[kictanet] Unauthorised SIM swaps while roaming
Willis Muriu
wmuriu at gmail.com
Wed Oct 26 09:59:13 EAT 2022
Dearl Listers,
I have been asking myself what is the role of The Office of the Data
Protection Commission in all this.
I think this is squarely on their plate as a Commission.
I am okay with the Class Action lawsuit because this is not the first time
such cases have happened.
Regards,
Willis Muriu
+254 715 530 349
On Tue, Oct 25, 2022 at 9:34 PM Mike Theuri via KICTANet <
kictanet at lists.kictanet.or.ke> wrote:
> JG,
>
> Thank you for these additional details. I will pass on the same to the
> individual(s) for their information.
>
> The legal route seems inevitable, many have no credible avenue for redress
> and are suffering from losses incurred.
>
> On exhaustive measures, the reporting on the first case is worth a read on
> the hurdles many consumers face in resolving such issues ie
> arbitration/tribunal etc, Re: US man who sued Safaricom for Sh4,300 due to
> fraud loses case
>
> Regards,
>
> Mike
>
> On Tue, Oct 25, 2022 at 7:21 AM James Mbugua <jgmbugua at gmail.com> wrote:
>
>> Listers,
>>
>> There is a class action lawsuit that has been filed against Safaricom for
>> the same and other victims have been asked to join the suit. See attached.
>>
>> They are taking people all this week as well.
>>
>> Straight up Negligence they are going to lose, there is no question about
>> that. The only legal intrigue there is what contributory Negligence the
>> court might be willing to attach in some of the cases and how damages will
>> be split.
>>
>> The other issues will be the culpability of CA which is a named
>> respondent, as well as the Central Bank of Kenya which regulates M-PESA,
>> which has not.
>>
>> The inability or reluctance of regulators to do their job was inevitably
>> going to lead to the Court's stepping in to mark down the law.
>>
>> For those who wish to join the case see details in the cutting attached.
>>
>> You can also reach me on WhatsApp 0721321819 I put you in touch with the
>> advocate handling it.
>>
>> Regards,
>>
>> JG
>>
>>
>>
>> On Tue, 25 Oct 2022, 10:18 Mike Theuri via KICTANet, <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>>> Hi Barrack,
>>>
>>> Thank you for the insight. I hope the CA will communicate with citizens
>>> who are facing this predicament. Unknown to me at the time of posing the
>>> query, the party cited in the Citizen article has filed the case as a class
>>> action. I believe the service provider and the authority are respondents in
>>> the same. Hopefully this will not preclude them from addressing this issue.
>>>
>>> There are citizens who simply want such issues resolved without
>>> resorting to legal contests and lengthy procedures that lead to nowhere. It
>>> is unfortunate that some staff seem to have succumbed to a lack of
>>> integrity by virtue of their location. Safaricom taking action is
>>> commendable but more needs to be done to discourage others from attempting
>>> the same in a situation where some may rationalise that the risk justifies
>>> the "reward" even if they are sent home .
>>>
>>> I cannot speak as to what the service providers internal controls are,
>>> however in sensitive data systems, audit trails of who accessed data, who
>>> altered it and when etc should be bare minimum measures. I have checked
>>> with one of the victims of such a swap (not a party to any of the mentioned
>>> cases) and they are still trying avenues to get the attention of the
>>> authorities in what appears to be a syndicate involving more than the just
>>> the service provider but staff in financial institutions and third parties
>>> who are specialising in identity theft. Something drastic needs to be done
>>> to protect consumers before these syndicates cause irreversible harm to
>>> many. Hopefully that will be done without delay.
>>>
>>> Mike
>>>
>>> On Sun, Oct 23, 2022 at 1:44 AM Barrack Otieno <barrack at kictanet.or.ke>
>>> wrote:
>>>
>>>> Hi Mike,
>>>>
>>>> This is quite unfortunate. The Communications Authority has the
>>>> ultimate responsibility of protecting consumers, they are on the mailing
>>>> list with us. It would be great to hear their position on this issue. Be
>>>> that as it may, service providers such as Safaricom have been taking action
>>>> lately
>>>> <https://www.standardmedia.co.ke/business/article/2001458438/safaricom-fires-24-employees-for-m-pesa-fraud>.
