COLUMNS: Mobile money and banking safety in Tanzania: Part 2

DAR ES SALAAM: OCTOBER is the Cyber security Awareness Month, and in our second week we focus on a topic that touches nearly every Tanzanian household, business and corporate organisation: Mobile Money and Banking Safety.

Protecting Your Money in the Digital

Age Today, mobile money is not just a convenience; it is a lifeline. From sending money to relatives in rural villages, paying school fees, receiving salaries, to making quick business transactions—mobile money services such as MPesa, Mixx by Yas, Airtel Money, Halopesa and T-Pesa are at the heart of our economy.

Likewise, digital banking through apps, ATMs and internet banking has transformed how Tanzanians interact with their financial institutions. But with this growth, cybercriminals have also found opportunities to trick, steal and exploit unsuspecting users. It is therefore crucial for individuals, SMEs and corporates to adopt safer practices.

The Growing Importance of Mobile Money and Digital Banking

• High adoption rates: Tanzania has over 68 million registered mobile money accounts, with daily transactions valued in trillions of shillings.

• SME lifeline: Small and medium enterprises rely heavily on mobile payments to manage cash flow, pay suppliers and receive customer payments.

• Corporate dependency: Banks and corporates increasingly integrate mobile money into salary payments, supplier settlements and utility payments.

The speed and convenience of mobile transactions is a major driver of financial inclusion. However, as systems expand, so does the attack surface for fraudsters. Common Mobile Money and Banking Threats in Tanzania,

1. Social Engineering & Phishing Fraudsters call or send SMS pretending to be from your mobile operator or bank. They may ask you to share your PIN or OTP (onetime password), claiming your account needs “verification” or that you’ve won a prize.

2. SIM Swap Fraud Criminals fraudulently register your SIM card to a new device and gain access to your mobile money wallet.

3. Fake Mobile Apps & Websites Downloading unverified apps or visiting fake bank websites can expose your login details.

4. Insider Threats Sometimes, fraud originates from employees within financial institutions or agents who misuse access.

5. Business Email Compromise (BEC) Corporates are increasingly targeted through fake emails instructing them to change supplier bank accounts.

6. Weak Passwords and PINs Many people still use simple codes like 1234 or birth years, which are easy to guess.

7. ATM and Card Skimming Though less frequent than mobile fraud, criminals sometimes place hidden devices at ATMs to steal card details.

Real Impacts on Individuals, SMEs and Corporates

• For individuals: A farmer in Katavi might lose their entire season’s savings after sharing a PIN with a fraudster.

• For SMEs: A small shop in Kariakoo could lose stock money if its mobile wallet is hacked.

• For corporates: A company could suffer millions in losses from a single phishing email instructing payments to fraudulent accounts.

According to the Bank of Tanzania Financial Stability Report 2024, AI-driven fraud detection saved consumers billions of shillings in prevented fraud.

However, reports still show that many users fall victim due to human error— especially by sharing personal information.

Safety Tips for the General Public

1. Never share your PIN or OTP – not even with a spouse, child or close friend.

2. Hang up on suspicious calls claiming to be from a telco or bank. Official staff never ask for your PIN.

3. Use strong PINs and passwords – avoid birthdays, names or repeating digits.

4. Always double-check recipient numbers before confirming a mobile money transfer.

5. Download only official apps from Google Play Store or Apple App Store.

6. Report lost SIM cards immediately to your mobile operator.

7. Check your balance regularly for unfamiliar deductions.

ALSO READ: Mobile money scam attempts decline as ‘Sitapeliki’ campaign bears fruit

Safety Tips for SMEs

1. Use business accounts instead of personal wallets for transactions.

2. Limit access rights – not every employee should have the PIN.

3. Reconcile daily transactions to spot suspicious activities early.

4. Train staff on fraud awareness – prevention is cheaper than recovery.

5. Secure devices – lock business phones and computers with passwords.

6. Avoid unsecured Wi-Fi when making mobile or online banking transactions.

Safety Tips for Corporates

1. Adopt Multi-Factor Authentication (MFA) for corporate banking and email systems.

2. Implement strict approval workflows – no single staff member should authorise large transfers.

3. Verify supplier changes by calling known contacts before updating bank details.

4. Use cybersecurity tools such as firewalls, fraud detection AI and monitoring systems.

5. Develop a Cybersecurity Policy that guides staff on acceptable use and reporting incidents.

6. Partner with trusted providers – work only with regulated banks, mobile operators and fintechs.

7. Regularly conduct cyber drills to test staff readiness.

The Role of Regulators and Service Providers

• TCRA (Tanzania Communications Regulatory Authority) continues to enforce SIM card registration rules and monitor fraudulent SMS.

• Bank of Tanzania (BoT) mandates financial institutions to strengthen cybersecurity under its financial stability frameworks.

• Mobile operators and banks invest in fraud detection systems using AI and machine learning. Yet, technology alone cannot guarantee safety—user awareness is the strongest shield.

The Future of Mobile Money and Banking Safety Tanzania is moving toward 5G, artificial intelligence and open banking platforms. While these bring innovation, they also bring sophisticated risks. Expect:

• AI-powered fraud detection to block suspicious transactions instantly.

• Biometric authentication (fingerprints, facial recognition) to replace PINs.

• Cybersecurity education campaigns to become part of digital literacy, especially in rural areas.

Call to Action

Cybersecurity is not just a technical issue; it is a shared responsibility. Whether you are a boda-boda rider in Mwanza receiving fares through mobile money, a shop owner in Dar managing supplier payments or a corporate executive handling multi-million-shilling transactions, your vigilance is key.

This Cybersecurity Awareness Month, let us all commit to protecting our money and digital trust.

One careless click or shared PIN can destroy years of savings or business growth. Together, we can make Tanzania’s mobile money and banking ecosystem safer for everyone.