The penetration of Information Communication Technology use in Africa has grown tremendously in the new millennium. Close to 600 million (43%) Africans now have access to the internet, up from 4.5 million in 2000. This growth in the use of ICT has brought with it a rise in illicit online activities.
The information found on the internet is largely unfiltered and this exposes the population to fake news and manipulation by scammers. One common scam is the ‘419’ email scam, which derives its name from Nigeria’s criminal code section 419. These scams were common in Nigeria in the 1990s’ and are also referred to as the advance fee scam. It basically involves promising someone a large sum of money if they can pay a certain processing fee.
Even though the tactic may seem ineffective to the techno savvy who are very aware of this old trick, it can be very believable to a person who is not familiar with these scams. Stories used to lure the victims can be believable since they are quite enticing and are usually written to match current events.
Evolution of Cybercrime
Cybercrime on the continent has evolved into more sophisticated uses of technology, such as malware and botnets. Gone are the days when cybercriminals required the consent of internet users to access personal data, today information can be siphoned using advanced technology. The criminals are continuously updating their tactics at the same pace as the technological advancements. They now even have higher targets in terms of the amount of money they want; the financial sector and government are the major victims because they handle and process huge sums of money.
Cybercriminals are bold enough to take advantage of the tiniest loophole in the financial system as well as insider information in some instances. In March of this year a few employees of TM Pick and Pay, one of Zimbabwe’s biggest retailers, were arrested in connection with a scam in which the retail outlet lost ZWL$22 million, which is equivalent to over USD $250 000. The scammers created an email address almost identical to that of the retailer’s finance manager and they authorized payments of different sums of money into four bank accounts. The theft was only discovered a month later.
This case brings to light some laxities in Zimbabwe’s banking system as well as the retailer’s payment authorization system. They both need to improve their security by verifying payments more meticulously.
The Financial System
A study conducted to assess the cybersecurity environment of 148 banks in Sub-Saharan Africa found that 85% of these financial institutions had already fallen victim to at least one cyberattack resulting in losses. The most common methods include bank card fraud and phishing, which is when emails are sent with the objective of tricking people into revealing their personal information.
The third most common method is core banking, which includes viruses and intrusions affecting information systems. Banks are also impacted by information leakage, identity theft; money transfer fraud, and fake check scams. According to the study, on average, the banks have incurred losses of €770,000, despite their claim to invest a total of €500 000 every year in network security devices to mitigate cybercrimes.
Why is cybercrime spreading at alarming rates in Africa?
Software piracy is one of the major causes of cybercrime on the continent because the software is generally costly. The majority of Africans cannot afford to buy genuine software opting for the cheaper counterfeit versions which leave the computers exposed to cyber-attacks. It is estimated that 80% of all personal computers on the continent are infected with viruses and other malware.
Potential victims of cybercrime do not only lack financial muscle, but they also have no expertise to protect themselves efficiently. This general lack of comprehension about what cybercrime really is, and of cyber law enforcement mechanisms poses a major problem in fighting cybercrime.
The lack of knowledge increases vulnerability, the poor cyber law enforcement leads to a low risk of prosecution for cybercrime. This exacerbates the perpetration of these crimes and greater effort is required to reduce the prevalence of these cases.
Effects of cybercrime on the continent
Cybercrime is aggravating the continent’s socio-economic problems due to the loss of huge amounts of money that could have otherwise been used for development. For example, in 2017 cybercrimes cost Africa $3.5 billion while the region’s gross domestic product (GDP) reached $3.3 trillion.
E-commerce is the key cause of growth in the retail sector as it has created an innovative way of shopping for Africa’s growing middle class.
The e-commerce market in Africa is growing rapidly and cybercrime could hamper this growth. Projections made by McKinsey Global Institute, state that Africa’s e-commerce market will reach $75 billion in annual e-commerce sales by 2025. Continued cyber-attacks may have a negative impact on this projection. In South Africa, where online shoppers are most active than any other country on the continent, about 19,842 cyberattacks are reported in a day.
There is a general mistrust of digital payments made in advance in Africa’s online shoppers. Cash-on-delivery is thus the most common payment method, more than the use of credit cards, which still have low penetration levels. For example, on Jumia Nigeria’s online shopping site, almost 70 percent of registered were cash on delivery.
What can be done?
As early as 2014, efforts to boost cybersecurity were already being put in place on a continental level. The African Union approved a convention on cybersecurity and data protection that would initiate the enactment of personal protection legislation by several countries. Many African countries have now developed legislation to address cyber threats and they have strengthened enforcement measures.
As of 2016, Symantec stated that 11 countries in the continent had specific laws and provisions with regards to The South African government has taken the lead in introducing cyber legislation to address cybercrime and electronic evidence, 12 had taken limited legislative measures, while many other countries had presented bills that had already passed through parliament.
To improve awareness to the less educated population and small business operators, regular educative seminars and workshops must be held. Current trends in cybercrimes and the correct measures to adopt in the fight against cybercrimes must be taught even at all educational levels in countries. Tertiary institutions must also produce more experts to deal with cybersecurity to reduce the forecasted shortfall of 100 000 by last year.
Sector-specific measures must also be put in place especially in the banking sector as they are the most affected. In 2018 The Bank of Ghana, amongst others issued a cybersecurity directive to its financial institutions, setting the framework for safer operations.
The private sector must also continue to be vigilant in its fight against cybercrime since its efforts have already shown efficiency. Government efforts alone are not adequate in the fight against cybercrime.