Fintechs tipped on cyber insurance as risks soar
With financial technology companies (fintechs) increasingly gaining prominence as facilitators of financial transactions and drivers of financial inclusion across markets, the rate of their vulnerability to cyber risks is also equally growing. Cyber risk is any risk associated with financial loss, disruption to operations or damage to an organisation's reputation from a negative event impacting the organisation's information or information systems. When a business' online security is breached, information including your customer database, confidential customer details like payment information and bank details, valuable employment data, intellectual property, stored data or social media accounts passwords and logins are stolen and the attacker can use it to their advantage. Over the past few years, big global companies have fallen victims to cyber-attacks, wiping out millions of dollars. With cyber-attacks, a single incident can cost a business billions of shillings and can even wipe it off the scene completely. Although the 2017 Uganda Cyber Security report put cybercrime-related losses at over $42m (sh154b), it is said that majority of cybercrime incidents in Uganda go unreported, mainly due to fear of brand reputation damage. To guard against this, however, Oscar Ofumbi, the Head of Business at Lend in a Box, urged fintechs to embrace cyber insurance so as to externalize risks by allowing the insurance company take on any related costs suffered in case of an attack. Despite being launched as a product about five years ago, the uptake of cyber risk insurance in Uganda is still very low. Two-factor authentication Ofumbi also urged fintechs to use a two-factor authentication, a multi-factor method that requires users to input different pieces of evidence before they are granted access to the account or system. This, according to Ofumbi, will ensure an enhanced level of security for players in the fintech sector. He noted that cyber risks are becoming a challenge for the sector, given that it could either be perpetuated by either an employee or a third-party service provider and that using insurance or a two-factor authentication would be very helpful. Ofumbi was speaking during a two-day fintech landscape exhibition at Sheraton Kampala Hotel last week. The exhibition sought to mark the end of the 40-days-40-fintechs project, which was organised by HiPipo, in partnership with Crosslake Tech, ModusBox and Mojaloop Foundation. The engaged fintechs were equipped with interoperability skills, using Mojaloop, a switching platform with a centralised service that brings together digital financial service providers to help boost financial inclusion in Africa. It is estimated that only about 43% of people in sub-Saharan Africa are financially included. In Uganda, the number is estimated at 78% - both formally and informally. This is mainly because of high transactional costs, especially across different service providers, which experts say is an obstacle to achieving meaningful financial inclusion. Currently, providers of digital solutions have to build everything on their own, which is expensive as there is no single loop. This means that they have to charge high transaction fees that are hard for poor customers to afford. Additionally, more services end up being a closed-loop where customers can only transact with other customers using the same service. The Craft Silicon Uganda Team Leader, John Baptist Ochieng, noted that while Mojaloop is a good solution, more effort must be put towards ensuring that it guarantees safety of end-users' money. "Mojaloop will help some businesses and entities that want to connect to several platforms to go through it. My only concern would be around the safety of open source software for financial services," he said. Review open source software Ochieng urged companies to review the security of the open-source software and ensure it is secure for use before adoption. The public service state minister David Karubanga also alluded to the cyber risk threat, saying that players need to invest in building robust security systems to ensure safety of users' information and funds.
He noted that government is trying to work with international organisations to address the challenge but urged players to report cyber risk occurrences to help the government investigate. The HiPipo chief executive officer Innocent Kawooya also alluded to the need to secure payment platforms, saying that without that, people will lose trust and confidence in the digital payments systems.
"Without cybersecurity, you cannot achieve full financial inclusion because if there is a lot of fraud and businesses losing money in an ecosystem that is not secure, people will not use it; they will keep it in their bags or assets and in the end, we shall not have money to grow the economy," Kwaooya said.
He pledged HiPipo continued support in advocating for a level playing field for all fintechs to thrive. Kawooya noted that with an open-source software, HiPipo will be able to create an interoperable payment solution to enhance financial inclusion by breaking all the barriers and create one ecosystem that will benefit everyone. He added that the successful execution of the 40-days-40-fintechs project is expected to change the way financial inclusion is done in the world, transform millions of lives in years to come and change the way financial inclusion will be done in Uganda going forward.
By Faridah Kulabako, July 20, 2020, published on Newvision