Overview:

During a workshop organised by MTN Uganda and MTN Mobile Money Limited on Monday, 21 November 2022, the different technology experts explained that many companies are not doing enough to stop the fraud.

Financial Technology companies (Fintechs) have been urged to close any loopholes in their operations that are often exploited by online fraudsters.

During a workshop organised by MTN Uganda and MTN Mobile Money Limited on Monday, 21 November 2022, the different technology experts explained that many companies are not doing enough to stop the fraud.

“Criminals are exploiting technology to further a range of illicit activities, including fraud, identify theft and money laundering,” Lazarus Mukasa, the Director of Monitoring and Analysis at Financial Intelligence Authority, said.

He said that identity theft and pyramid schemes are one of the top proceeds generating crimes.

Therefore, Mukasa advised FinTechs to take the following measures to curb this vice.

a) The development of new products and new business practices, including new delivery mechanisms.

b) The use of new or developing technologies for both new and pre-existing products.

c) Take appropriate measures to manage and mitigate those risks.

Monzer Ali, the Chief Technology and Information Officer at MTN Uganda, said to address the problem of cyber security, companies must address credential hygiene, have control improvement and install detection tools

“Do you change your password regularly? How many people know your passwords? On Control improvement via API’s; are you using your get transaction status before service provision?” he wondered.

“On detection tools, do your servers have anti malware? Are you consultant’s complaint?  When did you last do a pen test? When did you last do an audit? Everybody deserves the benefits of a secure modern connected life. This is by creating trust in the digital world, protecting the brand and our customers, investing for a secure future and enabling secure business,” Ali added.

Albert Gitta, the Head of Technology at MTN Mobile Money Uganda, said many risks can be mitigated by using best practices that work together to create a layered, strong, flexible and powerful information security defence.

These he listed as authenticating users better by using multi factor authentication. Privileged credentials are harder to compromise even with social engineering and phishing attacks, Gitta said.

Albert Gitta, the Head of Technology at MTN Mobile Money Uganda,

He urged companies to separating authentication from access control, so privileged users have only limited visibility to internal networks, minimising the possible damage one user or one set of stolen credentials can cause.

Gitta added that companies should prevent unauthorised commands and mistakes with real time policy enforcement as 1st line of defense to protect the infrastructure from malicious activity.

He also urged companies to monitoring and investigating suspicious events to quickly catch breaches, improve training where needed and continuously refine automation and processes.

“A company’s cyber security is often only as good as the cyber security of its vendors. Just one partner with weak controls or poor security can provide hackers with a back door entrance to sensitive data,” Gitta said.

Ronald Azairwe, Managing Director Pegasus Technologies, urged companies to put in place key ICT Security Frameworks and Standards e.g. PCI DSS, IS) 27001 and 27002, and deploy endpoint detection and response systems (to react to detections without your

  interventions).

He also called for improved governance whereby companies should limit developers and technical people on what they can access, identify developers as the weak points (internal knowledge usually visible in nearly all hacks) and vetting developers before hiring them.

Azairwe also urged Fintechs to separate production environments from usual office operations and if possible, put servers in a different location geographically.

“Put a china wall between developers and recon teams. Frequent reconciliation; Minimum, at least, daily (should be automated, not manual). Recon doesn’t prevent fraud but its an early detection system, especially when hackers are doing dry runs before the major event,” Azairwe said.

Sylvia Mulinge, Chief Executive Officer MTN Uganda, who concluded the workshop, called for joint efforts in the war against cyber insecurity.

“As MTN Uganda, we make a commitment that we will do everything that we need to do on our side to curb cyber insecurity. Let us all jointly work together to limit the impact fraudsters have on our online transactions,” she said.