Fintech and cybersecurity, fintech in africa

Q&A with Ebai Ojongtambia: Fintech and the State of Cybersecurity in West and Central Africa 

It’s no secret that financial technology (fintech) is one of the fastest-growing technologies in Africa. With 92.3% of the continent’s internet users accessing the web through a mobile phone, it makes sense that Africa is the global leader in developing and scaling mobile money platforms.

However, like any other disruptive technology, the increased access to banking services presented through mobile money transactions has created new space for hackers to exploit vulnerabilities, particularly regarding data privacy concerns, fraud, and identity theft. 

So, we’ve decided to delve into the future of cybersecurity as Africa’s fintech industry grows with Ebaiq Ojongtambia. She has over a decade of experience in audit and risk management in the traditional banking industry and a background in information technology security at PayPal. 

Currently based in Cameroon, she is applying her years of experience to help women develop soft and technical skills to land various tech industry jobs through her non-profit, Kuva Africa. In our interview, we spoke about the landscape of mobile money in her home country of Cameroon, the unique cybersecurity threats facing some of the largest fintech platforms in Central and West Africa, and how stakeholders can stay one step ahead. 

  

How has the landscape of mobile money changed since you moved to Cameroon? 

When I came in 2019, mobile money was primarily centered around sending cash through texting. Now, there are more customer-focused products and an increased ease of use. That includes applications from large mobile money players like MTN (72 million users across 16 markets) and Orange (over 90 million users across 17 countries). Smaller organizations like Wave (6 million users) also exist in the space. 

I’ve seen growth in the number fintech companies over the past five years because of the large audience. People have bank cards but gravitate toward mobile money because it’s easier: you don’t need a lot of identification and paperwork to access these platforms like you do when opening a bank account. 


How do you see fintech changing Africa’s financial industry? Will it replace traditional banking systems or how the continent invests money and trades stock? Why or why not?

It shouldn’t replace traditional banking systems because many fintech platforms I’ve encountered focus on transactions like paying bills or buying goods and services. Traditional banking systems that provide loans and investment opportunities are still needed. That said, there is an opportunity for fintech platforms to fill that gap, possibly starting by focusing on loan and borrowing systems (M-KOPA is one example).  

In the photo: M-POKA’s pay-as-you-go service dashboard. Users can purchase goods like a new smartphone using a loan, which they pay in small installments over time. The “Unlock Phone” feature is for users who stopped making payments as the phone becomes locked once a user misses an installment. 

©M-POKA.


How would you advise someone to start a career in fintech, particularly in risk management?

I always encourage people to research and use free resources like LinkedIn or a simple Google search to understand the career and the transferable skills they already have. You’ll learn the technical part, but skills like problem-solving, communication, and critical thinking are also essential. 

Additionally, it’s important to have a hunger to learn; look for a mentor on LinkedIn.  Simply saying, “Hey, I really want to know about your work as a risk manager in mobile money. Are you free for a quick chat?” can go a long way. 

I think being intentional about the research you’re engaging in and how you ask others for help can guide you to your goals. You may have to pay to get certified in risk management, but do your research to understand which certifications will make you more valuable to a company or client. 

How does your advice change for someone trying to enter a mid-senior role in the fintech industry? 

When you are ready to grow in your career, start seeking opportunities within your company. If that role isn’t available, see about getting a rotation. That’s how I got into audit at W.S. Technology Solutions. I reached out to my manager and expressed my desire to allocate my free time to learning about that niche, and we made an arrangement. 

Reading about what you’re trying to get into, reaching out to someone in that position, looking for a mentor, and upskilling yourself can help you advance in your career. 

 

Would you offer the same advice to someone looking to found a fintech solution? 

Absolutely, because there’s really no “new” business idea, many people are building variations of the same thing. See if someone’s already doing what you want to or something similar. Research their story and message them, asking for a few minutes to learn what challenges or lessons they can share. 

