“Protecting the New Digital Wallet from Cybercriminals ”

Cybersecurity and Mobile Banking

Mobile banking is transforming the way Mauritians manage their financial transactions. With the advent of smartphones, cash payments are steadily declining while digital payments continue to gain ground. Telecom operators and banks are at the forefront of this ‘cashlite’ revolution, yet convenience comes with mounting risks. From phishing and fraudulent SMS scams to ransomware and account takeovers, cybercriminals are adapting rapidly. The challenge is clear: innovation must go hand in hand with vigilance to ensure that mobile transactions remain secure.

Shareenah Kalla

The rise of digital payments in Mauritius is undeniable, as are the security challenges linked to it. Two recent events, barely a week apart, clearly illustrate the dilemma. At a press conference held last week, the Mauritius Commercial Bank reported a decline in cash transactions. Among individual clients, cash payments fell from 30% to 27% by the end of December 2025. The bank noted that its customers are increasingly favouring digital payments for their purchases. This trend, commonly referred to as cashlite, gained significant momentum in 2025.

And then on Tuesday, January 20, 2026, Rogers Capital Credit confirmed a major breach of client data confidentiality on the previous day, with sensitive information illegally published on the dark web. The incident followed a December 2025 cyberattack on one of the company’s technology service providers. (Editor’s note: See text in sidebar)

Mobile transactions growing rapidly

Today, the smartphone has become an indispensable tool for Mauritians. This technological device makes everyday life easier: we can check our emails, find locations, and most importantly, carry out purchases through mobile banking transactions. A phenomenon is underway — wallets, credit cards, and even banknotes are being gradually replaced by smartphones. In other words, the mobile phone is establishing itself as our new wallet.

Mauritius Telecom and Emtel, the two telecommunications giants in Mauritius, offer mobile applications — my.t money and blink respectively — that enable banking and digital payment transactions via mobile phones. Emtel emphasizes that mobile payment transactions via blink are proof of a mature, mobile-first ecosystem that seamlessly connects consumers, businesses, and banks through a single digital platform. 

“We enable users to link any or multiple local Mauritian bank accounts and perform real-time financial transactions directly from their smartphone – regardless of their mobile network provider – making it a truly ecosystem-agnostic payment solution,” state Kresh Goomany and Veekash Aukhojee, respectively CEO and Chief Information Officer of Emtel.

Both companies echo MCB’s analysis that banking and payment transactions are experiencing exponential growth. Veemal Gungadin, CEO of Mauritius Telecom, notes that there is a steadily rising daily use of mobile banking. Indeed, he explains that a large number of customers now routinely rely on mobile payments to settle their bills, make transfers, and carry out purchases with merchants.

Kresh Goomany and Veekash Aukhojee of Emtel also note that the volumes and values of mobile payment transactions have risen sharply, reflecting increased confidence in blink and its daily use by both individuals and businesses. They point out that by integrating additional features such as support for UPI QR codes for international payments and auto-payment setup options, blink has made transactions easier not only in a domestic context but also internationally, at no cost. 

“Before the launch of blink, customers were paying up to Rs 75 to transfer money from one bank account to another. Blink reduced these costs to zero,” they explain.

“Cash payments fell from 30% to 27% by the end of December 2025”

The latest figures from the Bank of Mauritius, which show a surge from MUR 22.87 billion in October 2024 to MUR 30.17 billion in October 2025, representing a 32% increase, further underscore the rise in mobile banking and mobile transactions. At the same time, the number of users grew significantly, rising from 1.71 million in October 2024 to 2.12 million in October 2025.

For Veemal Gungadin, since its launch in 2019, my.t money, with its comprehensive ecosystem of services, has revolutionized the payments industry in Mauritius, providing a secure mobile financial services platform that allows consumers to make payments, transfer money, and manage their everyday financial activities directly from their mobile phones. “My.t money was designed to be simple, accessible, and reliable, supporting both individuals and businesses with a constantly expanding range of services,” he explains.

At Emtel, the belief is that the growth in mobile banking is also driven by the fact that more and more merchants are embracing cashless innovation. “Merchant adoption has expanded rapidly, particularly among SMEs, reinforcing the shift from cash to interoperable digital payments,” state Kresh Goomany and Veekash Aukhojee. 

