The money had just hit Sylvia Wanjiru’s account when her phone rang. It was a million-shilling ($7,773) payment from a client, and the caller claimed to be from her bank’s customer service. He spoke confidently, offering to “help confirm the transaction.”

“At first I thought it was just a coincidence,” Wanjiru recalls. But when the same thing happened again, she realised someone was watching her transactions and reported it to the bank.

Her parents were not so fortunate. Pension payments of KES 34,000 ($263) and KES 2,500 ($19) from a mobile money wallet disappeared after they called a number that texted: “*** BANK. Dear Customer, your account has been SUSPENDED. Please contact 010****366 within 24 hours.”  

The money was long gone by the time they rushed to the bank and mobile money provider. Wanjiru’s experience is one among many others. Across Kenya, customers report similar encounters, including calls moments after cash deposits or transfers and text messages disguised as official alerts followed by withdrawals.

The speed and timing point to a possibility that the fraudsters work hand in glove with bank staff and mobile money agents with access to customer information.

Rising cyber-threats

The Central Bank of Kenya (CBK), in its Financial Sector Stability Report 2025, in August reports cases of cyber fraud in the banking sector more than doubled in 2024, rising from 153 to 353, with the amount exposed increasing to KES 1.9 billion ($14.7 million) and losses nearly quadrupling to KES 1.5 billion ($11.6 million).

The Communications Authority of Kenya (CA) reported 7.9 billion cyber threats in the first eight months of 2025, double the figure for 2024. CBK said attacks rose from 7.7 million in 2016 to billions due to Kenya’s economy’s rapid digitisation.

The regulator insists that despite rising risks, Kenya’s banking sector remains “resilient,” able to withstand shocks from successful cyber-attacks. However, accounts from victims, bank staff, and law enforcement suggest that most losses of funds are inside jobs.

A former compliance officer described a shadow industry in Nairobi neighbourhoods like Utawala and Ruiru, which thrives on mobile banking fraud. The setups look like call centre outsourcing hubs with rows of desks, computers, and phones.

“There are bank staff who monitor accounts, tip off the fraudsters, and within minutes, money is pushed into mule accounts,” says one ex-risk and compliance at a major bank. The cash is laundered through mobile money wallets and withdrawn at agents, or some are pushed to crypto wallets.

With 67% youth unemployment, workers are recruited through job ads for “customer service” roles, only to discover that the scripts involve impersonating bank officials or mobile money agents. And because it’s quick cash, many stay.

Pay is per successful hit, which means the more money they steal from customers, the more they earn. Corrupt police officers, according to the former compliance officer, are paid to protect operations, tip off the syndicates before raids, or frustrate investigations.

“It’s a big operation, more than you can imagine,” the former officer says. “The real people behind these schemes are known to some in Kenya Police’s serious crimes division.”

Targets the biggest banks

The people behind the schemes design them for scale, according to an investigations officer at Banking Fraud Investigations Unit (BFIU)—a unit under the Directorate of Criminal Investigations (DCI)—who has handled such cases and asked not to be named. They target banks with vast retail business like Equity Bank, KCB Group, and Co-operative Bank— Kenya’s biggest retail lenders with a combined customer base of over 50 million.  With such big operations, the fraudsters hide in the noise of millions of daily transactions.

Rural pensioners, urban traders, and salaried workers with predictable income streams make easy prey.

“It’s a numbers game,” says the BFIU officer. “The bigger the bank, the more likely someone will slip.”

Most of these frauds are not violent, but sometimes they turn deadly. In April, a teacher in Mumias was trailed and killed after withdrawing KES 285,000 ($206). Detectives believe two bank tellers may have passed on the information to robbers, pointing to insider collusion with criminals.

There are numerous reports of customers being trailed after withdrawing or depositing large sums at banks and mobile money agents across the country.

In 2024, Equity Bank reported it lost KES 1.5 billion ($11.6 million) in what was initially described by news outlets as a sophisticated hacking attack. However, investigators later alleged that bank staff colluded with property developers and lawyers to siphon off the bank’s money from the salary suspense account in thousands of small, salary-like transfers to avoid detection.

Deeper rot

On social media, many Kenyans brush off mobile banking fraud as the work of prisoners with smuggled phones when they are operations run by people living among them. While some operations enjoy corrupt officials’ backing, the BFIU officer concedes that the regulators are overstretched.

“Mobile money and banks process millions of payments daily, and that’s why some of the cases even go unnoticed,” says the officer.

