KCB Bank App users have been most affected.
While the bank on Wednesday moved to reassure its customers that their money was safe, fresh details have emerged to imply that a client, who sought anonymity with Daily Nation, lost Sh8,000 last week, in a transaction which he did not authorise.
Without his knowledge either, the customer claimed that the money was later snaked back to his account, after numerous complains through social media channels.
“We advise that the issue has been resolved. The transaction has been reversed back into the account,” a KCB staffer told the affected customer via its social media platform, after the customer made blistering attempts to have his cash back.
A spot check of the complains by this writer via the lender’s social media feeds, confirmed that the affected customers who shared their complaints said they have so far lost amounts ranging from a few thousand shillings to nearly Sh100,000.
Considering the bank sacked a whopping 31 employees in 2016 over fraud, it could be a crippling anomaly amongst staff, who according to the customer’s complaints were defensive when quizzed over the illegal deductions. In total, KCB has fired 154 employees for fraud and unethical behaviour since 2014.
“The bank’s staff, when asked to explain the transaction, insisted that the customer withdrew the funds using its mobile money platform, a charge he denied,” the Nation reported of the anonymous contact.
On Wednesday, Pulselive.co.ke reported of a panic amongst the lender’s customers over the increased complains from clients who alleged massive debit transaction on their mobile banking systems, without their knowledge.
It would later emerge that some of them had their personal identification numbers, fondly PIN, which are used to access their electronic money, changed. A customer, Nixon Njuki said his access to his account was withheld after he realised a changed password to his system.
“Someone called me with all my bank details claiming he is from KCB Bank and that you have changed the m-banking pin from 4 to 6 digit. Now my mobile app says my pin is blocked,” a Nixon wrote to the bank.
The bank on Wednesday, however, acknowledged having received numerous complains, and later said it would take nearly a month to establish the hitch on its system, a far much longer time, given the weight of the matter.
“KCB Bank Kenya Limited is aware of social media conversations regarding allegations of unauthorized deductions in clients’ accounts. We have taken up the matter with the seriousness it deserves and would like to assure all our customers that their money is safe,” said the lender.
In January, National Bank of Kenya (NBK) said it had stopped an attempted theft of Sh29 million in a case where hackers tried to transfer deposits to mobile money accounts.
Additionally, in December 2017, Commercial Bank of Africa’s mobile money service, M-Shwari, was hit by a system malfunction that saw customers report similar, unexplained bank account deductions.
Kenyan banks in September confirmed a cyberattack on their inter-bank money transfer platform PesaLink, but said neither cash nor customer data was lost or stolen.
The Central Bank of Kenya (CBK) has already raised the red flag as its Banking Fraud and Investigation Department has noted increased cases of ICT-related fraud in the sector.
“Another emerging threat has been cybercrime where criminals gain unauthorised access to institutions’ computer programs and data,” the banking regulator has said.
“As a result, there is an urgent need for the banking sector management to ensure increased use of computer-based transaction process is matched with effective controls.”
Meanwhile, KCB Group is yet to give the exact amount that may have been lost in the week-long unauthorised deductions.