>>>> It seems this issue became more prevalent the moment employees started
>>>> working from home under limited supervision. It appears staff do not
>>>> espouse the same value systems they have in the offices at home which could
>>>> be a discussion for another day. I hope the Communication Authority can
>>>> pronounce itself on the issue.
>>>>
>>>> On Thu, Oct 20, 2022 at 10:02 AM Mike Theuri via KICTANet <
>>>> kictanet at lists.kictanet.or.ke> wrote:
>>>>
>>>>> Dear Listers,
>>>>>
>>>>> There seem to be a number of sim swaps reports that point to possible
>>>>> insider actions within the service provider. Ostensibly such swaps seem to
>>>>> target Kenyans traveling or living outside the country for an
>>>>> extended period of time.
>>>>>
>>>>> The most likely way they seem to happen would be if the service
>>>>> provider employers were involved in facilitating the swap.
>>>>>
>>>>> As these tend to be Kenyans resident outside the country, what
>>>>> recourse or measures can they take to ensure the problem is addressed and
>>>>> action is taken against the culprits?
>>>>>
>>>>> Are there regulatory contacts and/or corporate officers other than
>>>>> customer service where such issues can be drawn attention to, more so for
>>>>> individuals who cannot present themselves in person by virtue of being
>>>>> outside the country?
>>>>>
>>>>> Are there alternative consumer protections that exist where a provider
>>>>> cannot be expected to credibly investigate and implicate itself in such
>>>>> actions for liability reasons or alternatively where procedures are
>>>>> employed in such a way that a consumer faces numerous hurdles and laborious
>>>>> procedures to resolving such issues?
>>>>>
>>>>> Being asked by some of the likely actors of the swap to report such
>>>>> issues to a police station which is thousands of kilometres away is
>>>>> impractical in a timely fashion. Particularly when it appears the acts are
>>>>> being carried out within the service provider by employees taking advantage
>>>>> of Kenyans they determine to be living abroad and likely in collusion with
>>>>> 3rd parties.
>>>>>
>>>>> More detail in the below articles. In the first instance, the
>>>>> complainant's comment in response to the news article offers more context
>>>>> to their complaint, they appear not to have exhausted procedures outlined
>>>>> in "Terms and Conditions". While they did not succeed in the court case, it
>>>>> is apparent they were able to prove the aspects of insider actions. Without
>>>>> insider collusion such acts would be difficult if not impossible to carry
>>>>> out.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Mike
>>>>>
>>>>> US man who sued Safaricom for Sh4,300 due to fraud loses case
>>>>>
>>>>> https://www.facebook.com/standardkenya/posts/pfbid0gdoH1xbvRh8SUtcw195SX1bUC43oL1E2byx2ZQeg2wsNNK2phDWsFhXf7VkVUqGtl
>>>>>
>>>>> Man In Court Seeking Ksh.400K From Safaricom
>>>>>
>>>>> https://www.citizen.digital/news/man-in-court-seeking-ksh400k-from-safaricom-n307745
>>>>>
>>>>> Incident 3 involving customercare at safaricom.co.ke. Some potentially
>>>>> identifying minor detail is omitted:
>>>>>
>>>>> I misplaced my Kenyan phone while traveling here in Canada sometime in
>>>>> May this year .
>>>>> I called Safaricom on June XX, 2022 asking them to replace my SIM card
>>>>> with one of the SIM cards I had with me.
>>>>>
>>>>> They advised that since I was out of the country , I could not do it
>>>>> over the phone but needed to email them the request.
>>>>>
>>>>> I sent the email to them on June XX. On June XX, 2022 they sent an
>>>>> email asking me to send all my details:
>>>>> 1. New SIM card serial
>>>>> 2. Passport / of number
>>>>> 3. Passport copy and ID copy
>>>>> 4 My most recent MPESA transactions
>>>>>
>>>>> On June XX, 2022 I sent them all the details minus copies of my id /
>>>>> passport
>>>>>
>>>>> They responded by asking me to send them a copy of ID, passport and
>>>>> exit stamps.
