information is accessed and used. This information is referred to as data and is used according to the intentions of the corporation or organization for the use of the same, and the other data is stored securely in a place where it is not available to anyone without the consent of the data owner. Where the collectors of this information or data go against the law, the law provides the punishment to be meted out to the wrongdoers.
There have been cases where corporations mandated to ensure data protection of the Kenyan people have flouted the law, and in some cases, some of these corporations have been ordered to stop the illegal activities, or been fined for the illegal activities, or ordered to close down, etc. It is hence clear from the aforesaid laws that the use of computers and mobile phones for illegal activities, such as the abuse of people’s data, leads to punishable cyber crimes.
What Are the Challenges When It Comes to Dealing with Cybercrime in Kenya?
There are many challenges faced when it comes to dealing with cybercrimes in Kenya. However, the following are most prevalent.
Lack of Digital Know-how.
One of these challenges in the cybercrime space is the lack of digital literacy amongst the law enforcement agencies and members of the justice system in Kenya. This scenario amounts to the criminals being ahead of the law enforcers most of the time, thus making it hard for the criminals to be apprehended. The criminals also change their modes of operation quite often, and this makes it even harder for the law enforcers and the judiciary to catch up with them.
The general populace is also not aware of their rights in these fields and consequently cannot detect when the same are infringed. In the circumstances, they are not able to make complaints against the criminals.
Jurisdiction Limitations.
Again, a growing challenge is the fact that some of these crimes are cross-border and involve players in different countries, which makes it hard for the local police and the justice system to catch up with the criminals and book them for the offences committed. The investigating officers sometimes follow up in these matters and then lose track of the same in an endless imbroglio, going back and forth and twisted, etc.
Limited Capabilities in Handling Evidence.
There is also a big challenge when a criminal case is taken to court. During the investigation, the police might not have had adequate technological gadgets to gather and store the evidence. Some of it might even be lost midway before it is produced in court. Some of the criminals might also be capable of erasing important information from the digital systems before they are caught by the police.
The law and the Evidence Act outline detailed, strict procedures on how technological evidence, including videos, photos, evidence in computers, mobile phones, and other devices, may be produced. If the prosecution is not able to adhere to the same, they will not succeed in nailing the culprits.
What Are the Main Types of Cybercrime in Kenya?
In Kenya, there are various cybercrimes, but the first and most prevalent one is on mobile money financial services and mainly on M-Pesa services. Under this, the customers on this platform are scammed when they share their sensitive private information, such as PIN numbers. Once the criminals have the victim’s mobile and the PIN number, they can access money from the victim’s M-Pesa account. Sometimes, the victims are misled into sending money to people disguised by the culprits as the victim’s needy family members or other people in distress.
There are also cases where the victims are tricked into revealing their private sensitive information, like Passwords and Usernames, which are then used to access mobile money wallets and bank accounts by the criminals. This is the most prevalent form of cybercrime in Kenya, and many users of mobile money platforms have fallen victim to this crime. Members of the public are continuously advised to be vigilant, but the losses keep increasing. In fact, even the banks and their tight security measures are also victims of huge amounts of money losses through these crimes.
The perpetrators of these crimes, however, continue to increase despite the public being continuously addressed on these issues and the numerous calls for the culprits to be brought to book. It is not easy to keep up with the perpetrators. However, there are also cases where the perpetrators are well known to the authorities, and yet they are not apprehended for reasons better known by the Police in particular.
The other common crime in this field is data theft. This is perpetrated by people who collect data for certain purposes but also use it to make money by selling it. There are also some persons who dubiously collect data with the sole aim of misappropriating it through sale or to promote their business interests.
How Can You Avoid Being a Victim of Cybercrime in Kenya?
It is important for the public to be aware that cybercrime is a criminal activity akin to physical crime. It results in negative consequences, including the loss of money, such as funds in the banks and mobile money wallets, fraud, and the misuse of the victim’s private information, which has been hacked. Due to this, it is important for the public to equip themselves with the tips that can help them avoid being victims of these criminals. It is not enough for one to wait for the Law enforcers and the justice system to catch up with these criminals, but one can also do something to avoid being a victim.
What tips can people use?
Safeguarding Personal Information.
One of the ways to avoid cybercrime in Kenya is to avoid sharing sensitive information with strangers and, in particular, mobile money PINs, Bank account PINs, and mobile phone devices and computers. Additionally, people should be diligent in
- Keeping sensitive information in very safe places,
- Not keeping mobile money Pins together with the mobile phones,
- Not writing down the Bank Pins, Usernames, and Passwords, and then putting them together with the Bank account particulars or credit and debit cards.
Furthermore, everyone should ensure that they do not give out their private and sensitive information to other people without first verifying what that information will be used for. This is more so where anyone or organization is seeking to collect data without giving the full information on what this data will be used for. The seekers of the information must ensure that they provide this information. They must also display in their premises of work and or show it to the person whose data they intend to access that they actually understand and do protect all the data in their possession, that is, that the same will not be accessed by third parties either through sale, careless handling of the same and the data should not be used for any other purpose other than what the giver of the data consented to.
Verifying Information.
Given that many cybercriminals pose as friends or family members in need, it is also important for people to verify the people asking them for help, especially when using their phones to make calls or send messages. It is also important for one to verify the senders of the messages they receive and to confirm that indeed the people requesting financial help or the people you intend to send money to are the right ones. Scammers asking for financial help and impersonating other people often use misleading information to access money from mobile wallets, which is increasing all the time.
Reporting Crimes.
Many people fail to report cybercrimes as they do not liken them to the typical criminal activities. But they are as much crimes as other forms of criminal activities. Therefore, it is also important for all victims to report these crimes to the authorities so that these criminals can be apprehended.
Nevertheless, every person should shoulder the responsibility of protecting their personal and private data by storing it safely at all times. This responsibility includes changing one’s Passwords and Usernames frequently to deter people from accessing the same.
Leave a Reply