Information Technology Security Threats in Electronic Funds Transfer in Commercial Banks in Kenya
Abstract
Electronic funds transfer systems are rapidly growing in Kenya with entry of mobile
networks in e-payrnents. Kenya has embraced phenomenal technological advances in
electronic funds transfer as this can be attested by the emergence of M-pesa, MShwari,
M-Kesho, Cheque Truncation System, internet and mobile banking among
others. There have been a lot of fraudulent transactions taking place either on the
Mobile network Operator Services or the commercial bank services. The study
therefore focused on determining the extent of EFT threats. and establishing the EFT
security measures undertaken to counter the threats and the challenges in enforcing
the measures in commercial banks in Kenya. The study used descriptive survey
research design targeting all the -lJ commercial banks in Kenya. Primary data was
collected using questionnaires. The respondents included IT managers and
Information Security managers. The data was analyzed using Factor analysis, means
and standard deviation. The findings indicated that the main security threats in the
country were Card skimming. Social engineering. Virus. Phishing and Worms. The
main measures of countering the threats were firewalls. Use of easy and confidential
system for staff to report any abnormal behavior. Consistent enforcing of policies and
controls, Enforcement of separation of duties and least privilege, application of Role
Based Access Control and use of data encryption are among others. The findings
further showed that the greatest challenge for enforcing the measures was the high
cost of acquiring, licensing and maintaining the security solutions. In conclusion, the
sources of threats are viewed as threats in a moderate extent and small extent across
the banks which indicate that there are mitigation measures in place that are good but
can still be improved. The possible measures of mitigating the threats were applied in
great extent on average across the banks which mean the banks are indeed focused on
ensuring EFT security. Finally. the major challenge for implementing fully the
measures is financial in nature hence banks should consider having a higher IT budget
to help in acquiring the required security systems and paying for the associated licenses.
Citation
Master of Business AdministrationPublisher
University of Nairobi