Recent allegations of insider fraud at Absa Bank Kenya have intensified customer concerns over the bank’s data security practices and internal controls which is largely under the leadership of Abdi Muhammed.
A recent case involved a customer who received an unsolicited call from someone claiming to represent Absa Bank and promoting a mobile money product.
Suspiciously, the caller already had access to the customer’s personal information, including their national ID, email, and full name.
Later, the same customer reportedly received a call from an official Absa line, warning of a potential unauthorized attempt to access their account.
Following the caller’s instructions, the customer unwittingly compromised their bank details, resulting in a drained bank balance.
Such incidents underscore significant vulnerabilities within Absa’s internal systems and security protocols, hinting at potential insider threats.
Absa has faced several high-profile data breach incidents in recent years, with a whistleblower recently revealing extensive data theft and misuse within the bank’s Timiza department, which operates a popular mobile loan app.
According to reports, Timiza employees allegedly collect sensitive data from customers’ phones without consent, including SMS content and financial information, which is then transmitted to third-party servers like PNGME.
This information is said to be accessible to unauthorized personnel, raising severe privacy concerns.
Further, Absa’s data center in Westlands has also come under scrutiny for alleged unethical practices, with employees accused of selling customer records, including credit card and personal banking details, on the black market.
This underground data economy not only fuels cyber fraud but exposes customers to significant financial risks.
Employees have reportedly bypassed internal security mechanisms, such as firewalls and intrusion detection systems, facilitating these illicit activities.
Customers continue to report receiving unsolicited calls and messages for loans and products from companies they never approached, raising questions about the sale of personal data.
These recurring breaches point to systemic issues within Absa’s data management protocols.
Despite the bank’s claims of employee fraud training and awareness campaigns, the reality remains that such measures have not sufficiently deterred insider malpractices.
Absa recently disclosed that it lost over Ksh 107 million to fraud, partly recovered through internal interventions, yet these measures appear ineffective against sophisticated insider fraud.
The Central Bank of Kenya (CBK) and Absa’s South African headquarters are currently investigating these allegations, reflecting growing regulatory pressure for banks to implement stronger security and accountability measures.
For customers, the ongoing security lapses at Absa Bank reinforce the importance of caution and vigilance, particularly regarding unsolicited communications. Without substantial reforms and rigorous data protection measures, Absa Bank risks further reputational damage and erosion of customer trust.
Add Comment