There is a need for the Savings and Credit Co-operatives (SACCOs) across the nation to deliberate on the dynamic need for implementing cybersecurity measures in their businesses.
As of October 2024, 174 Saccos had been registered in the Country, playing a crucial role in promoting saving culture and socio-economic development of many citizens.
However, all the efforts to realise the targeted socio-economic development in this digital era have faced a major cybersecurity threat both for the Saccos and their members.
In recent years, the discussions have intensified around the growing threats posed by cybercrime and the digitalisation of Sacco’s products in a bid to enhance service delivery, a move that has seen the country register some positive results in the fight against cybercrime.
Evans Oteko, the Sales and Relationship Officer for the Stima Sacco-Kisii branch, shares the Sacco’s watertight security measures as part of the successful approaches in its strong growth and innovation.
The ability for Stima Sacco to highlight its watertight security measures during the exhibition in the recently concluded Migori Agricultural Show (ASK) not only attracted new members but also earned high praise from the show organizers and secured the entity a prestigious award – The Best Sacco Stand in the Cooperative movement category.
Founded 51 years ago (1974) for the employees of the then East Africa Power and Lighting Company, the SACCO opened its common bond to the public in 2010, making it the largest SACCO in Kenya and the second largest in Africa, boosting an asset base exceeding Sh69 billion and a massive membership of more than a million.
Addressing a crucial concern about the safety of their members’ deposits, Mr. Oteko says that Stima Sacco has invested heavily to combat fraud and cyber threats.
“This dedicated investment in the latest e-platforms and security structures allows Stima SACCO to confidently through this comprehensive approach, Stima Sacco not only excels in service and growth but also sets the standard for deposit safety in the Kenyan cooperative sector,” he explained in an interview with KNA.
He emphasised the need for SACCO’s to concentrate on cyber security and data protection by developing comprehensive cyber security strategies to protect their systems and members’ data.
For example, implementing data protection policies that comply with local and international standards can make Saccos more secure in their digital platforms. By monitoring, identifying and responding to potential cybersecurity threats, SACCO’s can improve overall resilience to the rising cybercrime.
Awareness campaigns like what the SACCOs did during the July 12 Ushirika Day will ensure members are informed about the importance of cybersecurity and how they can protect themselves from potential scams and data breaches, apart from their vital contribution to the country’s economic and social development.
Gusii Mwalimu SACCO, another visible cooperative entity, also made a compelling statement at the Migori Agricultural Show 2025, highlighting a not-so smooth journey it had made so far to allow it stand on a stable ground today.
Originally known as the Teachers Sacco, the institution successfully opened its door to the public back in 2018, serving diversified membership, including bodaboda riders, police and county government staff.
The SACCO’s staff management led by Ms Cynthia Boke emphasised that there’s rapid growth and shift from exclusive teachers’ body to a financial institution for all through an uncompromising focus on securing members’ deposits.
The SACCO’s most distinguishing feature is its innovative and uncompromising defense against the rampant threat of Subscriber Identity Module (SIM) swap and account theft.
The institution employs an immediate, automated security protocol designed to protect savings at the first hint of compromise.
Ms Boke explained that they have a mechanism that automatically locks a member’s account the moment the system detects that the SIM card has been tampered with, specifically if it is moved from one phone to another.
Furthermore, the Sacco mandates that the account will only be reactivated once the member physically comes to the office to report the cellphone or SIM card breach.
According to Boke, this critical, high-friction step ensures that the person accessing the funds is the legitimate owner. Complementing this, the Sacco has 24 hour dedicated ICT technicians operating a system with anti-hacking trackers.
The introduction of the Confidentiality, Integrity, and Availability (CIA) framework of cybersecurity used by banks can help Sacco protect data from unauthorized access, modification of information and accessibility.
The government initiative to put in place the Sacco Societies Regulatory Authority (SASRA) to ensure Saccos operate within a safe and secure structure has enhanced regulatory frameworks, promoted financial literacy, and offered targeted funding initiatives to expand Saccos’ reach and impact.
Cyber threat is not only the risk facing Sacco’s, the financial risks, for example, is one of the greatest challenge, with about 80 percent of Kenyans being listed on the Credit Reference Bureau (CRB).
SACCOs must take a proactive role in helping members repair their credit and rebuild their financial stability, an initiative that the SACCO’s can take beyond just offering credit but also educating their members on financial literacy, concludes Ms Boke.
By Makokha Khaoya and Agimba Charles
