Online fraud

Making Online Payments and How to stay safe from hackers while at it


Online Payments, we all have engaged on one or another, even if it is a simple payment for Internet or TV subscription. These include all B2C (Business to Client Transaction) , B2B (Business to Business) Transactions conducted online or through mobile money integrated via APIs to our GSM sim cards to facilitate payments.


How it works…

You have been introduced to an online shop, they have the best prices and the items on sale are great. Since the transaction is made online then most definitely you will pay via any of the available platforms, these include Credit or Debit Cards (Visa, MasterCard etc), M-Pesa, online wallets (PayPal etc).

How do these online wallets/payments work and how do they get intruded. For one, each of these payments methods requires cash loaded either via banks or mobile money. The service provider needs to provide his/her website with secure options to facilitate those payments using secure payment wallets.

Managing these securities on API’s (Application Programming Interface) are never cheap, so in some cases online shops use shortcut methods to facilitate transactions and in the process open up a window for hackers to infiltrate and steal from unsuspecting customers.

We can never also rule out the presence of Online Shops that actually facilitate fraud in their payment methods.

So once the wallet is loaded with cash, a user provides access (through payment terms and regulations) for either one off payment or Subscriptions where payments are deducted on a time frame, weekly, monthly or bi-annually (especially using card Payments).

There have been instances where a user may not know the difference and allows his/her card open for a subscription and regular payments made without their knowledge.

Some financial institutions have devised a way to manage this by allowing clients to verify payments before they are made, or agree how long the card remains open for transactions (2hrs or 24hrs) that way after a transaction is made, the card holder can close it to further transactions.

READ  OPINION : Our Country is headed towards a cliff

This entirely does not keep hackers at Bay. More security measures need to be taken from a users end.

  1. If you are a regular online purchaser using a card, open a bank account specifically for that purpose, and only load the payment amount + transactions charges, so once the payment is done, you are left with zero balance till the next transactions.

This way the card and account is only active for active purchases only.

  1. When you are opting out of payment platforms that you had registered, ensure you delist your card before you close your account.

There are service providers who will still deduct payments even when you opt out, this is because the API platforms are 3rd party, so you need to have the card withdrawn from the payment platform completely before you close accounts with the online store.

We have applications especially the ones around us, where from the app you select to make a payment via M-Pesa and it opens a message box to input MPesa Pin.

This is one of the most common B2C platforms that even Microfinance institutions & financial lending apps use. Currently there have been more security measure in place to avert fraud on this platform, but as I said, they come at a cost. So some institutions may try to minimize costs and not consider safety of clients putting them at risk.

With these multi online payments platforms available an introduction to online wallets like PayPal came about, but not all platforms have had their security at their best. Some of the wallets facilitate fraud and money laundering. This can be done through idle wallets.

A user may innocently open up a wallet and make payments, but he/she never uses it again or forgets the access credentials and never resets it. This is big investment for a hacker. They can hijack the wallet and use it to commit fraud and it gets penned on you.

READ  Diamond Platnumz is a cheating bastard, let’s leave it at that!

It’s usually safe to suspend a wallet not in use, or regularly update credentials as strong as possible till you find use for it.

Card payments and API at physical stores haven’t been spared either. There have been instances where swiping your card at your local store, restaurant or night club landing you in financial problems. There have been instances where fraudsters use ping devices either physically attached to the card reader, or the public WiFi (which in some stores is the same network used in the billing system: Professionally this is not advisable).

Once the ping devices get hold of the card data they can register it elsewhere for further transactions and wipe clean your account.

After a night of shots and fun you wake up with a bank transaction of an item that was never delivered to you and you will never own.

So how do we avert these instances that lead losses to us. A separate card/account for online purchase is advisable, keeping a transaction limit per period is also key. That way, your banker will limit any extra expenditure outside your periodic limit on your card at any given time.

Regularly get transactions statements for your purchases and compare with receipts. And change/update card passwords as often as possible.

Crypto Currency…

A technology that came about to try and minimize the multi currency exchange that may hinder transaction of business from multinationals and individual players.

Crypto’s as they are known (BitCoin,Etherium,Ripple etc) have no specific base of production and supplies and are only made upon demand.

READ  OPINION: Truth, Justice and reconciliation on Kenya's election

Plus there are no specific sources that can be tracked and traced. With adequate facilities one can start a node (a centre for mining and distributing crypto)

Hackers have devised ways of opening nodes and using these nodes to transfer cash to coins, and vice versa. This way, they make it easy to move huge sums across various crypto platforms then to a different currency.

For instance, hackers can move about 100M over multiple small transactions in multiple Banks in different countries and continents. Then using multiple nodes, convert some to BitCoin, others to Etherium, others to Ripple. Then using new nodes, transfer the Cash to maybe Gold Purchases, Stock Purchases, and sell the same as legal tender as either Dollars or Sterling Pounds…

It takes a big unit of hackers to move all this weight, there are units of hackers that have over 1k members all over the world. This makes movement of the loot easy for them as one individual can move small-unnoticed weight.

Crypto, were introduced with best of intentions, but the cash back then came with it and opened up a window that as at now, may take a long while to repair. Cash back is when a node owner trades his/her mines for cash. This allows for fraudulent nodes to be created and not only by hackers but fraudulent business men who wish to evade taxes, understate their earnings, hide their corrupt loot, Banks, insurance, and hedge fund CEOs scheming from their employers.

The debate on acceptance of crypto in many economies is aroused by many issues than when addressed could scale up their use in many economies.



The Writer Martin Deporres is a System Architect at ConnectBiz Africa.

Reach him on:



Phone: +254-725-924-633

 926 total views,  3 views today

Facebook Comments
Spread the love

SMS 'Truth' to 22285 for EXCLUSIVE & BREAKING NEWS.

Pesa pap website bannerWeb banner

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.