>>>>> I did not send them this and a few days later I found my previously
>>>>> lost phone.
>>>>>
>>>>> I called Safaricom and they advised me that my phone is not locked /
>>>>> blocked and that I could continue using it.
>>>>>
>>>>> Since I do not use my Kenyan phone while in Canada it was not charged.
>>>>>
>>>>> On September XX, 2022 I noticed Whatsapp activity on my Kenyan phone.
>>>>>
>>>>> I called Safaricom and they said: You swapped your phone on June XX,
>>>>> 2022 and you have been using your MPESA account a lot recently.
>>>>>
>>>>> In summary:
>>>>> I do believe the Safaricom employees swapped my phone immediately I
>>>>> sent them information indicating I was out of the country
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> KICTANet mailing list
>>>>> KICTANet at lists.kictanet.or.ke
>>>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>>
>>>>> Twitter: https://twitter.com/KICTANet/
>>>>> Facebook: https://www.facebook.com/KICTANet/
>>>>> Instagram: https://www.instagram.com/KICTANet/
>>>>> LinkedIn: https://www.linkedin.com/company/18428106/admin/
>>>>> YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
>>>>>
>>>>> Unsubscribe or change your options at
>>>>> https://lists.kictanet.or.ke/mailman/options/kictanet/barrack%40kictanet.or.ke
>>>>>
>>>>>
>>>>> KICTANet is a multi-stakeholder Think Tank for people and institutions
>>>>> interested and involved in ICT policy and regulation. KICTANet is a
>>>>> catalyst for reform in the Information and Communication Technology sector.
>>>>> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
>>>>> Research, and Stakeholder Engagement.
>>>>>
>>>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>>>> online that you follow in real life: respect people's times and bandwidth,
>>>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>>>> not spam, do not market your wares or qualifications.
>>>>>
>>>>> KICTANet - The Power of Communities, is Kenya's premier ICT policy
>>>>> engagement platform.
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Barrack Otieno*
>>>> *Trustee*
>>>> *Kenya ICT Action Network (KICTAnet)*
>>>> *Skype:barrack.otieno*
>>>> *+254721325277*
>>>>
>>>> *https://www.linkedin.com/in/barrack-otieno-2101262b/
>>>> <https://www.linkedin.com/in/barrack-otieno-2101262b/>*
>>>> *www.kictanet.or.ke <http://www.kictanet.or.ke>*
>>>>
>>> _______________________________________________
>>> KICTANet mailing list
>>> KICTANet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>> Twitter: https://twitter.com/KICTANet/
>>> Facebook: https://www.facebook.com/KICTANet/
>>> Instagram: https://www.instagram.com/KICTANet/
>>> LinkedIn: https://www.linkedin.com/company/18428106/admin/
>>> YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
>>>
>>> Unsubscribe or change your options at
>>> https://lists.kictanet.or.ke/mailman/options/kictanet/jgmbugua%40gmail.com
>>>
>>>
>>> KICTANet is a multi-stakeholder Think Tank for people and institutions
>>> interested and involved in ICT policy and regulation. KICTANet is a
>>> catalyst for reform in the Information and Communication Technology sector.
>>> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
>>> Research, and Stakeholder Engagement.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>> KICTANet - The Power of Communities, is Kenya's premier ICT policy
>>> engagement platform.
>>>
>> _______________________________________________
> KICTANet mailing list
> KICTANet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Twitter: https://twitter.com/KICTANet/
> Facebook: https://www.facebook.com/KICTANet/
> Instagram: https://www.instagram.com/KICTANet/
> LinkedIn: https://www.linkedin.com/company/18428106/admin/
> YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/wmuriu%40gmail.com
>
>
> KICTANet is a multi-stakeholder Think Tank for people and institutions
> interested and involved in ICT policy and regulation. KICTANet is a
> catalyst for reform in the Information and Communication Technology sector.
> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
> Research, and Stakeholder Engagement.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
> KICTANet - The Power of Communities, is Kenya's premier ICT policy
> engagement platform.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20221026/4714db0f/attachment-0001.htm>
More information about the KICTANet
mailing list