However, faced with mounting fraud, most Kenyan banks have begun housecleaning to restore customer confidence. KCB Group, NCBA, Absa, and Co-operative Bank are some lenders that have recently fired staff over misconduct.

In May, Equity Group took a bolder step, announcing publicly that it was firing 1,500 staff to protect the bank’s image and its customers.

“The moment of reckoning has come,” Equity Bank CEO James Mwangi said in May. “It doesn’t matter how many I will lose. I don’t even care. I will protect the customers and the bank. I will be ruthless.”

The bank has since extended the exercise to its subsidiary in Uganda, which has also suffered staff-linked fraud in the past two years.

Blurring of lines

The lines between cyber fraud, insider theft, and organised crime are blurred. According to the BFIU officer, most victims never report, whether from embarrassment, the small sums involved, or the hassle of filing a complaint with the police, making the CBK’s figure of KES1.5 billion an understatement.

The BFIU investigator says the schemes rarely fall into specific categories. A phishing text may be the start, but a bank teller can pass on stolen data, laundered through mobile money, and protected by police officers. Each stage blurs the line between cyber-attacks, insider theft, and organised racketeering.

The consequence, the former compliance officer warns, is erosion of trust. Many customers, unsure whether the fraudsters are hackers or someone inside their bank, choose not to report. Anxious to reassure shareholders and depositors, lenders frame the losses as “cyber threats” even when investigations show human hands.

This gap between the official narrative and what victims experience is where the danger lies. The BFUI investigator says that as Kenya’s financial system grows, the weakest link may be the people inside—tellers, agents, and officers with access to real-time customer records.  

Mark your calendars! Moonshot by TechCabal is back in Lagos on October 15–16! Meet and learn from Africa’s top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Get your tickets now: moonshot.techcabal.com

CRDB Bank, Tanzania’s biggest bank by assets, has completed a migration of its core banking system from Fusion Banking Essence (FBE), owned by London-based Finastra, to Temenos T24, a move the lender says was necessary to keep pace with regional competitors and prepare for expansion outside East Africa.

CRDB’s chief executive, Abdulmajid Nsekela, told TechCabal that the system migration—which occurred in the first weekend of September—is crucial to the bank’s expansion plans. CRDB already operates in Burundi and the Democratic Republic of Congo (DRC), and is finalising arrangements to enter Dubai, where it expects to serve both diaspora and cross-border clients.

“You cannot provide services in all these countries without having a robust system that safeguards customer information and enables transactions with high efficiency,” Nsekela said.

CRDB joins a growing list of African lenders running on Temenos T24, the Swiss-built, front-to-back core banking platform used by institutions like Kenya’s  KCB Group and Stanbic Bank, which operate across multiple jurisdictions. Such systems are increasingly vital as regional banks integrate operations and compete for cross-border clients.

Nsekela said the upgraded platform now supports transactions in multiple languages and currencies, from Swahili and English in Tanzania to French, Kirundi, and Arabic in other markets.

Core banking migrations remain fraught exercises. Unlike front-end app upgrades, they involve the wholesale transfer of millions of sensitive customer records. In markets where trust in banks can be fragile, even short disruptions risk denting reputations.

CRDB’s 72-hour migration exercise experienced some glitches with customers reporting discrepancies in balances, which the bank attributed to large data transfers between the systems.

The bank’s investment is a continuation of East African lenders’ efforts to modernise their technology backbones. KCB, Equity Group, DTB, and NCBA Group already run multi-market operations on Temenos T24 or similar systems, enabling faster product rollouts across jurisdictions.

By joining their ranks, CRDB hopes to compete for corporate clients and cross-border business as it marks its 30th anniversary. The Dubai expansion is expected to target diaspora remittances and trade finance between the Gulf and East Africa.

The Bank of Tanzania (BoT) is also pushing local banks to upgrade their systems as part of wider financial sector reforms. 

Mark your calendars! Moonshot by TechCabal is back in Lagos on October 15–16! Meet and learn from Africa’s top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Get your tickets now: moonshot.techcabal.com

Every day in Nigeria, over 33 million instant transfers race across our banking rails—from buying fuel and airtime to paying rent. Whether it’s a corporate exec in Victoria Island or an okada rider in Kano, the money moves. But not the context.

Each transaction tells a story: your rent pattern, salary cycle, and debt reliability. But that story is locked in silos. Banks hold it. Wallets replicate it. Fintechs rebuild it from scratch. None of it flows freely until now.

