This article was submitted to TechCabal by Phil Westgarth, Network International, Group Chief Information Security Officer; and Ryan Meder, DPO Group, Chief Information Officer.
Africa’s digital transformation has come with a dark side: the rise of digital fraud. Cybersecurity is a major concern across the continent. A recent report by Global Cybersecurity Index showed that only 29 of 54 African countries assessed have introduced cybersecurity legislation. An IDC report titled ‘The Impact of Cyber Extortion on Africa’ stated that Africa is losing $4 billion annually to cybercrime, but this is slowly changing as countries like Kenya and Zambia implement new cybersecurity laws.
According to a report by Visa, three-quarters of fraud and data breach cases investigated by Visa’s global risk team involved ecommerce merchants.
In a technology-driven sector where gadgets, systems, and software are the order of the day, it is critical that ecommerce merchants have a prevention and safety plan in place to safeguard against cyber-attacks. Both businesses and customers in Africa have embraced digital data storage, but by relying on cloud services to store their user-sensitive information, they become vulnerable to digital fraud.
The cost of doing nothing
In Africa, attacks related to data loss threats increased significantly this year, growing by 234% in Q2 2022, compared to the previous quarter, according to Kaspersky, an anti-virus software company. These attacks included phishing, scams, and social engineering, where users are lured to a site and tricked into entering personal information.
Digital payment companies that do not create the right infrastructure and policies to protect their data will pay a high price. Cybercrime can hurt a company beyond its financials— data loss and the theft of intellectual property and financial and personal information can all damage a brand’s reputation, leading to loss of customers and unending legal battles. Strict policies and procedures to handle customer information are a necessity.
The major international credit and debit card brands (such as Visa and Mastercard) mandate the implementation of Cybersecurity controls for processors of their cards through the Payment Card Industry Data Security Standards (PCI-DSS). DPO and Network International have maintained compliance with these standards for many years and are externally audited annually to maintain this accreditation. Other international standards such as ISO 27001 and ISAE 3402 (SOC2) are also sought by the emerging fintech firms that seek to compete with the more established secure payment companies.
Today, consumers are changing the way they shop and are increasingly using ecommerce and digital solutions. They are aware of their personal online security, and this is especially true when they make cross-border purchases. Some potential ecommerce customers still avoid shopping online for fear of being exposed to fraud, thus delaying ecommerce growth in Africa. Digital payments and ecommerce service providers must establish their own best practices for managing data and building consumer trust, by ensuring information is protected every step of the way during transactions. They must also break down this information to customers in the simplest language possible.
The Covid-19 effect
The Covid-19 pandemic created new challenges for businesses and most shifted to remote work or hybrid working models. According to a report by Swiss Info, the pandemic and the resulting shift to remote and hybrid working were a major cause of the increase in cybersecurity attacks. People working at home do not enjoy the same level of internet protection measures that they benefit from at the office, the report found.
Digital payment companies need to regularly train their employees on how to protect customer information and comply with company policies and procedures. They must also stay up to date with payment security standards and global compliance and should monitor systems regularly. DPO, for example, uses advanced fraud and risk systems, which monitor transactions around the clock and complex rules engines to protect businesses against fraud. IT departments should support employees working from home with virtual systems that protect their work gadgets and regularly update security software and firewalls.
Year after year the continent records increased growth in digital payments infrastructure, which means exciting opportunities for Africa’s economic acceleration. However, each new development presents another opportunity for cyber predators to illegally access personal or company data. Now more than ever, digital payment companies need to invest heavily in data protection to safeguard themselves and their customers against crime.