Kenya, SA worst hit by mobile payment fraud

Mobile payment-related fraud is worth about $4 billion a year in Africa, and the worst hit countries are Kenya and South Africa.

Paula Gilbert, Editor

May 28, 2021

4 Min Read

Mobile payment-related fraud is more prevalent in Africa than you would think, and it is estimated to be worth about $4 billion annually on the continent.

That's according to David Lotfi, CEO of mobile payment cybersecurity company Evina which analyzes more than 16 million transactions per day worldwide.

"In the Middle Eastern and African regions, the mobile fraud rate recorded beginning of 2021 was at 27% and of these fraudulent attacks, 60% were clickjacking and 19% malicious apps," Lotfi told Connecting Africa.

Lotfi said the top two African countries where mobile fraud is most prevalent are Kenya and South Africa. Evina's network of fraud sensors found that 51% of mobile-based transactions in Kenya were identified as suspect; while the percentage was 30% for South Africa and 10% in Cameroon.

"In Africa, we have the perfect storm of a youthful population using almost a billion mobile money accounts coupled with the Coronavirus-related one-third increase in Internet traffic," he said.

Founded in Paris, Evina's anti-fraud technology was created for mobile network operators (MNOs), merchants and payment gateways to fend off fraud and conquer new markets.

"Simultaneously we have a global money honeypot network active 24/7 worldwide that attracts fraudsters and reverse-engineers their mechanisms to get a better understanding from the inside out. All of this data is processed through edge computing which allows us to understand the data closest to the end user and assure the quickest response," Lotfi explained.

Have you been clickjacked?

Lotfi said mobile payment fraud is perpetrated by cybercriminals who commonly use malware to deprive an unknowing victim of funds via payment methods like mobile wallets or direct carrier billing (DCB).

Clickjacking is one of the more common types and has been around for over five years, but Lotfi said it can easily be blocked.

"Through the clickjacking technique, a fraudster intercepts a legitimate click and unknowingly directs the user to a website where sensitive financial and other details can be stolen.

"A specific example of this might include where the user clicks on a video they would like to play, but the click is intercepted by mobile fraudsters and ends up making a payment in the background while the user views the video. There are countless variations here but the model is the same," Lotfi explained.

Another very common technique is using malicious apps, which mobile users often download thinking they are legitimate apps.

"Malicious apps are trickier, these apps have been injected with malware during a disguised app update or right from the start when the user unwittingly downloads the app from the app store, with the same purpose of defrauding the user," he said.

He said fraudsters conceal malware in several common categories of apps such as wallpaper, flashlight and fitness tracker applications.

Protecting the ecosystem

Lotfi said that MNOs also need to better understand the negative impacts of fraud on their business and the entire mobile ecosystem, beyond money loss.

"The consequences of mobile fraud attacks go much deeper. MNOs can experience a breakdown of trust in their business relationships, damages to their brand image from the rise of fraud-related complaints, and restricted business opportunities," he added.

"Once this is understood, MNOs who are the orchestrators of mobile payments through DCB, need to protect themselves with the right anti-fraud solutions," Lotfi said. "MNOs have the right tools to fight mobile fraud, they just need to make cybersecurity their 2021 priority to decrease fraud and boost their business."

Evina is now protecting up to 90% of mobile DCB transactions in Ivory Coast, Morocco and Senegal. The French company also secures traffic in African countries Mali, Ghana, Congo, Kenya, Botswana, Angola, Algeria, Tunisia, Egypt and Libya.

Lotfi says the continent is a key growth region for the firm.

"Africa is a strategic region of huge importance to Evina and the greater mobile industry because this is where strong double-digit growth is coming from. We cannot allow mobile fraudsters to gain a beachhead on this pivotal continent key to the future fortunes of so many telcos, aggregators and digital merchants," he said.

*Top image is of Evina CEO David Lotfi (Source: Evina).

— Paula Gilbert, Editor, Connecting Africa

About the Author

Paula Gilbert

Editor, Connecting Africa

Paula has been the Editor of Connecting Africa since June 2019 and has been reporting on key developments in Africa's telecoms and ICT sectors for most of her journalistic career.

The award-winning South Africa-based journalist previously worked as a producer and reporter for business television channels Bloomberg TV Africa and CNBC Africa, was the telecoms editor at online publication ITWeb, and started her career in radio news. She has an Honors degree in Journalism from Rhodes University.

Paula was recognized by Empower Africa as one of 35 trailblazers who shaped Africa's tech landscape in 2023 and she won the Excellence in ICT Journalism category at the MTN Women in ICT Awards in 2017.

Travel is always on Paula's mind, she has visited 40 countries so far and is currently researching her next adventure.

Subscribe to receive our weekly Connecting Africa Insights Newsletter