Enhancing Security Of Mobile Banking And Payments In Kenya

Abstract

The onset of e-commerce has led to the use of electronic devices such as computers and portable devices like phones and tablets in carrying out online financial transactions through deposits, withdrawals and funds transfer. Mobile banking has advanced e-commerce but has experienced challenges. Financial institutions are trying to cope with the dynamic nature of technology by offering convenient services to customers at the expense of security. This research demonstrates the vulnerability of mobile banking in Kenya, to cyber attacks such as phishing, ransomware, social engineering and database attacks that have led to a rise in banking fraud. Penetration testing was done on six mobile banking applications used by Tier 1 category of banks in Kenya. From the penetration, testing it was evident that most mobile banking applications were not secure, whereby they did not adhere to the Open Web Application Security Project 2013 (OWASP) guidelines, used for the development of secure web applications. A survey was also carried out for the collection and analysis of data, which guided the development of the model and prototype. This research provided solutions in enhancing security of mobile banking by demonstrating how security in both the application and network layers could be achieved through development of a secure M-banking application. These solutions involved the use of hashing algorithms like the Secure Hash Algorithm (SHA), encryption algorithms like Advanced Encryption Standard (AES) at the application layer. Encryption at the network layer was provided using Secure Socket Layer (SSL). The OWASP standards provided guidelines in the development of the application. Confidentiality, Integrity and Availability, which are pillars of security provided the basis of this study, where by to provide security in M-banking, issues to do with the CIA (Confidentiality, Integrity, Availability) triad needed to be addressed. Key words: - Availability, Confidentiality, Integrity, Mobile banking, Open Web Application Security Project, Security.