Sarah Lowman writes that the computer is one of the most important revolutionary discoveries in the development of the technical-technological civilization. That in only 50 years’ time many devices for storage and processing of massive data have been discovered and enhanced. But apart from all advantages and benefits that the computer has brought about very soon, it has also become a device for misuse in the hands of individuals, groups or even organizations.
Cyber fraud also known as electronic fraud, is an unfortunate concept born out the use of computing power and other technologies to steal money and other resources of pecuniary value from unsuspecting navigators of the online spaces. This has become an issue in Uganda and is prevalent amongst persons who use mobile enabled and online financial services such as banking, transfers and online purchases.
Indeed, according to a Financial Sector Deepening (FSD) Report on banking and the status of financial inclusion in Uganda: Insights from FinScope 2018 Survey, 12% of persons with back accounts prefer mobile banking as the channel of choice and 2% preferred internet banking as the mode or channel used to access banking/financial services.
But again, the online domain has transformed retail and commerce. Digital marketplaces have made goods more accessible. Specialised websites and dedicated apps have quickly multiplied and have simplified access to all types of commodities and services. The transformation of legal commerce has also been reflected in the criminal domain.
We have also recently observed a couple of trends viz; synthetic identity fraud, the use of AI-based attack vectors, the rise in fraud-as-a-service, contactless fraud from contactless mobile payments, pig butchering where fraudsters search dating and social media sites for victims and create fake accounts to interact with them inter alia.
Effects:
The impacts of a single, successful cyber fraud attack can have far-reaching implications including financial losses and loss of consumer confidence and trust. The overall monetary impact of cyber fraud on society and government is estimated to be billions of dollars a year. It is no wonder statistics estimate that the cyber fraud has grown to become a hundred billion industry world over and it is expected to triple by 2025. The most outstanding effect remains the jeopardisation of financial transaction integrity.
Response of the law:
Uganda has a number of laws that govern online conduct, transactions etcetera. The most famous is the Computer Misuse Act Cap. 96. It defines electronic fraud under Section 19 to mean deception, deliberately performed with the intention of securing an unfair or unlawful gain where part of a communication is sent through a computer network or any other communication and another part through the action of the victim of the offence or the action is performed through a computer network or both.
I have previously expressed reservations over the depth of this definition’s coverage vis-à-vis modern cyber fraud. Also given that this is from over 13 years ago, it’s spirit didn’t foresee and is out of touch with the rate of sophistication in computing power, emerging technologies and other variables that have made the modern threat landscape murky waters for the authorities and victims.
On to sophistication; the modes of cyber fraud have changed over the years to also include ransomware which has become rampant these days. In my unpublished undergraduate thesis from May 2021, I argue at the time that the internet, in particular, was a great tool for scammers and other miscreants, since it allowed them to ply their trade while hiding behind a shield of digital anonymity. This posed significant challenges to law enforcement agencies, regarding their ability to investigate crimes which are complex, occur in a virtual environment, incorporate multiple (often international) jurisdictions, and have a very low reporting rate.
… the internet, in particular, was a great tool for scammers and other miscreants, since it allowed them to ply their trade while hiding behind a shield of digital anonymity
I have since harboured a fresh perspective that differs from that position which is that emerging technologies such general purpose and generative artificial intelligence have made it easier for rogue cyber actors to execute their attacks in ways that are so deceptive the victims will usually never see it coming.
What needs to be done:
We need to wake up to the reality that commerce, communication and the access to information are dominated by the internet. The digital transformation of our economies, societies and private lives is progressing fast and will continue to impact all aspects of life.
From the regulators’ perspective, Bank of Uganda (BoU) needs to continuously issue risk management guidelines to the Supervised Financial Institutions (SFIs). They also should increase oversight surveillance capacity through new methodologies of risk-based supervision as well as financial innovations in development, deployment and use.
Increased research into the modes, the threat vulnerabilities that allow rogue cyber actors to prey in the unsuspecting victims. This will inform efforts for continuous policy development so that laws maintain their relevance in a contemporary setting. Incidentally, an amendment of Section 19 of the Computer Misuse Act Cap. 96 will ensure that we maintain the relevance of that very provision.
Relatedly, policy makers and regulators should guide policy discussions to focus on regulation of financial innovations. Financial innovations are on the rise and ever evolving, this means that the lacuna will always equally be evolving and this calls for the maintenance of a robust regulatory and supervisory framework. Such a framework should possess the capability to identify threats posed by the transition and provision of prompt alleviation actions.
Trainings and awareness campaigns are important for all in society. There is a need for a structured training and certification programme/framework for cybersecurity related careers in Uganda. Campaigns like Beera Steady targeting users will continue to play a great role in creating awareness and vigilance around cyber fraud related issues. Like saying goes; educated consumers are empowered consumers.
Awareness at critical levels enables and promotes the identification and reporting of the cyber fraud attacks. Conducting cyber awareness amongst the employees of these financial institutions and the law enforcement agencies such as the cybercrimes division of police on electronic fraud, investigation and as I previously opined, inculcation of threat intelligence know-how to detect these threats as and when they are posed and to devise measures to counter these threats.
The government also has an important part to play in the funding of awareness as between the public and other financial and ICT service providers. This means enhancing the capacity for staff on the evaluation of ICTs’ risks and conduct of ICT audits. Education/awareness will go a long way in enabling us create and curate a database of all reported cases for predictive analysis and education of the authorities to have meaningful implementation in investigation as well as assessing the scale of damage and threat posed by the cyber fraud scourge.
As I take leave of the matter …
Digital financial services (DFS) hold great promise as a means to enable financial inclusion and thus help improve people’s lives. Due to the impact of technology in the banking sector, customers are moving away from using cash and checks and relying more on electronic banking to complete transactions. We need a proactive approach to policing online fraud in the banking sector of Uganda. This will take a concerted effort from all parties along the value chain, those that develop these technologies, the financial institutions who roll-out or deploy them, the regulator and the users of these technologies.