The Central Bank of Nigeria’s Open Banking framework introduces a radical idea: your financial data belongs to you. And if you permit it, any licensed provider should be able to use that data to serve you better.

Everyone wins when financial data is no longer siloed

The biggest winners are the people who’ve had the least control until now: everyday customers. They’re no longer stuck with one provider holding their financial history. They can move freely, compare services, and choose what works best.

This shift also opens the door for builders. Many who spent years working around data restrictions can now plug into verified, standardised APIs. Less time spent reverse-engineering statements. More time solving real problems.

Banks stand to gain too, if they act fast. The ones that adapt can move beyond traditional products and become platforms. By exposing APIs, they stay relevant even outside their apps.

At a broader level, the economy wins. Done right, Open Banking doesn’t just modernise the system; it makes it more inclusive, resilient, and responsive.

From hacky, siloed workarounds to real scalable solutions

Guess what happens when financial data moves safely, with customer permission. That data powers better products, faster decisions, and broader access. These are some examples:

1. Credit that actually works

Lending in Nigeria is mostly guesswork. That leads to high interest rates, collateral demands, and even public shaming when things go wrong.

With open banking, a small business owner can grant access to a year’s worth of bank transactions. A lender reviews verified income data, decides in minutes, and sets up repayment via direct debit. No land documents. No guarantors. No friction.

This is how we make credit cheaper and smarter.

2. A national fraud radar

Every fintech in Nigeria has war stories. Fraudsters exploit weak points, spread funds through mule accounts, and disappear. The damage is local, and the pattern is the same everywhere.

Open banking makes it possible to share live fraud signals. If a bad actor gets flagged at one provider, others can detect and block them in real-time. Shared infrastructure, device hashes, IP patterns, account links, etc., make fraud detection collaborative.

Each fintech player stops playing defense alone.

3. Direct debits that travel with you

Cards are great until they aren’t. Direct debit mandates don’t follow you when you switch banks or change devices. That’s why recurring billing with a bank is clunky and adoption is low.

With open banking, you set up a reusable direct debit mandate tied to your identity. One dashboard shows every recurring instruction from Netflix to PHCN bills. You can cap, pause, or revoke them anytime.

Need more control? Enable two-factor approval. Spot a suspicious charge? You can block it before it hits.

Getting regulation right is key 

Compared to other countries, Nigeria is off to a solid start. The UK’s rollout faced governance issues and weak enforcement. Some banks dragged their feet, and adoption slowed because customers didn’t see enough value or protection.

In Brazil, security concerns and uneven API quality made early adoption tricky. Many people still don’t know how Open Finance works or why they should care.

Nigeria now has a chance to avoid those mistakes. Its rules, laid out in Section 11, outline how consent, security, and reliability should work in every real-world API call, are clear. Its structure is strong. But the real test is in how well providers follow through—and how quickly regulators respond when they don’t.

The real risk: We waste the opportunity

Open banking gives us a rare chance to redesign Nigeria’s financial rails with trust and interoperability at the core. But the system is only as strong as what we build on top of it.  We’ve seen what can go wrong. The eNaira launched with big goals but didn’t take off, partly because people didn’t understand its value.

If APIs are unreliable, if customers don’t understand what they’re consenting to, or if data hoarding continues under new labels, this momentum will stall.

But if we build carefully and fast, we can enable a generation of financial products that are smarter, safer, and truly inclusive.

The APIs are coming. The opportunity is open. The next move is ours.

___________

Lukman Bello is a payments infrastructure expert and Technical Solutions Lead at Paystack, where he has spent more than six years guiding businesses through the intricate world of African fintech. He has overseen integrations for hundreds of notable local and global brands, turning regulatory complexity into clear product strategies and robust code.

Mark your calendars! Moonshot by TechCabal is back in Lagos on October 15–16! Join Africa’s top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Early bird tickets now 20% off—don’t snooze! moonshot.techcabal.com

In 2024, some of Nigeria’s biggest banks decided unanimously to change core software that powered their banking activities. In the TechCabal newsroom, we embarked on a project in response, to demystify these core banking software to our audience and to explain the implications of the change. 

It was after the project I encountered Albert Iloh, who had spent the five years prior selling Union Systems, Nigeria’s first indigenous trade finance software, to banks. I was intrigued by the idea of a local alternative to international trade finance software like Finacle Trade and Finastra Trade Innovation because local alternatives rarely came up in my earlier conversations with banking experts.

Union Systems’ CEO, Chuks Onyebuchi, is my guest on the Day 1-1000 column. He shares with me how the company, which was first established in 1994 as a local partner to international financial software providers, morphed into Nigeria’s first trade finance system.

