The digital era has brought many benefits to banking, such as making it more efficient and convenient. However, it has also brought a lot of cybersecurity threats that banks and their customers have to deal with. In Uganda, customers of various banks have been targeted by hackers, who make unauthorized deductions from their bank accounts.
This has become a common problem, and the banks often deny responsibility, saying that customers need to protect their account details.
These incidents of unauthorized access and deductions from customer accounts have raised concerns about cybersecurity in the banking system.
It is important for both the banks and the customers to take significant steps towards enhancing cybersecurity to prevent such incidents in the future.
A recent court ruling in Uganda has made customers even more vulnerable.
How a bank account is hacked
Often, the journey towards losing money from bank accounts starts with phishing scams where customers receive fraudulent emails or messages impersonating the bank and asking for sensitive details.
Once the information is shared, hackers can easily access the accounts. In other scenarios, malware or spyware installed on customers’ devices can capture keystrokes to gather login credentials.
Additionally, skimming devices installed on ATMs or point of sale machines can also harvest card details which are then used for unauthorized transactions. Sometimes, bank employees could collude with fraudsters, providing them with the necessary information to access and siphon funds from customers’ accounts.
The court ruling
A ruling by Justice Stephen Mubiru of the Commercial Division of the High Court in Uganda asserted that digital fraud on bank accounts is a result of clients’ carelessness with their banking details.
The judge emphasized that it’s the customer’s responsibility to keep their banking information, user IDs, passwords, and PIN numbers confidential. This ruling came in a case where a woman sued Centenary Bank for withdrawals made to her account without her knowledge.
However, the judge absolved the bank of any liability, stating that the plaintiff was in a better position to detect any fraud on her bank account. This ruling underscores the legal framework within which banks operate, shifting the responsibility of securing account information solely onto the customers.
What needs to be done?
To enhance security and protect customer data in the banking system, the following actions need to be taken:
Customer Education
Banks need to educate their customers about the importance of keeping their banking details confidential and the risks associated with sharing such information. This can be done through cybersecurity awareness programs that educate customers about the latest threats and how to protect themselves.
Two-Factor Authentication
Banks should enforce two-factor authentication to strengthen account security. This additional layer of security significantly reduces the chances of hackers taking over accounts.
Regular Monitoring
Customers should regularly monitor their account activities and promptly report any suspicious transactions to the bank. Banks can also implement real-time monitoring systems to detect and alert on unusual account activities.
Legal Framework
A more robust legal framework should be established to hold banks accountable for frauds and ensure they invest in top-notch security systems to protect customer data. Legislative action can act as a deterrent to lax security practices within financial institutions.
Responsive Customer Service
Banks should have responsive customer service to address customer complaints in a timely manner. Prompt resolution of issues helps restore customer confidence in the banking system.
By implementing these measures, banks can enhance security, protect customer data, and mitigate the risks associated with online banking.
Read About: Insiders remain a key threat to corporate cybersecurity in East Africa
