Equity Bank loses $2.1 million in debit card fraud in Kenya

In a significant blow to Kenya’s financial sector, Equity Bank, the country’s largest financial institution and lender, has fallen victim to a debit card fraud scheme that resulted in the loss of $2.1 million. The perpetrators executed a “card-not-present” scam, siphoning funds from unsuspecting victims to over 500 bank and mobile money accounts.

According to a letter sent to the Directorate of Criminal Investigation (DCI), the stolen funds were moved between April 9 and 15, 2024. Equity Bank’s General Manager of Security, Gerald Munyiri, also revealed that 179.6 million Kenyan shillings ($1.3 million) was fraudulently paid out to the 551 Equity Bank accounts during this period. An additional 63 million shillings ($478,360) was transferred to Safaricom, the leading mobile money provider, while 39 million shillings ($296,015) went to 11 other commercial banks.

The Bank has since restricted all the accounts that received the stolen funds and has worked closely with Safaricom and the other banks involved to trace the movement of the money. Meanwhile, the DCI has confirmed that 19 individuals have been arrested in connection with the fraud.

The “card-not-present” scam typically involves the use of stolen card details to make online purchases, with the funds ultimately being routed to other bank accounts. In Kenya, the transaction limits imposed by banks and mobile money platforms appear to have prompted the perpetrators to execute the fraud in smaller batches to avoid raising suspicion.

Fraud has become a growing concern in Kenya’s financial services sector. According to TransUnion Africa, a credit reporting agency, Kenyan banks lose approximately $130 million to cybercriminals annually, primarily through loan stacking and identity theft. The country’s Financial Reporting Centre (FRC) also flagged over $600 million linked to card fraud, corruption, and terrorism financing in the three years leading up to July 2023.

The Equity Bank incident comes just days after the Kenyan National Assembly approved the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024. These regulations aim to establish a framework for monitoring, detecting, and addressing cybersecurity threats within the country’s digital landscape, including measures to tackle scams, identity theft, and internet fraud.

As the financial services industry continues to navigate the complexities of the digital age, Equity Bank fraud serves as an urgent reminder of the need for robust cybersecurity measures to protect Kenyan consumers and businesses from the growing threat of financial crimes.