When Apple unveiled the new iPhone 6 and iPhone 6 Plus last night, they announced that these models will feature groundbreaking mobile wallet technology known as ‘Apple Pay.’ In order to allow consumers to securely pay for items ‘with the touch of a finger,’ Apple developed a near-field communication chip as well as Touch ID, a fingerprint recognition reader.
Apple partnered with major payment networks such as Visa, MasterCard and American Express as well as with banks and retailers. The company also employed privacy and security measures such as encryption to prevent retailers from seeing your name, your card number or your security code. Furthermore, these measures bar Apple from knowing anything about your transactions, including what you bought, where you bought it or how much you paid.
Although Apple’s privacy and security enhanced mobile wallet technology may be new, the concept of mobile money already has a significant toehold in Africa. For example, M-Pesa – a mobile money service launched in Kenya in 2007 – provides millions of Africans with affordable bank accounts. Over 56,9 million people use this and other mobile money services to pay for everyday expenses such as transportation and groceries.
While Kenya remains the largest mobile money market, M-Pesa has expanded to other African countries, including Tanzania, South Africa, the Democratic Republic of the Congo, Mozambique, Egypt and Lesotho. M-Pesa’s success has spawned other mobile money services such as MTN Mobile Money and Orange Money, who are also competing for customers in Cameroon, Gabon, Madagascar, Uganda, Zambia and Zimbabwe.
Mobile money customers are increasingly targeted by cybercriminals in various fraud scams
Despite the many benefits of mobile money, a recent report by the Telecommunication Service Providers of Kenya found that mobile money customers are increasingly targeted by cybercriminals in a variety of fraud scams. In particular, these customers now receive a flurry of fake text message promotions and winning notifications where users are tricked into transferring money to a cybercriminal’s account.
Mobile devices and mobile Internet connectivity are growing rapidly in Africa, particularly in South Africa. According to a recent World Wide Worx study, 90% of South Africans who access the Internet locally do so from their mobile phones. Concurrent with the growth of mobile connectivity in South Africa is the growth of cybercrime. In two recent studies, South Africa was ranked the third and sixth worst country in the world for cybercrime. Some 73% of South Africans have fallen victim to cybercrime, according to the Norton Report commissioned by cyber-security company, Symantec. Furthermore, cyber-security company Kaspersky Labs found that South Africa had the fourth largest number of malware detections in Africa.
Does this mean that many South Africans might become victims of cybercrime when they access the Internet from mobile devices? Will the fear of cybercrime deter South Africans from using mobile money technology? While current research supports the view that cybercrime in South Africa is increasing dramatically, we don’t know for sure.
Combatting cybercrime requires a multifaceted approach, and public education and awareness should be a central component. It also requires those developing new technology to incorporate underlying privacy and security safeguards into their products. An issue that has yet to be sufficiently addressed is the need for policymakers, businesses and citizens to fully understand the extent of the cybercrime problem in South Africa and across the continent. This requires a comprehensive collection of cybercrime statistics by an impartial and independent entity.
SAPS is unlikely to provide specific cybercrime data when new statistics are released
In South Africa, the South African Police Service (SAPS) is mandated to report annually on national crime statistics. However, SAPS has made scant references to cybercrime in previous national crime statistics reports. According to Johan Burger, a senior researcher at the Institute for Security Studies, SAPS is unlikely to provide specific cybercrime data when the new statistics are released later this month.
Because cybercrime data collected by the South African government is not currently available, large multinational cyber-security companies have filled the information void with their own studies. These studies are often criticised as potentially biased, since these companies may have a vested interest in overstating the size of the problem to grow their cyber-security business. The South African Banking Risk Information Centre (SABRIC), which is funded by banks, also collects cybercrime data – although it relates only to the financial sector and is not made public.
Given the current narrative that South Africa is a hot spot for cybercrime, South Africans may be reluctant to use their mobile devices for banking, online shopping or other sensitive transactions. The perceived threat of rampant cybercrime will therefore stunt the tremendous growth of mobile transactions in South Africa and potentially have a long-term negative impact on South Africa’s economic growth.
We need a better understanding of cybercrime in South Africa in order to determine whether cybercrime fears are well founded. South African policymakers should fund credible and objective cybercrime studies that identify the most prevalent threats; detail common techniques; identify common targets; measure the frequency of incidents and calculate the financial impact. Only then can policymakers, businesses and citizens formulate informed strategies to combat cybercrime and allocate scarce resources accordingly.
Without informed strategies, we will continue to try to fight savvy and persistent adversaries with our eyes blindfolded and our hands tied behind our back. And as the new iPhone takes off in South Africa, we will need the facts to assure us that we can embrace this new mobile wallet innovation without fear that cybercriminals will be picking our pockets.
Eric Tamarkin, Independent Consultant