The consistent theme across each scenario, as it relates to developing your career, is being able to ask. That’s what we teach at Kuva Africa: the ability to advocate for yourself. Many times, people say, “I’m quiet,” we respond with, “Confidence isn’t about being the loudest in the room. It’s about knowing what you need and finding the resources to get those answers.” 

In the photo: Networking and learning online and in person can help you grow your fintech career. 

©LinkedIn

 

Based on your experience in risk assessment, crisis management, and IT audits, what are some of the most common cybersecurity threats that hinder the successful evolution and adoption of fintech in Africa? 

Humans are the most significant data security threat because we do things without knowing it’s a security issue. I’ve seen fintech professionals in Cameroon being very casual about others using their computers, which opens up the opportunity to paste your passwords or access and exploit other vulnerabilities. I think continuously training staff on security risks and security management measures can help ensure fintech platforms remain protected from cybersecurity threats.  

Beyond that, there are the usual things — fraud, identity theft, cyberattacks, and natural catastrophes that impact the functionality of servers that host these fintech platforms. 

For instance, on March 14, 2024 four subsea cables (West Africa Cable System, MainOne, South Atlantic 3 and the Africa Coast to Europe) along Africa’s West Coast were cut by what MainOne reported to be some form of underwater seismic activity. MTN services were down in Cameroon, Nigeria and Ghana, and we couldn’t use mobile money exchange services. This incident shows we can’t solely depend on underwater cables; we need backup systems. Having multiple off-site locations where servers can pick up the network would help immensely. 

It all ties back to security risk awareness and management. When fintech companies understand the unique data security threats they face, they can continuously employ the appropriate training and systems to ensure resilience. 

 

What goes into identifying, assessing, and mitigating risks associated with fintech adoption? 

For somebody developing a mobile money product, make sure the data users will input (I.D. number, name, date of birth, bank card) is secure. 

There are numerous ways of doing this, but a couple that come to mind are installing various types of firewalls that consistently monitor and detect threats and ensuring the platform leverages continuous automated penetration tests (every few seconds) in addition to bi-monthly human penetration tests or audits

Hackers are constantly devising new ways to penetrate software. When a platform makes money and allows users to exchange it, it must continually test for vulnerabilities. Basically, a mix of cloud security practices, in-person audits, and penetration tests best help organizations identify, assess, and mitigate security risks on fintech platforms. 

©yellow.systems

 

How do these practices change for vendors using the fintech platform’s services? 

I suggest conducting Google searches to see if the company has had any issues. Also, ask them to share their ISO or PCI certification. 


What are some common data privacy concerns with the mobile money platforms you’ve experienced since moving into the fintech industry? Also, how do you see those concerns evolving as hackers become more advanced? 

I would say fraud and identity theft are the two main ones. 

A few months ago, a friend of mine received a call from an individual who claimed to be an Orange representative. The “representative” asked for my friend’s security PIN, and my friend declined. The “representative” then offered to text my friend a link to use and enter their PIN, which my friend did, because they thought the hacker wouldn’t see it as they weren’t sharing that information directly. However, entering their PIN via texted link gave the hacker enough access to clear my friend’s account. Orange couldn’t refund the money because my friend willingly entered their personal information, so there was no way to verify the hack. 

Hackers are exploiting the lack of data privacy awareness among fintech users. This ties back to a lack of information and knowledge, which is one of the most significant hindrances to the successful evolution and adoption of fintech across the continent. Effective education is so important here, not just for the employees within a fintech company but also for the platform users. 

That’s where our cybersecurity resources and certifications come in. If you’re a member of the public looking to better understand how to protect your data on fintech platforms, browse our blog for the latest best information security practices. For those who want to break into the cybersecurity industry, our introductory ISO/IEC 27001 certification trainings can help. We also offer cloud security and penetration testing courses for professionals looking to upskill themselves and increase employment and entrepreneurial opportunities. 

For more questions or best information on security practices at large, email us at talkagile@agileseventeen.com.