Bank fraud attempts during the holidays?

2017 has been a long year for Kenyans and while December brings several official national holiday rest days –  December 12 (“Jamhuri” or Independence) December 25 (Christmas), December 26 (Boxing) and the January 1 (New Years Day), December is usually considered a  slow month for business activities. This is because many employees take their annual leave days and combine them with the official rests for extended breaks during which they make annual trips with their families to villages, wildlife parks or to the Kenya Coast and other choice destination. This is one of the high seasons for tourism in Kenya, and while hotel rates and airline fares are two or three times what they are at other times of the year, these services are still completely sold out.

The long holiday season has also come to be associated with something else – bank fraud attempts. This was first seen with an odd discovery at KCB that customers could only withdraw amounts over Kshs 100,000 (~$965) from their home branch. i.e the branch in the town where the customers first opened an account, got a chequebook, deposited identification documents. This is a relic of banking, that goes back to the days before there was internet and before banks had network systems that connected branches and enabled customers to transact at any branch, in any town or at an ATM, internet, agent, or devices such as an app or mobile phone – unlike at home branches where managers and staff personally knew their customers and extended services to them. The sudden and odd rule was greatly inconveniencing, as it was introduced just ahead of the travel period when people would be traveling far away from their home branches – to other towns and even countries.

Bank staff later said the Kshs 100,000 limit was a temporary rule that had already been rescinded. It had been introduced with no warning at all, but it was apparently aimed at minimizing fraud attempts.

There were customer alerts at other banks too: Barclays  Bank sent a notice for customers not to share their PIN’s with anyone  – “DO NOT share your banking PIN or password with anyone via phone, email, SMS or even in person” – as their staff would never ask for anyone to share their PIN, while Bank of Africa (BoA) informed customers that banking services would be unavailable on the internet and through ATM’s that were not those of BoA.

Also Pesalink which had an advantage of higher transfer amounts than mobile money service providers, sent a notice to customers at  many of the two dozen banks that have the service about a reduction in limits that could be transferred, by almost 2/3 – at one bank, FCB, this went down from Kshs 1 million (~$9,650) per day to Kshs 350,000 (~$3,340), a temporary measure they said that would be restored after December 26, 2017.

Even the revolutionary M-shwari, a partnership between CBA and Safaricom, which just celebrated its fifth anniversary and which was about to roll out segmented pricing as well as fee rebates to customers who repay their loans promptly, had a 48-hour outage and other disruption over Christmas that left a fraction of its customers (17,700 of the 21.1 million customers) temporarily locked out of the savings and loan system.

And it was exactly five years ago that some Standard Chartered customers faced cases of mysterious account debits that the bank had to resolve after that Christmas break.

Will this fraud be an annual holiday practice? To expect reduced services every December to guard against fraud?  To be continued..