Safaricom, a leading telecommunications company in Kenya, has faced legal challenges from customers who lost funds in M-PESA and M-Shwari accounts.
In a recent case, the High Court upheld a ruling that Safaricom was liable for a customer’s loss of KES 751,680 due to a delayed response in disabling a SIM card.
The decision has sparked discussions on Safaricom’s responsibility for the security of its subscribers’ funds and the need for enhanced reporting and security measures. The ruling may set a precedent for future cases and impact how telcos handle customer funds.
Sentiments from KICTANet’s Mailing List
The KICTANet listserve discussed various reactions to the court’s decision and its implications. Some listers supported the court’s judgment, finding it to be a fair ruling.
Others shared their intent to pursue similar cases against Safaricom for clients who lost substantial amounts from their accounts. A central point of discussion was Safaricom’s responsibility for the security of its subscribers’ funds and the need to address certain clauses in agreements that disclaim this responsibility.
There were concerns about the effectiveness of Safaricom’s verification process for incidents like SIM swaps and mobile money fraud.
Potential Impacts and Precedent-Setting
The court’s decision is likely to have far-reaching implications for how telcos manage losses related to SIM swaps and mobile money fraud. It emphasizes the need for swift action when such incidents are reported and a robust security framework to safeguard customers’ funds.
This ruling challenges the practice of blaming customers for negligence and encourages telcos to take greater responsibility. Some listers believe that removing clauses that disclaim responsibility for M-Shwari’s security, given its SIM card-based accessibility, is essential to ensuring accountability. The case may pave the way for future class-action suits not only in Kenya but also beyond its borders, impacting how telcos handle customer funds.
Call for Enhanced Reporting and Security Measures
The discussion on the mailing list underscored the need for improved reporting and security measures. Listers expressed frustration with Safaricom’s handling of the incident and emphasized the importance of a simple, instant, and effective solution to allow customers to report and freeze suspicious activities on their lines through calls or emails.
Online reporting, secure document scanning, and swift remedies were suggested solutions. Comparisons were drawn to the banking sector, which has demonstrated more efficient responses to similar issues. Safaricom’s compliance and data privacy teams and other telcos were urged to review and enhance their processes to tackle SIM swap fraud effectively.
Past remedial actions by Safaricom
- Fraud and Awareness web page with cyber hygiene key messaging.
- Jitambulishe: Voice password for securing the line. The voice can be used to access Safaricom’s services such as getting PUK, Unlocking M-PESA Account, getting M-PESA PIN/start Key and performing a SIM replacement safely and conveniently.
- Restrict SIM swap to Safaricom shops only.
- Safaricom fired 33 employees in the year ended March 2023 for fraud-related offences.
From the views expressed, there is a need for all stakeholders to work together to make the industry conducive. This calls for a shared vision and commitment.
This way, stakeholders can contribute to an enabling environment that allows the ICT industry in Kenya to thrive, driving economic growth and social development.
KICTANet appreciates the listers who contributed to the discussion.
READ
- Data protection and digital identity in Kenya
- Policy review towards Citizen Cyber Hygiene in Kenya
- Policy review towards Citizen Cyber Hygiene in Kenya
Summarised by Neema Mujesia.
An eye opening article
Thank you