Safaricom Lost Sh2.6B During System Shutdown And Why It’s Market Dominance Is A Threat To The National Security

On Monday, the entire country went into a communication blackout thanks to the shutdown of Safaricom operating system that would last for two straight hours before a shaky regain that went on for ages. The network outage began at about 9.40 a.m. and persisted till 4.30 p.m. during these hours, voice, data, texts, and Mpesa transactions remained inaccessible, the impact for such a player in the telecom market that it dominates remains immeasurable.

With 27.7 million customers, 71.2 percent of the market share, Safaricom is the largest telecoms firm in Kenya with a significant presence in the financial services market through its M-Pesa platform. According to the Communication Authority’s data, about Sh3.3 trillion moved through the M-Pesa platform in the year to December 2016 — translating to an average Sh9 billion per day or about Sh376.7 million every hour. During the system fallout on Monday, it’s estimated the company made a loss of 2.6B, and that’s only through the Mpesa services if you factor in voice, text, and data then you get a huge deficit.

With the enormous responsibilities that Safaricom holds in the financial sector through Mpesa services, Monday’s outage had a domino effect on the economy, bringing to the fore a worst-case scenario that the Treasury warned about last year.
Multiple banks have hooked up their systems to M-Pesa, including Kenya’s biggest KCB. A good number of services delivery companies have pinned their payment system to Mpesa, and the freeze meant no business. The damage cost is beyond bad taste.

Safaricom remains a big target for cyber criminals, but the company boasts of the impenetrable barrier reef. Recently, Safaricom’s Risk Management unit detected the intrusion and immediately escalated the incident to the security agencies. “Safaricom maintains a state-of-the-art information security system which quickly triggers an alarm if a breach is detected. This matter is being treated with the seriousness it deserves with the suspects due to be arraigned in court. I wish to assure our customers that all their data is safe and we have no evidence of any money being removed from the system,” said Bob Collymore, CEO, Safaricom. One customer lost Sh266,000 through an unauthorized SIM Swap by a Ugandan suspect who was arrested and charged, however, proactive action saw them refunded immediately after the incident.

Collymore says Safaricom routinely and proactively implements preventative and detective controls around its information security on all its platforms.

The firm holds the globally acclaimed ISO 27001 Information Security Management System certification that confirms adherence and implementation of appropriate processes and controls relating to mobile data, mobile money services, cloud services, billing and customer support services. With all these bravadoes, it bears logic how they went off for that long time. Kenya Insights has reached out to several technical insiders but who’re beyond scared to talk as they’re under warning and full surveillance from talking to media and leaking the main factors behind the system freeze. Worry not as we’re in full trail and will soon publish what exactly happened and why Safaricom is fighting hard not to let out the secret.

For now, one thing is clear that the country can’t afford to be held at ransom with Safaricom with its dominance, it’s a shame a country with several SPs went into total communication blackout. There’s need to spread the risk and create a level play business environment. It is time Mpesa which remains Safaricom’s most valued product cutting its bar higher than the risk be separated from its communication services. CA has to play its regulatory role by implementing strict balancing policies without puppetry and bullied by the giant. Safaricom has on several occasions shutdown attempts to level the market space, and CA has not been any helpful. It is not surprising that telecom companies keep coming to Kenya and going.

Going to the General election, that will run on an electronic platform and the vulnerability of the country to violence on the slightest provocation, Kenya can’t afford to risk running such an exercise on a nervous network system. A failure on the Safaricom system during voter tallying and results transmission would be catastrophic. With such a loophole, it is highly possible that rogue elements would either work internally or sabotage the system from outside to interrupt Safaricom transmission for result manipulation.

It shouldn’t surprise that during the elections, a similar shutdown happens and while the technical team works to restore the system, results manipulation would be ongoing by the instigators. It would go off when one candidate is ahead of polls, switch to manual transmission then roll back hours later digitally when the reverse has been done. This is a reality we’re staring at. It is for such logistics risks that IEBC must but entirely rely on mobile subscribers but start considering satellite options for smooth transmission. During the last elections, CORD in their petition before the Supreme court has accused Safaricom of having colluded with Jubilee in electoral fraud; they’re moving to the Aug polls with the same suspicious cap.