In 2024, insider-led cyber security attacks emerged as the most significant threat, resulting in organizations losing billions, as highlighted in the inaugural Digital Identity Fraud in Africa Report.
The rise of insider-assisted account takeover fraud (ATO) has become increasingly alarming, alongside traditional methods such as phishing and credential stuffing.
The report indicates that this trend was especially notable in West Africa, with East Africa also witnessing high-profile incidents in commercial banks and fintech companies.
“In the second quarter of 2024, several Nigerian banks dismissed multiple employees involved in fraudulent activities, leading to substantial financial losses for the sector. Similar incidents were reported in Kenya and Uganda,” stated Mark Straub, CEO of Smile ID.
He emphasized that the danger of insider-assisted ATOs lies in their capacity to circumvent standard security measures like multifactor authentication.
Fraudsters exploit either compromised access or willingly shared credentials, making these breaches particularly challenging to identify and thwart. The resulting financial and reputational harm to institutions can be profound.
“The key to effective fraud prevention is adaptability. While AI equips fraudsters with advanced tools, it also empowers security professionals to leverage global intelligence to combat zero-day attacks and automate previously manual processes,” Straub noted.
“Fintech platforms with inadequate know-your-customer protocols are particularly at risk, as these criminals utilize identity farming to establish fraudulent accounts that obscure the origins of illicit funds. Addressing these vulnerabilities necessitates collaboration among industries, governments, and technology providers to foster a safer digital environment.”
The findings from Smile ID, a leader in identity verification solutions, reveal that in addition to internal cyber theft, East Africa experienced the highest rejection rates for biometric and document verification due to outdated, inconsistent, and low-quality identity documents, complicating the verification process.
East Africa has seen the highest rejection rate for combined biometric and document verification attempts, hitting 27 percent in 2024. This issue largely stems from the use of outdated, inconsistent, and low-quality identity documents, which complicate the verification process, according to the report.
Utilizing anonymized data from over 110 million identity verification checks performed by Smile ID across Central, East, West, and Southern Africa in 2024, the report revealed advanced fraud tactics that exploit weaknesses in fintech platforms and digital ecosystems. These tactics have been exacerbated by emerging technologies like generative AI, deepfakes, and insider-assisted schemes.
Document fraud continues to be a major form of identity fraud in Africa, adapting alongside technological advancements and the growing dependence on digital verification methods.
As the first comprehensive study on identity fraud trends across Africa, this report sheds light on the persistent challenges and potential opportunities within the continent.
The shift towards biometric verification over traditional methods has notably enhanced fraud prevention, reducing the overall fraud rate during customer checks to 25 percent in 2024, a decrease of four percentage points.
However, this progress has led fraudsters to devise more sophisticated methods targeting biometric systems, resulting in significant financial losses across major African markets.
“Despite enhancements in KYC processes, overall fraud losses have surged in key African markets, including Kenya, where one of the largest lenders suffered a loss of Sh1.5 billion to fraud,” the findings indicate.
African digital platforms are increasingly vulnerable to cybersecurity threats, with authentication fraud rates now four times higher than those observed during the registration process.
This trend underscores the escalating risk of account takeovers as cybercriminals focus on user authentication systems.
Recent fraud statistics reveal that illegal activities on digital platforms are most prevalent from 10 PM to 6 AM East Africa Time (EAT), peaking at 2 AM EAT.
The cover of night seems to offer cybercriminals an advantageous opportunity to take advantage of security vulnerabilities.
Mobile Software Development Kits (SDKs) have emerged as the leading method for identifying fraudulent activities, responsible for 68 percent of all detected fraud cases.
Other fraud detection solutions made up the remaining 32 percent, highlighting the critical role of mobile security measures in the fight against digital threats.
