Online banking and shopping in Kenya are highly risky with companies having limited security measures in a growing cyber crime environment.

This is according to the ‘Kenya Cyber Security Report 2014’ prepared by the Telecommunications Service Providers Association of Kenya (TESPOK).

The study was conducted in February 2014 among online banking, shopping and payment websites in Kenya.

And in particular, the report revealed that banks are becoming more susceptible to cyber attacks.

“The study revealed that Kenyan online banking portals have limited security mechanism to protect the customer’s login credentials to the platforms,” the report said.

“Out of 33 banks sampled, only 2 banks had client side encryption implemented. This means that for the remainder of the banks, a sniffer on a customer or end user PC network will reveal the users passwords and keystrokes even for secured HTTPS sites.”

The report goes on to say that, “It should also be noted that the SSL encryption used on the various bank sites are not well implemented meaning that they can be easily circumvented in order to perform man-in-middle attacks.”

TESPOK also conducted an independent research and found out that the top four online commerce in Kenya have no client side encryption, dangerously exposing shoppers to HACKERS.

The Kenya Cyber Security Report 2014 also highlights growing areas of concern in respect of online security, and recommends actions for government and companies.

Currently, Kenya’s government is putting together a cyber security policy.