Africa’s mobile money ecosystem processed $81bn in transactions last year, with volumes peaking sharply in December as urban workers sent money home for the festive season. This year will likely match or exceed that figure. But this seasonal surge exposes a troubling reality: the platforms millions now rely on have not kept pace with the level of trust placed in them.
As transaction volumes climb, so does fraud. Phishing scams masquerade as holiday promotions. SIM-swap attacks target accounts with high balances. Social engineering exploits the urgency of festive giving and the cultural expectation to respond quickly to requests for help from relatives. For cybercriminals, December is peak season.
The consequences extend beyond individual losses. Trust in mobile money is built one safe transaction at a time, but a single fraud incident can destroy it overnight. Victims often abandon these services entirely and warn others to do the same. This has a negative impact on the entire ecosystem.
The root of the problem is structural. Unlike traditional banking apps, many mobile money platforms still lack robust encryption and multi-layered authentication. Four-to-six-digit PINs remain standard, creating vulnerabilities that criminals exploit to intercept data and hijack accounts. These are not minor technical oversights; they represent a fundamental mismatch between the sophistication of the threats and the defences in place.
The solutions exist. AI-driven fraud detection can identify suspicious patterns in real time. Multi-factor authentication adds meaningful barriers against unauthorised access. Real-time monitoring systems can flag and block fraudulent transactions as they occur. What’s missing is not technology, but the urgency with which it is deployed, particularly during periods when users are most exposed.
Consumer vigilance remains essential. Although two-step verification is simple to enable, it is still underused. Users must learn to recognise warning signs, such as unsolicited requests for PINs, messages from unknown numbers claiming to be relatives in distress, and offers of rewards in exchange for personal details. When seasonal urgency meets sophisticated fraud tactics, a moment’s pause to verify can prevent significant loss.
The festive season lays bare both the promise and the precariousness of Africa’s digital financial infrastructure. Millions rely on mobile money for their most important transactions of the year, yet the very features that make these platforms indispensable — accessibility, speed, and convenience — also make them vulnerable.
Security cannot be an afterthought, only addressed when attacks spike. Platforms must invest in protection that matches the scale of usage. Users must take active steps to secure their accounts. Building a truly resilient digital financial system requires both parties to fulfil their responsibilities. Until that happens, December will continue to be as lucrative for criminals as it is important for families.
Allan Juma, Cybersecurity Engineer, ESET Africa