This is the story of Union Systems as told to TechCabal.

Day 1: Emerging from the shadows

For more than two decades, Union Systems lived in the shadows.

We were the local face of a global software giant, selling, implementing and supporting trade finance software solutions for African banks. We had no product of our own. Every pitch, every integration, every bank knew us by our partner’s name, not ours. If they ever dropped us, we’d be erased.

But in 2017, we finally got a shot by solving a problem nobody else could solve. That piece  of uncertainty gave us the chance to become a company with a name, a product, and a future. The journey would nearly break us. But it also saved us.

Earlier in 2016 we had helped our foreign partner close a over $30 million banking tech overhaul deal with one of Nigeria’s biggest banks, Zenith Bank. 

The scope was massive: every layer from core banking to trade finance (financial services and products—like letters of credit and guarantees—that help companies buy and sell goods internationally) to treasury, risk, and corporate channels (digital and physical platforms that allow business clients to access banking services and manage their accounts). 

As Union Systems, we were tasked with implementing the International Trade Finance (specialised banking services and tools that support cross-border trade) and Corporate Channels modules. But when we reached user acceptance testing, the bank said something we didn’t expect: the Trade Finance module would not solve their unique needs. Not just in a few places but across more than half of their requirements.

The problem was structural. The bank had previously cobbled together six siloed applications to handle the unique requirements of Nigerian trade finance: form M compliance, bidding processes for FX access, local regulatory reporting etc. These nuances don’t exist in Europe or Asia. The software we were deploying, built for international trade finance, didn’t speak the language of Nigerian regulation.

So the bank came to us: could we unify those six legacy systems into one Nigerian Trade Finance solution and then integrate it with the foreign software?

We said yes. 

We didn’t even know how we were going to achieve it. We had no product or roadmap. But we said yes anyway.

Day 730: From Zero to Trade-X

We called it Trade-X, short for Trade Extra. It wasn’t yet a product, just a bridge. Our team began meeting with the silo owners, many of whom saw us as a threat to their jobs. They fed us half-truths, vague specs, and occasional sabotage. Still, we kept asking questions, diagramming workflows, writing code.

We worked under an impossibly tight deadline. Zenith Bank, the client, wouldn’t shift their go-live date because it had been approved by the board. Our consultants moved into nearby hotels, working night and day to convert the local operations and write them into a single platform. We were about 30 employees at the time.

Trade-X wasn’t just a plug-in for the bank, it was a survival plan. At that point, our entire revenue came from our foreign partner. But we knew if we nailed this, we’d no longer be “the guys implementing someone else’s software.”

Two years later, Zenith went live. Our foreign partner protested. They sent a formal letter to the bank urging them not to deploy without their approval. But we were on the ground, and the CIO trusted us. The system launched and stabilised. That was the first day we felt like we owned something real. That was one of the happiest moments of my life; I was so relieved. 

But our partners weren’t happy. The scope creep, the growing independence, the fact that a Nigerian company had pulled off what they couldn’t, it strained our relationship.

After we fulfilled all contractual obligations for the Zenith Bank deal, we walked away.

We then productised Trade-X. Not just as a Nigerian trade operations plug-in to international trade finance, but as a modular solution that could plug into any bank’s core, local or global. Our pitch was simple: “Tell us what trade module your core banking uses, we’ll plug Nigeria into it.”

That pitch won us a bid with FCMB in 2020. Our foreign partners also submitted a proposal but we won. Then Coronation Merchant Bank signed on. Again, we went head-to-head with our former principals. And we won again.

FCMB pushed us further. Rather than integrating Trade-X into their existing system, they asked: “Can you write everything that’s missing in Trade-X and make this a standalone trade finance product?”

So we did. What began as a plugin was now a full-fledged end-to-end application.

Day 1096: The Birth of Kachasi

But we had one more evolution to go. The truth is, Trade-X was still written as a plug-in to the trade finance module of a core banking instead of a stand alone product. It was built to take care of the unique Nigerian regulatory requirements which amounted to up to 60% of the Nigerian trade finance operations. We needed to make our product a full end to end trade finance product taking care of both the international and local trade finance requirements. So we paused. We split our teams. While one supported existing clients, another started writing from scratch. The result was Kachasi.

Kachasi was built to be fully independent, process-driven, and modular. It wasn’t just compliant with Nigerian requirements, it was global, service-oriented, multilingual, and front-end configurable. Bank customers could initiate a trade transaction from their office, home and track their progress without entering the bank.

