×
The Standard e-Paper
Home To Bold Columnists
The Standard Group Plc is a multi-media organization with investments in media
platforms spanning newspaper print operations, television, radio broadcasting,
digital and online services. The Standard Group is recognized as a leading
multi-media house in Kenya with a key influence in matters of national and
international interest.
Audio By Vocalize
The most vulnerable aspect of Kenya’s digital economy is not payments or transactions; it is the onboarding process. Every day, millions of users open accounts, register for services, and access platforms remotely.
This moment, when a system verifies a user’s identity, sets the stage for everything that follows. If this decision is incorrect, the entire system inherits the associated risks.
Kenya’s digital growth has made this moment more critical than ever. Mobile money penetration has reached approximately 82.3 percent of the population, while financial inclusion stands at 84.8 percent of adults.
Access is no longer the constraint. The challenge is verifying identity at scale, in real time, across services that operate independently. The data shows where the pressure is building. Fraud cases in Kenya’s banking sector increased from 173 in 2023 to 353 in 2024, with reported losses reaching approximately Sh1.5 million to Sh1.6 billion. More importantly, risk is shifting earlier in the digital journey.
Around 4.4 percent of account creation attempts are now suspected to be fraudulent, making onboarding the most exposed stage of the customer lifecycle. This issue is not just about increased fraud; it highlights a fundamental weakness in how digital systems establish trust at the start of a user relationship.
In reality, the onboarding process often depends on methods that were not designed for remote and high-volume settings. Document uploads, manual verification, and static database checks can validate information, but they cannot effectively confirm whether a real person is present during the registration process. Therefore, they are unable to verify identity reliably.
This leads to a predictable outcome: a fraudulent identity that successfully passes the onboarding process is treated as legitimate throughout the system. All transactions, access requests, and account activities rely on that initial decision.
By the time any suspicious behaviour is detected, the damage has already begun. Kenya’s mobile money ecosystem illustrates how scale amplifies this risk. Transaction values reached approximately Sh8.7 trillion in 2024, reflecting the extent to which digital financial services are embedded in everyday activity.
At the same time, mobile banking fraud exposed over Sh981 billion, with losses exceeding Sh 810 million. These figures do not point to a failure of digital adoption. They point to a gap in how users are verified at entry.
The overall increase in threat activity further supports this pattern. The Communications Authority of Kenya reported 7.9 billion cyber threat events in the first eight months of 2025, more than double the amount recorded during the previous year.
As digital services continue to grow, the number of attempts to exploit identity vulnerabilities rises. The issue isn’t that systems fail after onboarding; rather, they rely too heavily on a single, often unreliable verification step at the beginning.
This is where AI and biometric verification come into play. The goal during onboarding is straightforward but challenging: to confirm that a real person is present and that they match a trusted identity. Biometric verification enhances this process by leveraging facial recognition and liveness detection to distinguish a real user from a spoof attempt. Additionally, AI strengthens verification by identifying inconsistencies, detecting manipulations, and adapting to emerging fraud patterns in real time.
The benefits of these technologies are not merely theoretical; they are practical. They significantly reduce the likelihood of accepting fraudulent identities at the point of entry, thereby decreasing downstream risk across the entire system.
However, improving onboarding involves not only enhancing accuracy but also ensuring consistency. Today, users often repeat the same verification process across multiple platforms.
A person verified by one institution may still need to start from the beginning at another institution. Each new onboarding process creates another opportunity for error or exploitation. When systems do not recognize previously verified identities, they increase friction for legitimate users and expose them to fraud.
Stay informed. Subscribe to our newsletter
Addressing this requires a shift in how onboarding is designed. Verification should not start from zero each time a user interacts with a new service.
It should build on trusted identity signals that can be applied across platforms, while still meeting regulatory requirements. This is the context in which Identy.io operates. The focus is not on identity in the abstract, but on improving how identity is established during onboarding.
By combining biometric verification with AI- driven analysis, the approach enables organisations to remotely confirm user identity using standard devices, without specialised hardware or manual processes. In practical terms, this allows institutions to strengthen onboarding without adding unnecessary friction.
Users can be verified quickly, while systems gain greater assurance that the identities being created are legitimate. Regulatory expectations in Kenya are continually evolving. The Data Protection Act (2019) and the Computer Misuse and Cybercrimes (Amendment) Act (2023) outlines specific requirements for the collection, processing, and storage of personal and biometric data.
This legislation holds organisations accountable for ensuring their onboarding processes are not only secure but also compliant with principles such as consent and data minimisation. Any approach to digital onboarding must operate within this framework.
Security without trust will not be sustainable, and establishing trust relies equally on both governance and technology. Kenya’s digital economy has already shown the possibilities that arise when access barriers are lowered.
The next phase will hinge on how effectively systems can build trust at the point where users first engage with them. Onboarding is no longer just a routine step; it is the moment when digital relationships are established.
What makes Identy.io’s approach distinct in the Kenyan market is on-device biometric processing: identity verification occurs on the user’s own smartphone, with no biometric data transmitted to or stored in a centralised cloud server.
This directly addresses Kenya’s dual challenge of cybersecurity risk and patchy connectivity. While conventional identity architectures depend on centralised databases and often require specialised capture hardware, Identy.io runs on standard Android and iOS devices—the phones already in people’s pockets.
- The writer works at Identity.io
Subscribe to our newsletter and stay updated on the latest developments and special offers!
join