Information technology security threats in electronic Funds transfer in commercial banks in Kenya
Munguti, Paul M
MetadataShow full item record
Electronic funds transfer systems are rapidly growing in Kenya with entry of mobile networks in e-payrnents. Kenya has embraced phenomenal technological advances in electronic funds transfer as this can be attested by the emergence of M-pesa, MShwari, M-Kesho, Cheque Truncation System, internet and mobile banking among others. There have been a lot of fraudulent transactions taking place either on the Mobile network Operator Services or the commercial bank services. The study therefore focused on determining the extent of EFT threats. and establishing the EFT security measures undertaken to counter the threats and the challenges in enforcing the measures in commercial banks in Kenya. The study used descriptive survey research design targeting all the -lJ commercial banks in Kenya. Primary data was collected using questionnaires. The respondents included IT managers and Information Security managers. The data was analyzed using Factor analysis, means and standard deviation. The findings indicated that the main security threats in the country were Card skimming. Social engineering. Virus. Phishing and Worms. The main measures of countering the threats were firewalls. Use of easy and confidential system for staff to report any abnormal behavior. Consistent enforcing of policies and controls, Enforcement of separation of duties and least privilege, application of Role Based Access Control and use of data encryption are among others. The findings further showed that the greatest challenge for enforcing the measures was the high cost of acquiring, licensing and maintaining the security solutions. In conclusion, the sources of threats are viewed as threats in a moderate extent and small extent across the banks which indicate that there are mitigation measures in place that are good but can still be improved. The possible measures of mitigating the threats were applied in great extent on average across the banks which mean the banks are indeed focused on ensuring EFT security. Finally. the major challenge for implementing fully the measures is financial in nature hence banks should consider having a higher IT budget to help in acquiring the required security systems and paying for the associated licenses.