Vodacom moves against intensifying cyber risk


Vodacom Lesotho Executive Head External Affairs Tšepo Ntaopane


MASERU – With cybercrime continuing to make headlines around the globe in recent times, giant telecommunications company, Vodacom Lesotho, says to avoid data leakage and misuse of customers’ data they have put controls in place to ensure that their technologies are well protected from any malicious conduct. The company says to adhere to international standards on information security which addresses issues relating to the people, processes and technologies that hold, use and process personal information they continuously test their systems to ensure compliance with the highest cyber security standards.

This is in light of soaring concerns by big banking, commercial and telecommunication companies over digital fraud in the country, made easy by poor digital hygiene. Vodacom’s assurances also come at a time when parliament is likely to reintroduce debate on the controversial Computer Crimes and Cyber Security Act No 6 of 2022 aimed at combating cybercrime, while also giving the state powers to monitor cyberspace, define cybercrimes and prescribe penalties that include fines and lengthy prison sentences. Some of the crimes contained in the legislation include data espionage, cyber terrorism, cyber extortion, distributing child pornography, computer-related forgery and fraud, identity-related crimes, racist and xenophobic insults as well as the distribution of nude images of people without their consent.

Vodacom Lesotho Executive Head External Affairs, Tšepo Ntaopane, speaking specifically to their M-pesa service, said the company sends SMSes regularly to customers to make them aware of imminent fraudulent activities and the importance of keeping their PINs and passwords safe.

Regular educational messages are also flighted on various media platforms – radio, social media and print media as well as Vodacom owned platforms, particularly when certain trends are noted or at peak seasons such as Easter and festive periods. “We also conduct radio sessions where we raise awareness on cybercrimes to our customers. We also do social media posts to teach our customers about safe measures they can take to protect their information. Regular campaigns, cyber clinics and workshops are also held with key stakeholders,” says Ntaopane. In the event of a customer reporting theft on their M-pesa, he said the company assists such customers with details and transaction records that will help show when funds were withdrawn and if their pin was used.

This is where a customer’s pin was compromised and shared to allow a third party to access their M-pesa account. “In the event of the theft happening after a sim swap – we check how the sim swap happened and if it was by a duly authorised person. If we establish that it was not, we take action against staff who assisted and reimburse the customer.  “If the theft is as a result of money being sent to the wrong recipient or agent – the customer is advised to call the recipient and ask the same to return the funds and report the matter to the police if the funds are not returned. “The old process allowed us to call the recipient directly and ask them to return the funds or consent to allow us to reverse the transaction failing which the customer could then report the matter to the police and we assist the police with all information relating to the agent after acquiring a court order. The new process used by Vodacom and other operators in line with the governing law does not allow reversals,” Ntaopane continued. He said customers must ensure correctness of recipient details and in the event of sending money to a wrong party they are enjoined to call the recipient to reverse the transaction. This helps to avoid cases where recipients or agents claim that they were expecting the funds when called by Vodacom call agents and/or simply don’t respond.Educational campaigns around device security – keeping passwords confidential and taking care of what is shared with who, at all times to avoid cases of extortion, while also working with law enforcement when such cases have occurred, is also key, according to Vodacom Lesotho.

The Executive Head External Affairs was quick to also point out to their co-operation with the police on stolen mobile phones and M-pesa-related theft, indicating that once a device has formally been reported as stolen with the police, due process is followed to get a court order to trace the device on the network even if the sim has been changed to assist the police to recover the device.In the event where M-pesa funds in the device are stolen, Ntaopane said it mostly points towards the pin being compromised or shared with the perpetrator. Police, armed with the relevant court order, are usually assisted with transaction records to show where the funds were transferred to or withdrawn so that they can establish who withdrew the funds. “We have a clearly defined process by which police are assisted as a matter of priority where cases of theft of a device and or M-pesa including details of devices used after a sim swap to identify the thief/fraudster – provided the relevant court order is obtained for customer privacy purposes,” he added.

Frequent cases that Vodacom handles

  • Where the customer has sent money to a wrong recipient or agent and the agent or recipient/agent elects to use the funds instead of returning them back to the sender
  • Where the customer has shared their pin/password with a third party and the latter with access to the pin/password and phone withdraws the funds without permission. This often happens with elderly who trust their family members or neighbours to assist them and get defrauded by them.
  • Instances of identity theft where sim swaps are made, and the fraudster uses the new sim to defraud the owner of the account
  • Social engineering where fraudsters trick people by sending digitally engineered proof of transfer of funds and asks the recipient to send the money back or alternatively to give them cash instead.
  • People claiming to sell goods on social media and accept payment via M-pesa only to disappear once payment has been made.
  • Cases of internal fraud in which cases the company dismisses any perpetrator with immediate effect and open criminal cases and reimburse the defrauded accounts

Safety measures to ensure digital hygiene

  • Keep your passwords safe and confidential – just like your bank pin – data is the new currency
  • Keep your passwords complex but easy for you to remember…not your name or birthday or anything that can link back to you or be easily identifiable.
  • Do not recycle passwords
  • Where possible do not use similar passwords/ pins for M-pesa account, bank account, laptop, cellphone etc
  • Do not share YOUR M-PESA PIN with anyone at all
  • ALWAYS check and confirm the LEC meter number, Agent name and number, recipient number and name before confirming a transaction.
  • Your money is your responsibility
  • Be wary of sharing too much personal information on social media platforms – hackers use this information to find loopholes.
  • Minimise posting your whereabouts while still there as your property might be compromised and, the above also helps hackers to build a profile on you.
  • Regularly update your devices to the latest software updates.

Leave a Reply

Your email address will not be published. Required fields are marked *