Assessment of technological risks facing mobile banking: a case of commercial banks in Kenya

Abstract

Mobile banking technology has been widely adopted amongst all the commercial banks in Kenya. Currently Kenyan banks lose millions of shillings by means of online theft through mobile banking and other platforms. This study therefore intended to address the issues associated with mobile banking and was directed by the following objectives: to understand the mobile banking architecture, to establish the technological risks arising for commercial banks in Kenya as a result of mobile banking, to establish strategies which commercial banks use to mitigate against mobile banking risks, and to propose an integrated risk mitigation framework for use in mitigating against mobile banking risks. The target population was employees within the banking industry from different departments. Purposive sampling was used, which saw 52 staff from 3 commercial banks being sampled. A questionnaire was used as the main research instrument. The collected data was coded into Statistical Package for the Social Sciences (SPSS) version 26 in order to obtain descriptive statistics and correlation analysis. Qualitative data was analysed with the help of NVIVO Version 12 software. The analysed data was presented using charts, figures and tables. The study found that Current Mobile Banking applications leaked protected information while in transit or during communications from mobile phone to the server doing the transaction due to a weakness in the Secure Socket Layer Certificate (SSL). The study also found that banks did not have advanced detection mechanism such as intelligent behaviour monitoring and use of big data analytics technology for fraud detection and behaviour analysis. Lastly the study also found lack of mobile banking risk analysis and mitigation model amongst the 3 selected banks and developed a mobile banking risk mitigation model. The study therefore recommends adoption of the proposed framework which takes into account various best practices from different researchers and practitioners on information security in the context of mobile banking. The study further recommends that banks and other financial institutions should carry out an own assessment and customize the elements of the framework to fit their own organizational contexts.