Kenya’s commercial banks on Thursday reported a cyber attack on their inter-bank transfer platform PesaLink.
Integrated Payments Service Ltd (IPSL), the operator of PesaLink, which is jointly owned by banks, said it stopped a hacking attempt into the low-level real-time gross settlement channel.
Neither cash nor customer data was lost or stolen.
“We write to confirm that an attempt to access the PesaLink platform was recently intercepted,” said Jennifer Theuri, chief executive of IPSL.
“Our cyber security team successfully managed to trace and stop the transactions in close collaboration with the banking partners,” Ms Theuri said in response to the Business Daily.
According to sources, the cyber attack on the platform may have resulted in loss of millions.
PesaLink, which is owned by lenders’ lobby group Kenya Bankers Association, said it had reported the attack to Central Bank of Kenya.
It moves an average of Sh50 million daily.
“The actions were duly reported to the Central Bank of Kenya with further investigations to unmask the individuals involved now under way and the perpetrators will be prosecuted to the full extent of the law.”
The hacking disclosure came as KCB customers remained locked out of the PesaLink service for the past fortnight in what the lender attributed to an ongoing upgrade of its software.
Kenyan commercial banks hatched the plan to establish a mobile phone-based direct money transfer system in 2012 in the heat of financial pressure from services such as M-Pesa and MobiKash.