Mobile Banking Fraud and Prevention

Yet, alongside this rapid adoption, new vulnerabilities have emerged. Indeed, the growing use of mobile banking carries significant risks. Both businesses and individuals remain vulnerable to fraud and data theft, often orchestrated by malicious hackers. Law enforcement authorities have also confirmed these concerns. According to DPS Rosanally, “fraudsters are increasingly exploiting the convenience of digital banking.” 

He highlights several of the most common scams. For instance, cardless withdrawal fraud occurs when victims are tricked into disclosing their OTPs or PINs, with fraudsters frequently posing as bank staff or customer support agents. He further explains that fake credit SMS scams involve victims receiving fraudulent text messages claiming that funds have been credited to their account. A subsequent phone call then pressures them to “refund” the supposed amount, leading victims to transfer money without verifying their balance.

Phishing and smishing schemes, which rely on deceptive emails or SMS messages containing malicious links, and are designed to steal sensitive banking information from unsuspecting users, are also a common occurrence. 

DPS Rosanally further stresses that individuals and businesses are not exposed to the same types of mobile banking fraud. Individuals often fall victim to social engineering scams, OTP sharing, and fake refund schemes, whereas companies are more frequently targeted by business email compromise (BEC), ransomware attacks, and large-scale phishing campaigns. 

The modus operandi adopted by hackers also differs. Individuals are typically subjected to emotional manipulation and fraudulent phone calls or SMS messages, resulting in the loss of relatively small amounts of money. Corporations, on the other hand, face technical intrusions and email spoofing, which can lead to substantial financial losses. They may also be exposed to OTP theft and account takeovers.

“Fraudsters impersonate bank representatives through phone calls to deceive users into sharing sensitive information”

These frauds, however, can be prevented. DPS Rosanally advises individuals to never share their OTP or PIN, to verify account balances before issuing refunds, to avoid trusting unknown callers, to carefully check URLs, to use only official banking applications, and to report any suspicious activity. For corporations, he strongly recommends adopting best practices to strengthen fraud prevention and detection systems. He also insists on the importance of investing in employee cybersecurity training, verifying email authentication, implementing dual approval processes for payments, ensuring segregation of duties, conducting regular penetration testing, deploying real-time fraud analytics, securing remote access, and establishing incident response plans.

Mobile Bank Security Challenges

From the perspective of Mauritius Telecom and Emtel, both companies confirm that an increasing number of cybercriminals are targeting mobile banking users. Echoing DPS Rosanally’s concerns, Veemal Gungadin explains: “Globally, cybercriminals exploit phishing via SMS and email, fake banking applications, malware, and public Wi-Fi interception.” He adds that attackers are increasingly resorting to social engineering and credential theft to bypass security measures.

A similar observation is made by Kresh Goomany and Veekash Aukhojee: “Cybercriminals commonly rely on social engineering techniques, including phishing messages designed to steal login credentials.” 

They also draw attention to the fact that fraudsters deploy malicious mobile applications or deceptive URLs that closely mimic legitimate banking or payment platforms, enabling them to intercept credentials and one-time passwords (OTPs). They also note that fraudsters frequently impersonate bank representatives through phone calls in an attempt to deceive users into sharing sensitive information. 

As for Veemal Gungadin, he highlights that with mobile banking adoption now surpassing billions of users worldwide, fraud attempts are becoming increasingly sophisticated, combining technical exploits with human manipulation. He cites examples of successful attacks that exploit user behaviour and compromised identities, rather than weaknesses in the underlying platform technology.

Mobile banking is reshaping Mauritius, driving the country toward a ‘cashlite’ future where smartphones increasingly replace wallets. The convenience and speed of platforms such as my.t money and blink have accelerated adoption among individuals, businesses, and merchants alike. Yet, as law enforcement and telecom leaders warn, this digital revolution comes with rising risks. Fraudsters are adapting quickly, blending technical intrusions with social engineering to exploit unsuspecting users.

The message is clear: while mobile banking offers unprecedented opportunities for financial inclusion and efficiency, its success will depend on vigilance and strong cybersecurity practices. For Mauritians, the challenge ahead is to embrace innovation without overlooking the need for protection – ensuring that the new wallet in our pocket remains both convenient and secure.