Wema became its first major user then came Fidelity Bank.

We didn’t stop at trade finance. Today, Union Systems builds specialist enterprise banking software solutions, products no Nigerian company had dared touch.

We launched: Egora, a treasury management software that allows banks do front to back-office processing and management of all their financial instruments in one place ; Sakobia, a Swift messaging engine that converts between legacy MT formats and the new ISO 20022 standard; Tentacles, a middleware layer that connects any of our systems to any core banking software; Isura, a real-time support portal and issue tracking knowledge base; Curia, a full-stack judiciary automation platform that digitizes court documents, enabling seamless e-filing, and integrating virtual hearings.

But trade finance remains our beating heart. We now run trade systems for seven Nigerian banks. It’s still our biggest revenue driver and our greatest proof of relevance.

Present day: breaking the bias

Despite our success, we still walk into meetings where clients ask: “Which part of your software did you build? or “Did you buy foreign IP?

For years, no indigenous company had written enterprise software in these spaces. Trade finance, treasury management, these were domains reserved for foreign vendors. But we knew the local market better. We understood CBN regulations, the FX bidding rituals, the end-to-end regulatory flow. No foreign software does.

Eventually, the market came around. Two banks have now renewed their licenses after five years. Recently, Fidelity Bank reported a 23% growth in the Letters of Credit commission which was attributed to the automation of their trade operations with Kachasi.

We still get pushback. But now we have case studies, references, and metrics. What we no longer need is permission.

The biggest lesson? Don’t give up. I chased that $30 million deal for over two years. When we got the Trade-X letter of award, I didn’t know how we’d pull it off. Even midway through development, when early demos were full of bugs, I thought about quitting. But something told me: if we back down, we lose our chance at identity. Half the time, we were debugging systems full of holes. The other half, we were managing egos, navigating office politics, and pacifying foreign partners who wanted us to stay small.

But we kept moving.

When you’ve been renting your whole life, and someone offers you a sliver of land, you put everything into building on it. We spent every kobo we earned from the $30 million deal reinvesting in Trade-X. We bet the house. And it worked. Today, when we enter a bank’s boardroom, they know our name. Not our partner’s. Ours.

Mark your calendars! Moonshot by TechCabal is back in Lagos on October 15–16! Join Africa’s top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Early bird tickets now 20% off—don’t snooze! moonshot.techcabal.com

Banking in South Africa just took a sharp digital turn. Lesaka Technologies, the fintech firm formerly known as Net1, is acquiring 100% of digital banking upstart Bank Zero in a ZAR 1.1 B (~USD 61 M) deal.

It’s a rare merger of fintech infrastructure and a full banking license that could redefine how financial services reach underserved customers across the country.

The acquisition—announced via a late-night social post by Bank Zero chairman and ex-FNB CEO Michael Jordaan—is being paid for in a mix of Lesaka shares and up to ZAR 91 M in cash.

The deal gives Bank Zero’s shareholders a 12% stake in Lesaka and signals a strategic pivot. Lesaka, having made its name providing fintech rails, now wants to own a bank, too.

Founded in 2021 by Jordaan and banking veteran Yatin Narsai, Bank Zero has quietly built one of the most radically low-cost banking platforms in South Africa.

Its digital-first, zero-fee model has attracted more than 40,000 funded accounts and ZAR 400 M in deposits, without a physical branch in sight. Its patented card technology, which offers separate numbers for different transaction types, is one of many innovations designed to limit fraud and put control back in the hands of users.

But while Bank Zero focused on design and compliance, it lacked scale. Lesaka, on the other hand, has deep distribution across consumer and merchant segments, including a presence on both the Nasdaq and Johannesburg Stock Exchange.

The pitch is synergy: embedded lending, cross-sell, operational leverage. But the real story is about control—of data, of deposits, and of destiny.

By absorbing Bank Zero’s banking license and tech stack, Lesaka gets to escape its dependency on third-party banks. That opens the door to better margins on lending, a tighter loop on customer behaviour, and more regulatory flexibility. It’s also a bet on long-term infrastructure over short-term fintech flash.

Jordaan and Narsai will stay on, and no layoffs are expected following a move that may well signal what the future of South African finance could look like—digitally native, vertically integrated, and built for people who have never truly had a bank that worked for them.

The post SA’s Bank Zero Vowed To Kill Fees—Now It’s Being Acquired To Reinvent Them appeared first on WeeTracker.