Kenyan Court Rules Banks, Telcos Liable in $34,000 SIM Swap Fraud Case

Kenya’s High Court has ruled that Diamond Trust Bank and Safaricom must both shoulder responsibility for a $34,000 SIM swap fraud that drained a customer’s account in 2022, in a judgment that raises the bar for how banks and telecom operators are expected to guard against mobile money theft.

The case centred on Mercy Wairimu Kariuki, a DTB customer who woke up on February 8, 2022 to a stream of alerts showing that KES 4.4 million had been withdrawn from her account overnight. The theft came two days after fraudsters hijacked her Safaricom line through a SIM swap she had already reported and believed had been resolved.

Justice Asenath Ongeri, sitting in Machakos, upheld a lower court’s decision to split liability between the two companies, rejecting arguments from both sides that the other’s failures broke the chain of responsibility. DTB was ordered to pay Kariuki KES 1,788,601, about $13,800, while Safaricom was ordered to pay KES 2,630,000, about $20,300, reflecting a 40:60 split.

According to the ruling, fraudsters swapped Kariuki’s SIM on February 6. She reported the incident to Safaricom customer care the same day after noticing suspicious alerts, but the swap went through anyway. Her line was restored the next day at a Safaricom shop, but by the morning of February 8, her DTB account had already been emptied through a mix of mobile banking transfers and Pesalink withdrawals. The transactions were structured to stay just under the bank’s KES 2 million daily limit by straddling a weekend reset.

DTB argued in its defence that its systems worked exactly as designed since every disputed transaction followed a correct PIN entry. The bank also argued that the SIM swap itself was an intervening act that should have severed its own liability. Ongeri dismissed both arguments, writing that a bank cannot hide behind a customer’s PIN when faced with a series of transactions so unusual that a reasonable banker would have been prompted to investigate further. She pointed to the rapid succession of transfers to unrelated accounts and phone numbers as red flags the bank should have caught.

SEE ALSO:OpenAI Academy in Nairobi: What Ruto’s Meeting With Sam Altman Reveals About Kenya’s AI Strategy

The court was similarly unmoved by DTB’s claim that part of the fraud fell outside normal monitoring because it occurred over a non business day, noting that banking systems now run on an automated basis around the clock and that simply staying under a transaction ceiling does not satisfy a bank’s broader duty of care. Ongeri treated the daily limit reset not as a safeguard working in the bank’s favour but as evidence of the very vulnerability it was supposed to guard against.

Safaricom’s cross appeal against its larger 60 percent share of liability was dismissed on similar grounds, with the court declining to treat the SIM swap and the withdrawals that followed as separate events with separate causal chains. Ongeri ruled that both companies owed Kariuki concurrent and independent duties of care, drawing on prior precedent on bank liability and on the threshold for flagging suspicious transactions.

The ruling lands at a moment when SIM swap fraud remains a persistent threat across Kenya’s mobile money linked banking system, and it undercuts arguments that telecom operators and banks can treat fraud prevention as belonging to separate regulatory lanes.

For lenders, the message is that a system capable of waving through an unusual fraud pattern without human review no longer counts as a defence on its own.

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
JimVio Is Turning Creators into AI Powered Businesses

Beyond Likes and Views: Rwanda’s JimVio Is Turning Creators into AI Powered Businesses

Next Post
Google LiteRT.js

Google launches LiteRT.js to bring faster AI to web browsers with local processing

Related Posts