Cybersecurity is a concern in Africa’s digital sector
This article was submitted to TechCabal by Phil Westgarth, Network International, Group Chief Information Security Officer; and Ryan Meder, DPO Group, Chief Information Officer.
Africa’s digital transformation has a dark side: the rise of digital fraud. Cyber security is a major concern across the continent. A recent report by Global Cybersecurity Index showed that only 29 out of 54 African countries assessed have introduced cybersecurity legislation. An IDC report titled ‘The Impact of Cyber Extortion on Africa’ stated that Africa loses $4 billion annually to cybercrime, but this is slowly changing as countries such as Kenya and Zambia implement new cyber security laws.
According to a report by Visa, three-quarters of fraud and data breach cases investigated by Visa’s global risk team involved e-commerce merchants.
In a technology-driven sector where devices, systems and software are the order of the day, it is critical that e-commerce merchants have a prevention and security plan in place to protect against cyber attacks. Both businesses and customers in Africa have embraced digital data storage, but relying on cloud services to store their user-sensitive information leaves them vulnerable to digital fraud.
The cost of doing nothing
In Africa, attacks related to data loss threats have increased significantly this year, growing 234% in Q2 2022 compared to the previous quarter, according to Kaspersky, an anti-virus software company. These attacks included phishing, scams and social engineering, where users are lured to a website and tricked into entering personal information.
Digital payment companies that do not create the right infrastructure and policies to protect their data will pay a high price. Cybercrime can hurt a company beyond its finances – data loss and the theft of intellectual property and financial and personal information can all damage a brand’s reputation, leading to lost customers and endless legal battles. Strict policies and procedures for handling customer information are a must.
The major international credit and debit card brands (such as Visa and Mastercard) mandate the implementation of cyber security controls for processors of their cards through the Payment Card Industry Data Security Standards (PCI-DSS). DPO and Network International have maintained compliance with these standards for many years and are externally audited annually to maintain this accreditation. Other international standards such as ISO 27001 and ISAE 3402 (SOC2) are also sought by the emerging fintech firms that seek to compete with the more established secure payment companies.
Today, consumers are changing the way they shop and are increasingly using e-commerce and digital solutions. They are aware of their personal online security, and this is especially true when making cross-border purchases. Some potential e-commerce customers still avoid online shopping for fear of being exposed to fraud, thus slowing down e-commerce growth in Africa. Digital payments and e-commerce service providers must establish their own best practices for managing data and building consumer trust, ensuring that information is protected every step of the way during transactions. They also need to break this information down to customers in the simplest language possible.
The Covid-19 effect
The Covid-19 pandemic has created new challenges for businesses and most have shifted to remote work or hybrid work models. According to a report by Swiss Info, the pandemic and the resulting shift to remote and hybrid work was a major cause of the increase in cyber security attacks. People who work at home don’t enjoy the same level of Internet protection measures they benefit from at the office, the report found.
Digital payment companies must regularly train their employees on how to protect customer information and comply with company policies and procedures. They must also keep up to date with payment security standards and global compliance and must regularly monitor systems. For example, DPO uses advanced fraud and risk systems that monitor transactions 24 hours a day and complex rules engines to protect businesses from fraud. IT departments must support employees who work from home with virtual systems that protect their work equipment and regularly update security software and firewalls.
Year after year, the continent records increasing growth in digital payment infrastructure, which means exciting opportunities for Africa’s economic acceleration. However, each new development presents another opportunity for cyber predators to illegally gain access to personal or company data. Now more than ever, digital payment companies must invest heavily in data protection to protect themselves and their customers from crime.