Kenyans have often complained of how they receive calls from supposedly people working at Safaricom, Airtel of Telkom customer care.
The callers often address the people by their full names and sometimes would even correct one if they miss-pelt their national ID card number.
Safaricom, being th bigest Telco has had a fair share of this scam reported to them. Most of its millions subscribers have been targeted.
The scammer will tell one that their line has been registered twice and that they need to verify their registration details, failure to which the line would be blocked.
The callers would cleverly imitate the demeanor of a customer care agent and they would even go to great lengths to have other voices of other “call centre agents” in the background on similar calls.
The only giveaway is that the phone number that is often used to call will, if one is keen enough, be a personal line. If one asks at this point why the customer care agent is calling from a number that is not Safaricom’s; the “customer care agent” will most often grow defensive and aggressive, and most times, the scammers will hang up and switch off the lines.
We’ve taken the example of Safaricom for illustration purposes.
So, a subsequent call to Safaricom’s helpline will establish that the caller was a fraudster who was after the customer’s PIN number to gain access to his M-Pesa account.
The above is just one of numerous cases where fraudsters have obtained the personal data of Kenyans and attempted to use the same to dupe unsuspecting users to divulge information that can be used to access their mobile money accounts.
In the past few years, Kenyans have grown accustomed to receiving unsolicited text messages from betting companies and supermarkets promoting their wares or prompting them to sign up for a service.
The worrying trend is that recently, fraudsters have upgraded to making phone calls that can be difficult to distinguish from legitimate calls from service providers given the fact that the callers appear to have intimate details of their targets.
Lack of a data protection law and lethargy among policymakers and regulators in the ICT ministry has exposed Kenyans to extortion from fraudsters and exploitation of their personal data by both local and international service providers.
For example, in the 2017 election, some officials of the Independent Electoral and Boundaries Commission (IEBC) sold the personal data of millions of voters, including names, phone numbers, and geographical locations to political aspirants. This information was then used to spam users with campaign messages in the days running up to the elections.
According to a online data security firm, ‘the biggest threat to data breaches are insiders. This is made easy because Kenyan companies and public agencies hold a lot of data on their consumers.
“You have a situation where former employees or those that are disgruntled collude with outsiders to leave systems exposed or install malware that allows Sh110 trillion lawsuit for allegedly violating the data privacy of millions of its consumers”, says Dr. Bright Mawudor, head of Cyber Security Services at Internet Security
In the ongoing legal dispute filed at the High Court, a Safaricom subscriber accused the company of breaching the privacy of 11.5 million of its customers by exposing their sports betting history and biodata.
The applicant, Benedict Ndung’u, says he was approached by an individual who had in his possession the personal data of more than 11.5 million Safaricom subscribers.
“The data which the petitioner herein viewed personally was specific to gamblers who had used their Safaricom mobile numbers to gamble on various betting platforms registered in Kenya,” he says in his petition.
The data allegedly contained specific identifying details of subscribers including full names, their mobile phone numbers, gender, age, identity numbers, passport numbers as well as the amounts gambled.
Also included in the data was the make and type of device used by the subscriber as well as the location of the subscriber.
In a related case, two Safaricom employees have been charged for trying to obtain Sh300 million from the company by illegal means.
Simon Kinuthia and Brian Wamatu were accused of transferring privileged information on a subscriber from the company’s database and sharing it with an unauthorised person.
A new report by the United Nations Conference on Trade and Development (Unctad) says increasing digitisation by businesses, governments and individuals has created a data economy that is expanding at unprecedented speed.
“Global Internet Protocol (IP) traffic, a proxy for data flows, grew from about 100 gigabytes (GB) per day in 1992 to more than 45,000 GB per second in 2017,” says the report released last week.
“The world is only in the early days of the data-driven economy; by 2022 global IP traffic is projected to reach 150,700 GB per second, fuelled by more and more people coming online for the first time and by the expansion of the Internet of Things (IoT).”
However, much of this data and the profits accruing from it is concentrated on a handful of corporations mainly in the US and China, raising concern that citizens in developing countries are losing out on both the resources and profits that accrue from the digital data they generate.
Unctad Secretary General Mukhisa Kituyi was in Nairobi last week where he reiterated that regulators in developing countries need to review current corporate and taxation legislation to ensure income inequalities are not exacerbated.
“We are seeing a phenomenal expansion of not just digisation of data but also platformisation of data,” he said.
“From a developmental perspective, this means all of us are voluntarily surrendering out private raw data; personal information, business information and national statistics for free.”
Dr Kituyi said tech giants mine, analyse and monetise the data obtained for free, without any profits going back to users or the countries in which they operate.
“Eventually it goes beyond the abilities of national jurisdictions and it is going to reshape discourse and how we restructure regulation and corporations across borders, balancing between local regulation and fair taxation,” he said.
Kenya’s policy makers, despite talking big on the advances the country has made in expanding digital technologies in the region, are playing catch up to local and international technology service providers.
The Communications Authority of Kenya, (CA) has for the past two years failed to appoint a consultant to draw a study to inform the parameters for bringing tech giants under a regulatory regime covering tax and data.
The Data Protection Bill 2018 has been in development for more than five years without any significant headway.
The ICT ministry has had to grapple between accepting the Data Protection bill from the National Assembly and that from the floor of the Senate. In the end, the ministry said that it had to wait for the one from the National Assembly and rejected the Senate one, which was already finished. This was advise from the Attorney General Kariuki.
At the same time, the National Treasury proposed the introduction on taxes on digital economic activities in the Finance Bill 2019 to increase revenue collection.
Last week, the Kenya Revenue Authority (KRA) kicked off the search for a technology service provider to install a monitoring and payments system to track transactions between local and international digital merchants and their customers.
The tax collection system will entail an integrated payment gateway solution to identify and authorise payments through settlement of data to and from merchants’ online portals to merchants’ banks.
KRA wants the system integrated with all internal revenue systems for data sharing purposes and updating of taxpayers’ ledger accounts, a requirement bound to raise opposition from service providers.
Kenyan Business Feed is the top Kenyan Business Blog. We share news from Kenya and across the region. To contact us with any alert, please email us to [email protected]