Securing Uganda’s fintech future: Navigating cyber threats and enhancing collaborative resilience

In the ever-evolving digital age, where technology continues to shape our lives, the financial technology (FinTech) sector in Uganda has witnessed remarkable growth and transformation. FinTech has become a driving force behind financial inclusion, offering innovative solutions that simplify financial transactions, making them more accessible to a broader population.

However, as FinTech thrives, so does the lurking threat of cybercrime. It is crucial to recognize the importance of safeguarding this digital ecosystem against malicious actors.

For example, Consumer trust is paramount in FinTech, particularly regarding safeguarding funds against threats like account takeovers. It’s vital for consumers to have reliable protection mechanisms in place to address potential errors or fraud. Typically, card networks offer this security, incorporating the cost into the merchant discount fee. However, this can lead to debates about the balance between adequate protection and the financial burden on merchants.

According to the Level One Project Guide, the advent of digital merchant payments introduces the issue of commerce fraud. This occurs when a buyer is defrauded by a merchant, either through the delivery of goods not as described or, in cases of remote transactions, failure to send paid-for items. To counter these challenges, the industry is exploring various solutions, such as escrow services, consumer insurance programs, and the publication of ‘bad actor’ lists. Additionally, government or commercial entities may offer ‘good actor’ designations to establish trust.

During an engaging online discussion that I recently moderated, organized by MoMo from MTN Uganda, we delved into the intricacies of FinTech security. The discussion’s theme, “Financial Technology Security – what companies are doing and what consumers ought to do,” highlighted the critical need for heightened cybersecurity awareness, both among FinTech companies and the general public.

Sherifah Tumusiime Banana, a Senior Systems Officer at the Uganda Financial Intelligence Authority (FIA), unveiled a disconcerting statistic. More than half of the cybercrimes in Uganda are related to fraud and money laundering. This revelation sheds light on the vulnerabilities within the FinTech sector, which cybercriminals exploit to deceive unsuspecting users. Tax-related crimes account for approximately 30% of cybercrimes, with corruption cases making up the remaining 5%.

One of the crucial takeaways from this discussion is the pressing need for FinTech companies to collaborate with regulatory bodies like the FIA. Ms. Tumusiime pointed out that FIA primarily serves as an information-gathering and analyzing entity, reporting suspicious online financial activities to relevant authorities, including the police, Directorate of Public Prosecutions (DPP), Inspector General (IG), Uganda Revenue Authority (URA), among others.

As Uganda’s FinTech sector continues to expand, it encompasses various domains, including money transfers, virtual assets, school payment platforms, online betting, and even the dark web. These sectors host both legitimate and illegitimate businesses, further emphasizing the urgency of bolstering cybersecurity measures.

The discussion emphasized that as the world shifts towards cash-lite and later cashless economies, it is imperative to create awareness among service providers and consumers regarding cyber threats and how to mitigate them. With over 1.2 billion people worldwide excluded from financial services, it becomes even more critical for FinTech providers and economies to advocate for digitally secure financial services.

Ezra Mujabwami, the Deputy Director of ICT at the Uganda Police Force, raised a significant concern during the discussion. He highlighted the rising trend of cybercrime in Uganda while lamenting the lack of public awareness about the laws governing FinTech-related crimes. Uganda has enacted the National Payment Systems Act and Data Protection and Privacy laws, yet few Ugandans are aware of these legal safeguards.

Mujabwami emphasized the importance of reporting cybercrimes and revealed that the police have initiated a security operations center and training programs for officers in electronic crime scene management to enhance implementation capacity and efficiency. Common cybercrimes in Uganda include identity theft, unregulated FinTech, and cyberstalking.

Both Tumusiime and Mujabwami agreed that Uganda’s cybercrime trends are on the rise, necessitating collaboration with FinTech players to enhance their security controls. The Uganda Police Force has invested in cybersecurity research and established a sandbox environment for various networks to conduct security checks.

Albert Gita, the Chief Information Officer at MoMo from MTN Uganda, acknowledged the need for stringent due diligence, particularly for third-party vendors who handle sensitive financial data. He detailed the rigorous scrutiny process, which includes assessments of financial stability, security certification, reputation track record, compliance checks, and performance reviews.

The discussion also emphasized the importance of synergy between emerging FinTech players and traditional financial institutions like banks. Andrew Walusimbi, the Leader of the Cyber Security Committee of Uganda Bankers Association, underscored the complementary roles of FinTechs and banks. He called for mutual existence where each player leverages the other’s comparative advantage, highlighting that banks are risk-averse compared to FinTechs.

Walusimbi stressed that trust is not built overnight, and compliance with regulations fosters trust among users. Therefore, FinTechs should adhere to international security standards, conduct frequent platform audits, maintain responsive customer service, and ensure acceptable turnaround times to build trust among users.

Drawing from insights in the Level One Project guide, we assert that centralized national directories play a critical role in bolstering compliance with international security standards, fostering interoperability, and minimizing fraud in payment systems. Additionally, there is an increasing inclination towards collective investment in fraud detection and associated services. Although Digital Financial Service Providers (DFSPs) maintain primary responsibility for compliance, this cooperative model leads to a fraud prevention system that is both more economical and effective.

In conclusion, the discussion’s key takeaways underscore the urgency of strengthening cybersecurity in Uganda’s FinTech landscape. The rapid growth of digital financial services comes with its own set of challenges, including the ever-present threat of cybercrime. It is incumbent upon all stakeholders, including governments and private sector players, to join hands in addressing these challenges.

The Uganda Bankers Association has taken a proactive step by establishing a security operations center where different stakeholders collaborate to share threat information and collectively combat cybercrimes. FinTech companies were also advised to prioritize user-friendly solutions with transparent know-your-customer protocols to foster trust among their users.

HiPipo has notably spearheaded the launch of the Mobile Money Police initiative, a dedicated effort focused on strengthening the security of digital and mobile financial services. This program emphasizes promoting cybersecurity best practices across multiple platforms, including web, mobile, social media, and digital financial applications. Our core mission is to counter the escalating risks of fraud and money laundering, thus protecting Africa’s economic growth and stability.

As we navigate this digital era, let us recognize that cybersecurity is a shared responsibility. By working together, we can fortify Uganda and Indeed Africa’s FinTech sector, ensuring that it continues to drive financial inclusion while safeguarding the digital financial ecosystem from threats and vulnerabilities. It is time for all of us to embrace the call for action and champion a secure digital future for All.

The writer, Innocent Kawooya, is the CEO at HiPipo