A Kenyan High Court sitting in Machakos has ruled that Diamond Trust Bank Kenya Limited (DTB) must bear 40% liability for KES 4,418,601 fraudulently withdrawn from a customer’s account in a SIM swap case.
Safaricom will bear 60% liability and has been ordered to pay KES 2,630,000.
The case arose after Mercy Wairimu Kariuki, a DTB customer, had her Safaricom line compromised through a SIM swap on February 6, 2022. She reported the incident to Safaricom immediately and had her line restored the following day.
However, on February 8, 2022, Mercy received SMS alerts showing that KES 4,418,601 had been withdrawn from her bank account.
Over a period of 3 days, money was transferred in different instances from the victim’s account to other bank and mobile money accounts. These fraudulent transactions had occurred via DTB’s mobile banking platform and Pesalink and were staggered to avoid hitting limit rates.
Initially, a suit was heard at the Chief Magistrate’s Court in Mavoko, which delivered judgment on March 26, 2024. The trial court was the one that initially apportioned liability at 60% against Safaricom and 40% against DTB.
According to court documents, the two institutions were “liable for a breach of duty of care.”
READ: How Africa’s Mobile Money Boom Faces Rising Fraud Risks
DTB appealed to the High Court in Machakos, while Safaricom filed a cross-appeal challenging its own 60% liability apportionment.
Safaricom’s cross-appeal specifically sought to overturn its larger share, arguing that its role is limited to providing telecommunications infrastructure and that it has no visibility over transactions on the bank’s platform.
Kenya’s largest telco’s appeal was rejected, with the court finding that its actions in permitting the SIM swap were “a direct and proximate cause of the loss.”
PIN Not Sufficient in SIM Swap Events
In its ruling, the high court found that DTB could not avoid responsibility simply because the fraudsters had entered the correct PIN. PIN entry alone is not sufficient proof of a legitimate transaction.
“A bank is expected to exercise reasonable care and cannot simply rely on the fact that a transaction was initiated using the correct PIN if there are other suspicious circumstances,” wrote High Court Judge Asenath Ongeri.
In addition, it held that a bank “cannot hide behind a customer’s PIN” when confronted with transactions that are “so glaringly out of the ordinary that a reasonable banker would have been put on inquiry.”
The judgement also rejected DTB’s claim that some transactions occurred on a non-business day and therefore escaped human oversight.
The court held that “the banking system operates on an automated 24/7 basis,” meaning the bank remained obligated to monitor and flag suspicious activity regardless of the day of the week.
Although the SIM swap enabled the fraud, the bank’s failure to act on clear warning signs, such as rapid withdrawals to multiple unrelated accounts, was found to be “equally an operative cause of the loss.”
After dismissal of the appeal and cross-appeal, Mercy Wairimu Kariuki is set to be paid by the 2 institutions.
























