Connect with us


Business and Brands

How MTN’s mobile money push into Nigeria was hacked for millions within days

Published

on

MoMo Payment Service Bank, the new financial services subsidiary of telecoms company MTN Nigeria, suffered a breach in the last week of May just days after launch, reportedly losing 22 billion naira ($53 million.)

 

Advertisement

A customer being attended to from the window of a bus by an MTN agent

Nigerian payment service banks operate with a mobile money license reserved for non-bank institutions. They offer deposits and withdrawals, and cross-border remittances. They can issue debit cards, but not credit cards and a fourth of their operations must be in rural areas where most financially-excluded Nigerians live. But according to news reports this week, MoMo PSB lost $53 million following 700,000 unauthorized transfers to about 8,000 accounts in 18 Nigerian commercial banks.

In a statement (pdf), the company said it stopped the transfers after noticing them on May 25, leading to a temporary service suspension that was eased within 24 hours.

Advertisement

The statement did not mention the reported amount lost as a result of the transfers, but says the company has “worked with relevant stakeholders to reverse the vast majority of those wrong transactions, whilst through the legal processes we are working to reverse the remaining.”

READ ALSO:   Tax Harmonisation: FIRS Signs MoU with LIRS for Joint Tax Operations and Audit
image of statement by MTN's MoMo PSB
Statement by MTN Nigeria’s MoMo Payment Service Bank

“No customer funds were lost and all customer data is secure,” the statement by MoMo PSB’s CEO Usoro Usoro said.

MTN’s MoMo is suing Nigeria’s banks

News reports about the breach cited a court filing that shows MoMo PSB requesting each of the 18 banks to explain how much of the $53 million they received in their customers’ accounts. While conceding that some customers of those banks may have already withdrawn proceeds of the breach, MoMo PSB wants the banks to return whatever remains of the transfers.

Advertisement

MoMo PSB, according to the reported court filing, said the money was withdrawn from a settlement account it maintains with First Bank, Nigeria’s oldest bank and one of the country’s top five by assets. First Bank is one of the 18 being sued by MoMo PSB.

READ ALSO:   Breaking: Bola Tinubu Visits Powerful Northern Politician, Senator Wamakko

With its lawsuit, MoMo PSB has put the banks on the hot seat to remedy fraud carried out by yet to be identified hackers. But the episode suggests the new bank was vulnerable from the beginning, raising questions about how well MTN prepared for the rollout.

Advertisement

The MoMo PSB hack was probably worse

A senior staff member at one of the 18 banks briefed on the breach told Quartz that the scale of the hack was broader than MoMo has indicated. The initial loss from the error was N36 billion ($86 million) but some banks returned N14 billion within days, and the hack involved more than the 8,000 accounts mentioned, the person said. MTN did not respond to Quartz’s questions about this. MoMo PSB could not be reached for comment.

If true, it represents a stunning baptism by fire for the new company into Nigerian banking where cyber attacks and fraud have increased over the past two years. Banks almost never officially disclose or admit the hacks, but data show it happens: between July and September 2020 alone, Nigerian banks lost N3.5 billion (~$9 million) to fraud, over 534% more than the same period in 2019. Such activities are either done by insiders, former staff, or external hackers.

Advertisement
READ ALSO:   Top 10 reasons why your Schengen visa may get rejected

That a breach would cause MoMo PSB to lose, in days, six times what all Nigerian banks lost in three months is staggering. It is not clear how it happened. The company’s statement curiously described news reports about it as concerning “customer-initiated transfers.” The magnitude of the breach will be a warning to other payment service banks, particularly Smartcash, Airtel’s own PSB in Nigeria approved by the Central Bank of Nigeria together with MoMo PSB, which launches later this week.

Advertisement
Advertisement

Also Read...