Equity Bank, one of Kenya’s leading financial institutions, has recently become a victim of cybercriminals who stole an enormous amount of Sh179 million, making it the largest card fraud incident of the year.
According to a leaked letter from a bank insider, 551 different accounts received an unlawful transfer of a staggering amount of Sh179,677,736 from the bank’s Mastercard. Equity Bank’s General Manager of Security and Investigations, Gerald Munyiri, has requested urgent assistance from the Banking Fraud Investigations Department at the DCI.
The bank’s risk department noticed a sudden increase in transactions coming from the bank’s incoming Mastercard GL on April 15, 2024. Initial investigations revealed that a total of Ksh. 179,677,736 was fraudulently disbursed from the GL to 551 accounts held at Equity Bank from April 9, 2024, to April 15, 2024.
Additionally, a total of Ksh. 63,023,983/- was transferred to Safaricom Mpesa, and Ksh. 39,047,344/- was deposited into eleven commercial banks.
In response, Equity Bank has managed to freeze some of the stolen funds by securing the relevant accounts. They are also working with Safaricom to track down and recover the remaining funds that were transferred through M-Pesa.
However, the bank has faced allegations of fraud and customers experiencing financial losses due to questionable circumstances in the past. Many customers have taken to social media to complain about these issues.
Experts have criticised Equity Bank’s cybersecurity systems for their vulnerabilities, making it an attractive target for hackers. This is not the first time that the bank has been targeted by cybercriminals.
In 2019, a group of individuals in Kenya were sentenced to eight years in prison and fined Sh5.6 million for their involvement in hacking into an Equity Bank account and transferring funds to individuals in Rwanda.
As per the Central Bank, bank card fraud can happen through various methods, such as phishing, where scammers send deceptive emails or text messages that seem to be from a person’s bank or a well-known financial institution.
They employ a range of strategies to encourage individuals to disclose sensitive information like their PIN, account number, login credentials, and passwords. Criminals also use card skimmers to copy details from the magnetic strip of a credit or ATM card, which can lead to potential cases of fraud.
Based on data from the Banking Fraud Investigations Department, Kenyan banks lost Sh1.5 billion (approximately US $17.64 million) in the past year due to fraud, with investigators only being able to recover a third of the amount.
Last week, the National Assembly approved the Computer Misuse and Cybercrime Regulations, 2024, which grants security agencies increased authority to regulate cyberspace activities to combat fraud. These regulations strengthen protection measures for critical economic sectors such as telecoms, banking, transport, and energy.
