Why Security Matters More Than Ever in Cross-Border Payments

Today, cross-border payments amount to trillions of dollars each year. And because so much money flows through these channels, they’ve become a major target for financial fraud, scams, and account compromise worldwide.

Now, things are faster and more accessible than ever. You can pay for services abroad, send money to loved ones, or run a global business right from your phone. But as the process has become easier, it has also become riskier.

Because wherever money moves, fraud follows.

This article is in no way meant to make you afraid. It is, in fact, meant to make you a more informed sender. 

‍

International transfers are becoming a bigger target for scammers, and here’s what they are doing.

A few years ago, fraud in international payments was mostly an institutional problem. Criminals targeted banks and payment networks at scale. Now the attack surface has shifted. Individual senders are increasingly the targets, and the tactics have become sophisticated and easy enough to fool even careful, tech-savvy people.

Here is what the modern threat picture looks like:

Account takeover fraud. Someone gains access to your login credentials through a data breach, phishing email, or credential stuffing (where stolen username/password combinations from one breach are tried across dozens of other platforms). Once inside your account, they can add a new beneficiary and move your money out before you even notice.

SIM swap attacks. A fraudster convinces your mobile carrier to transfer your phone number to a SIM card they control. This gives them access to any SMS-based verification codes sent to your number,  effectively bypassing standard two-factor authentication.

Impersonation. This is harder to defend against because it exploits trust rather than technology. Someone calls posing as your bank or transfer platform, convinces you to share your login details, or walks you through "security steps" that actually grant them access.

Fake transfer platforms. Convincing copycat websites and apps mimic legitimate services. A sender enters their details, authorises a "transfer," and the money disappears into an account they will never recover.

Beneficiary manipulation. In business email compromise (BEC) attacks, a fraudster intercepts email communications between parties and substitutes their own bank details for the legitimate recipient's. The sender thinks they are paying a supplier or landlord; the money goes elsewhere entirely.

Why are your cross-border transfers particularly vulnerable?

Unlike domestic transfers, which are generally easier to reverse or dispute. Your bank knows your patterns, the recipient's bank is in the same regulatory jurisdiction, and there are established mechanisms for fraud recovery.

International transfers are different in almost every way.

Once money crosses a border, it moves through multiple banking systems, often via SWIFT or local payment rails, and lands in an account governed by a different country's laws and regulations. Recovery is difficult, slow, and sometimes impossible. In many cases, even if fraud is detected quickly, by the time a freeze request reaches the destination bank, the funds might have already been withdrawn.

What reliable security should look like in a transfer platform

When you are selecting  a platform for your international transfers, there are a couple of security features you should look out for, and here are some of them: 

End-to-end encryption. Your data and transaction details should be encrypted in transit and at rest. This is a baseline, not a differentiator — any serious platform should have this.

Two-factor authentication (2FA). Any login or account action should require a second form of verification beyond a password, and app-based authentication is always more secure.

Biometric verification. Fingerprint and facial recognition add a layer that is extremely difficult to replicate or steal. Unlike passwords, biometrics are tied to something distinctly and physically identifiable about you, making them a much stronger gate for sensitive actions.

Device binding. Linking your account to a specific trusted device means that even if someone has your login credentials, they cannot approve actions from an unrecognised device without triggering additional verification.

Fraud detection. Good platforms analyse patterns in real time, unusual login locations, sudden changes in transfer behaviour, new beneficiaries added immediately before large transfers, and flag or pause activity that looks out of character.

Transaction confirmation steps. Before money moves, legitimate platforms add checkpoints that review the amount, recipient details, and the purpose of the transfer, giving you a chance to catch errors or spot anything that doesn't look right.

How Pesa is making cross-border transfers safer for users with Keyless Authentication

Pesa has introduced a new layer of security to the platform called Keyless,  and it is worth understanding in detail, because it directly addresses one of the most common ways international transfer accounts get compromised.

Here is the problem Keyless is designed to solve. Passwords alone are not a reliable way to confirm that the person taking an action on your account is actually you. If your password is guessed, phished, or obtained through a data breach, it opens the door to account takeover. 

Keyless works differently. It ties sensitive account actions not just login, but specific high-risk actions like adding a new beneficiary or making changes to your account, to biometric verification on your enrolled, trusted device. Both factors have to be present: your device and your biometrics. Neither is enough on its own.

In practice, this is what it means for a Pesa user:

When you want to add a new beneficiary,  the step that must happen before money can be sent to a new person,  Keyless requires you to authenticate biometrically on your trusted device before that action is approved. Someone who knows your password cannot add a new recipient and send themselves your money without being physically present with your enrolled device and your biometrics.

When you send money to a beneficiary you have already used, Keyless does not slow you down. Regular transfers to known recipients remain fast and simple; the extra verification is reserved for the actions that genuinely warrant it.

If you switch phones, your new device goes through a fresh enrolment process, so your account is not left exposed on an old device. If someone has your phone but not your biometrics, they cannot approve sensitive actions. If someone has your password but not your phone, the same applies.

The enrolment process takes a few minutes and only needs to happen once per device. After that, authentication typically takes less than a minute when it is triggered.

What is notable about Keyless is that it does not make the experience harder in the name of security. Most security upgrades come with a trade-off: more friction for greater protection. Keyless is designed to apply the friction only at the moments that actually matter: the actions that, if performed by the wrong person, could cause real financial harm. Every day transfers to familiar recipients are unaffected.

What you should do on your end to ensure security on your cross-border transactions

Regardless of which platform you use, these habits make a real difference:

Use strong, unique passwords. Do not reuse passwords across accounts. A password manager makes this easier to maintain without memorising dozens of credentials.

Enable biometric login wherever it is available. If your transfer app supports Face ID or fingerprint login, use it. It is both more convenient and more secure than a typed password.

Review your saved beneficiaries regularly. Periodically check the list of recipients saved in your transfer app. If you see any you do not recognise, contact support immediately.

Never share login credentials or verification codes. Legitimate transfer platforms and banks will never ask for your password or a one-time code via phone, email, or chat. If someone claiming to be from your platform asks for this, end the conversation and contact official support directly.

Keep your contact details up to date. If your phone number or email address changes, update it in your transfer app immediately. Outdated contact details can lock you out of account recovery if something goes wrong.

Check your account activity regularly. Most apps show a transaction history and login activity. A few minutes of review each week can catch unusual activity before it escalates.

Use a trusted network. Avoid initiating international transfers on public Wi-Fi. If you must use an unsecured network, a VPN adds a meaningful layer of protection.

‍

Things to watch out for before and after carrying out a transfer

Even with a secure platform, staying alert on your end matters. Be cautious if:

• You receive an unexpected message urging you to complete a transfer urgently
• Someone contacts you claiming your account has been flagged and asks you to move funds to a "safe" account
• A recipient's bank details change at the last minute via email or message
• The rates seem too good to be true.
• You are asked to verify your account by clicking a link in an email rather than going directly to the app or official website.

‍

Security is super important and should always be considered first 

When you send money internationally, you are trusting a platform with something that genuinely matters to you. 

The best transfer platforms understand that speed and low fees are only valuable if the money actually gets where it is supposed to go,  safely, every time. Features like Keyless authentication reflect that understanding. 

So the next time you are about to send money across a border, consider your security first. 

‍