With the increased uptake and usage of digital payments, mobile banking and internet banking, cyber fraud cases have predictably increased, statistics from the Central Bank show.
Between January and September 2020, 141 cyber fraud cases were reported with Rwf371 million involved. Of these, Rwf89m was recovered successfully and over Rwf280m went unrecovered.
In the previous year in the same period, 102 cases were reported involving over Rwf447m. Of these, over Rwf166m was successfully recovered.
The losses are a result of vulnerabilities in services such as mobile banking and payment services as well as internet banking.
The most common methods observed in 2020 included socio engineering through phishing, vishing or smishing, poor password hygiene by customers and SIM Swap based frauds.
Phishing involves fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Vishing is making phone calls claiming to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers while smishing involves using text messages.
The Central Bank noted that a number of mitigation measures have been set up on various processes from customer onboarding, transaction initiation as well as execution to ensure proper controls for every step of the process.
"Awareness campaigns are very important counter-measures against various frauds especially social engineering. Coordinated effort among financial institutions, regulators and government agencies, law enforcement agencies have been deployed in order to educate the public and as well as staff from various institutions in order to raise awareness around frauds control and mitigation mechanisms,” the Central Bank noted.
In 2021, the key threats to look out for are in mobile banking and payment channels as well as internet banking as they are the most used in the local industry.
"Socio engineering targeting mobile payment users will remain the main threat in 2021. Different defense mechanisms were taken by the fraud forum in order to deal with such frauds including but not limited to education, internal control, as well as specific approaches adapted to various channels,” the Central Bank noted.
National Cyber Security Authority (NCSA) noted that with the increased uptake and usage of online services, including digital payments, there has been increased exposure to online cyber threats.
Ghislaine Kayigi, the Chief Cybersecurity Standards Officer at NSCA, noted proportional to this increase of online services, is also increased exposure to online cyber threats.
"All online systems have exhibited known security threats and to mitigate these threats, a number of ongoing activities have been implemented,” she said without revealing specifics on threats.
Among the measures she said are being rolled out to mitigate the vices include improving cybersecurity awareness as well as strengthening the security of information networks and systems.
In light of the growing incidences and threats, Kayigi said that organizations should adopt a risk management mindset as opposed to solely pursuing compliance.
"Local organizations should adopt a business risk management mindset instead of a compliance mindset in order to ensure their cybersecurity resilience. It will help them to safely deliver their services while meeting the baseline security level of their ICT infrastructure, she said.
Statistics of the Rwanda Investigation Bureau showed that the rate of cybercrimes escalated during the three months the country was in lockdown, with a 72 per cent increase in the amount of money involved.
Between January and March 22 when the country went into a total lockdown, Rwf25.9 million had been stolen by alleged cybercriminals in 39 cases that RIB investigated.
In the next three months when the country was in lockdown, the funds lost to cyber fraud increased to Rwf44.6 million, representing a 72 per cent rise while the number of cases more than doubled to 89.