Fintech is on the fast track but so is cybercrime

20 Jul 2017

Bitcoin is now worth more than gold, and internet banking and mobile money usage globally has rocketed by 34% in the past six years. One thing has outpaced this growth, however: the rate of online fraud.

“Cyber fraud is growing even faster than the move to digital. According to the FBI, losses from online fraud have grown by around 55%,” said Matthew Purchase, partner at pan-African law firm Bowmans. “United Kingdom crime statistics show that one in 10 people in the UK have been affected by online fraud, which is now the most common crime in the UK.”

South Africans were just as vulnerable to cybercrime – if not even more so, he said during a session on Fintech risks and fallout at the “Fintech in Africa: unpacking risk and regulation” conference held at Bowmans in Johannesburg in May 2017.

While the tone of the conference was generally upbeat, with speakers expressing excitement about the possibilities Fintech opens up for Africa, Purchase warned of the increased fraud risks for both businesses and consumers arising from, among other things, the rapid pace of innovation, the demands for immediate transaction settlement, and the challenges around customer verification in the Fintech space.

Almost 9 million South Africans affected

“The same online fraud trends we are seeing in the US and UK are applicable in South Africa and Africa, and some aspects are exacerbated.”

He referred to the findings of the Norton Cyber Security Insights report for 2016, which showed that cybercrime had affected 8.8 million South Africans in the past year and was costing the economy an estimated ZAR 3 billion a year.

The statistics are even worse for Africa as a whole, with 67% of Africans surveyed saying they had been affected by online fraud. “In Africa, a number of jurisdictions have leapfrogged landline and gone straight to digital,” Purchase said, adding that the digital revolution had largely taken place in a regulatory vacuum.

“In South Africa, we don’t yet have the legislative framework to deal with cybercrime. We have the Cyber Crime and Security Bill but it is not yet in effect. But dealing with cybercrime is not only about the legislative framework; it is also about capacitation and implementation,” he said, referring to the gap between South Africa’s anti-corruption law and the difficulty of effective enforcement in practice.

Cybercrime was being launched on a wide front, with many prevalent “species” of online fraud occurring, including identity theft, phishing, vishing, hacking, malware, SIM swops and data breaches – it is estimated that one in every 200 emails received in South Africa is a phishing attempt.  The risk of data theft or loss is also material, Purchase said, and the average loss from an organisational data breach is estimated at ZAR 20 million.

One of the biggest risks facing all companies, large and small, is pressure from consumers for real-time transactions. “This drive creates a very real risk,” he said, noting that while traditional fraud is local, slow, methodical and manual, online fraud is “global, real-time, changing and automated”.

The risk in real time

Market demand for real-time transactions was also fuelling a proliferation of online lending, bringing with it the prospect of a surge in harmful lending practices, said Kirsten Kern, also a partner at Bowmans.

“But harmful lending in the Fintech space is likely to happen through cutting corners and speeding things up rather than being a case of online lenders not being subject to regulation,” she said. “Traditional players argue that Fintech innovators are not subject to the same rules – but that is not entirely correct.  If one focuses purely on the act of consumer lending, online lenders are as much bound by the National Credit Act as anyone else.”

Problems can occur when shortcuts are taken to save time and improve user experience, such as when conducting compulsory affordability assessments. “Consumers might think online lending is a fast, hassle-free way to borrow money but be unaware of the pitfalls.”

Kern referred to a spate of high-profile cases of online lenders falling foul of the authorities in the UK and the US, but pointed out that credit providers in South Africa do not have much leeway in the conduct of affordability assessments. They must adhere to the Affordability Assessment Regulations issued by the National Credit Regulator in 2015.

“The regulations put in place are administratively intensive but serve an important consumer protection ideal. But does this model make sense in a society like South Africa? Are we regulating the consumer out of the market?  A lack of access to well-regulated credit can be catastrophic to the most vulnerable members of our society.  There is a fine line, a delicate balance, and it may be that the regulator hasn’t yet gotten it quite right in spite of its best efforts,” she said.

“The South African regulator is not anti-innovation. It is clear that the authorities will continue to scrutinise online lenders and their business models, as they are alive to the fact that corners are often sought to be cut in this space. The National Credit Regulator has long maintained that reckless lending is a major concern, so Fintech lenders will have to be cautious.”

(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)

Technology Law articles on GoLegal