Accountants raise red flag over rising fraud

Institute of Certified Public Accountants of Kenya (ICPAK) Chairman Mr Benson Okundi (right), confers with his CEO Dr Patrick Ngumi (left) and Mr Fernandes Baraza (centre) during the launch of their service charter recently. [PHOTO: PETERSON GITHAIGA/STANDARD]

Nairobi; Kenya: The Institute of Certified Public Accountants of Kenya (ICPAK) has raised concerns over rising cases of mobile money, procurement and cyber fraud, calling for increased vigilance. While a rise in the number of Internet users is offering more tools and avenues to savvy fraudsters, a surge in mobile phone users is also opening up more opportunities for theft.

Technological advancements have seen banks put in place strict regulations on opening accounts. However, mobile banking platforms have become the weak link for fraudsters to exploit and access bank accounts. This is after more consumers replaced their traditional wallets with digital ones, giving them the ability to pay for goods and services either online or with their cards.

Mobile deviceS

“It is relatively easy to register a phone, mobile number and a mobile money account. Fraudsters therefore steal from bank accounts by accessing the stolen money using a mobile money account,” said  Certified Fraud Examiner Stephen Omuga.

Although Kenya’s mobile financial services landscape has several consumer offerings, mobile payments and mobile banking remain the most popular - having transacted in excess of Sh1.7 trillion this year. On the list of tricks used to defraud mobile phone users, the easiest is sending messages about employment, promotions, new products or messages claiming that cash has been sent by mistake.

.

Keep Reading business

•  NCPB sets in motion plans to compensate farmers for fake fertiliser
•  Governors reject revenue Bill, demand Sh439.5 billion allocation
•  Firm linked to fake fertiliser calls for arrest of Linturi, NCPB boss Premium
•  KPLC to pay Sh500 million for Nakumatt fire tragedy
•  Scented success: Passion for cologne birthed my venture Premium

A more sophisticated technique involves SIM swapping - an attempt to obtain personal banking details through hacking, phishing or insider dealings by dishonest employees. One can also have their SIM card cloned.

While virtually all mobile phone users are exposed to mobile money fraud, the most vulnerable include mobile money agents, Saccos, commercial banks, telecommunication companies, insurance and microfinance institutions and educational institutions.

Customers and firms routinely use mobile money platforms to make payments for point of sale purchases, parking fees, tolls, coffee shop bills, remote purchases, digital content, online subscriptions, mobile top ups, money transfers, remittances and dividend payments as well as person to person transfers.

Although there are campaigns to raise awareness about con schemes and other financial crime risks, fraudsters appear ahead of the game and keep churning out new methods.

“Current efforts clearly lack structure, co-ordination and consistency. Co-operation is key as well as training of staff so that they can identify customers who are at higher risk and provide adequate advice on risk mitigation such as PIN generators versus static passwords, transaction limits and SMS alerts,” said Omuga.

In recent times as revealed by the PriceWaterhouseCooper (PwC) Global Economic Crime Survey 2014 report titled Economic Crime: a Threat to Business Processes, procurement fraud and cybercrime are now highlighted as major economic crimes, shifting from the ‘big three’ to the ‘big five’.

The shift is in line with global survey results, although asset misappropriation is still the leading form of economic crime in Kenya with a high incidence level of 77 per cent, followed by accounting fraud at 38 per cent.

cyber-crime

Procurement and cyber-crime have prominently featured at incidence levels of 31 per cent and 22per cent respectively. Cyber crime costs the global economy about $445 billion every year according to recent research published by the Center for Strategic and International Studies and sponsored by security software company McAfee.

Losses connected to personal information, such as stolen credit card data, was put at $150 billion (Sh13.5 trillion).  Kenya is losing about Sh2 billion annually due to cybercrime, according to the Kenya Cybersecurity Report 2014, prepared by Nairobi-based information technology firm Serianu Ltd.

“Procurement fraud is committed by employees who understand procurement well. It usually involves an insider and a supplier, signing off duplicate or inflated invoices, taking a cut and accepting goods below required standards,” said Reuben Boro Gitahi, a certified public accountant at One Source Financial Services.

Corruption can also influence procurement deals. Before contracts are awarded, the purchaser can tailor specifications to favour particular suppliers, restrict information about contracting opportunities or claim urgency as an excuse to award to a single contractor without competition.

Others include breaching the confidentiality of supplier offers, disqualify potential suppliers through improper prequalification or taking bribes.

Contracts involve a purchaser and a seller who have many ways of corrupting the procurement process at any stage. In many instances, suppliers can collude to fix bid prices; promote discriminatory technical standards; interfere improperly in the work of evaluators or offer bribes.

“The red flags to watch for in procurement fraud include bids that are tailored to meet the specifications of a particular supplier, unreasonably narrow or broad specifications, where there is no clear bid submission information and where specification is done together with the supplier,” Gitahi said.

The PwC Economic Crime Report 2014 says cyber fraud in Kenya had a 22 per cent incidence reporting that involves use of the Internet to perpetuate the vice.

“Cyber fraudsters can target a computer through hacking, a virus, or worms attack. They can also use a computer to attack other computers or to commit real world crime like credit card fraud or pornography,” said Nasumba Kwatukha- a certified public accountant at WIA East Africa

“To deal with cyber-crime, one should disable and log off from their user accounts to prevent access, disable and log off from a group of user accounts which access a particular service that is being attacked; or disable and dismount from specific network devices, for instance disk devices that are being swamped,” said Kwatukha.