1. Purpose and Commitment

Pebuu (“we”, “us”, or “our”) operates across Uganda, Tanzania, Kenya, Democratic Republic of Congo (DRC), Zambia, Zimbabwe, South Africa, Ghana, Nigeria, and Ethiopia. We are committed to safeguarding our systems, protecting customer and partner data, and ensuring the integrity of our financial and operational services across Africa.

This Security & Fraud Awareness Policy affirms our commitment to:

• Comply with all applicable national laws in our operating countries, including but not limited to:
  • Uganda – Data Protection and Privacy Act (2019), Computer Misuse Act (2011), Anti-Money Laundering Act (2013), Bank of Uganda Guidelines.
  • Tanzania – Personal Data Protection Act (2022), Cybercrimes Act (2015), Anti-Money Laundering Act (2006), Bank of Tanzania Regulations.
  • Kenya – Data Protection Act (2019), Computer Misuse and Cybercrimes Act (2018), Proceeds of Crime and Anti-Money Laundering Act (2009), Central Bank of Kenya Guidelines.
  • DRC – Law No. 18/019 on the Protection of Personal Data (2018), Anti-Money Laundering and Counter-Terrorist Financing regulations.
  • Zambia – Data Protection Act (2021), Cyber Security and Cyber Crimes Act (2021), Bank of Zambia Directives.
  • Zimbabwe – Cyber and Data Protection Act (2021), Bank Use Promotion and Suppression of Money Laundering Act.
  • South Africa – Protection of Personal Information Act (POPIA, 2013), Cybercrimes Act (2020), Financial Intelligence Centre Act (FICA).
  • Ghana – Data Protection Act (2012), Cybersecurity Act (2020), Anti-Money Laundering Act.
  • Nigeria – Nigeria Data Protection Act (2023), Cybercrimes (Prohibition, Prevention, etc.) Act (2015), CBN Anti-Money Laundering Regulations.
  • Ethiopia – Personal Data Protection Proclamation (2023), Computer Crime Proclamation (2016), National Bank of Ethiopia Directives.
• Align with regional and continental frameworks, including the AU Convention on Cyber Security and Personal Data Protection, and relevant EAC, COMESA, and SADC security and privacy protocols.
• Implement robust security measures and a zero-tolerance approach to fraud across all Pebuu services, including agent banking, merchant management, cash-in/cash-out services, last-mile logistics, and embedded finance solutions.

 

2. Security Framework

Pebuu employs administrative, technical, and physical controls to protect the confidentiality, integrity, and availability of all information assets under our management.
Measures include:

• Data encryption at rest and in transit.
• Role-based access controls and multi-factor authentication.
• Secure infrastructure in line with national ICT security standards (NITA-U, CAK, SITA, and equivalent authorities).
• Regular penetration testing and vulnerability assessments.
• Physical access controls at Pebuu offices, data centers, and regional hubs.

 

3. Employee, Agent, and Partner Responsibilities

• All Pebuu employees, contractors, field agents, and authorized partners must comply with this policy and applicable national regulations.
• All personnel must complete mandatory security and fraud awareness training at least annually.
• Access to sensitive data is granted only on a need-to-know basis and monitored for anomalies.
• All suspicious activity must be reported immediately to Pebuu’s Security Team.

 

4. Fraud Prevention and Detection

Pebuu actively monitors for:

• Unauthorized account access.
• Agent/merchant impersonation.
• Fraudulent reversals or cash handling discrepancies.
• Phishing, smishing, and social engineering attempts.

We use:

• Real-time transaction monitoring.
• AI-powered fraud detection algorithms.
• Geo-tracking for field agents and merchants.

 

5. Customer, Agent, and Merchant Responsibilities

• Protect login credentials, PINs, and authentication devices.
• Report lost or stolen devices immediately.
• Avoid sharing passwords or PINs with unauthorized persons.
• Stay alert to fraudulent messages or impersonations.

 

6. Incident Response and Reporting

• All breaches or fraud cases will be reported promptly to the relevant national authorities in the affected jurisdiction.
• For cross-border incidents, Pebuu will coordinate with regional law enforcement and regulatory bodies.
• Customers affected by incidents will be notified promptly, and mitigation steps will be taken without undue delay.

 

7. Enforcement and Legal Action

Any Pebuu employee, agent, merchant, or third party found guilty of:

• Unauthorized access,
• Data theft,
• Fraudulent activity, or
• Breach of confidentiality
  will face disciplinary action and possible criminal prosecution under the laws of the country where the offense occurred.

 

8. Policy Review

This policy will be reviewed annually or when there are:

• Changes in national laws in our operating countries,
• Significant security threats, or
• New service offerings.

Updates will be published on www.pebuu.com and communicated to all employees, agents, and stakeholders.

 

Security Reporting Contacts
Email: findus@pebuu.com