How MTN’s mobile money push into Nigeria was hacked for millions within days

MoMo Payment Service Bank, the new financial services subsidiary of telecoms company MTN Nigeria, suffered a breach in the last week of May just days after launch, reportedly losing 22 billion naira ($53 million.)

 

Advertisement

Nigerian payment service banks operate with a mobile money license reserved for non-bank institutions. They offer deposits and withdrawals, and cross-border remittances. They can issue debit cards, but not credit cards and a fourth of their operations must be in rural areas where most financially-excluded Nigerians live. But according to news reports this week, MoMo PSB lost $53 million following 700,000 unauthorized transfers to about 8,000 accounts in 18 Nigerian commercial banks.

In a statement (pdf), the company said it stopped the transfers after noticing them on May 25, leading to a temporary service suspension that was eased within 24 hours.

Advertisement

The statement did not mention the reported amount lost as a result of the transfers, but says the company has “worked with relevant stakeholders to reverse the vast majority of those wrong transactions, whilst through the legal processes we are working to reverse the remaining.”

Statement by MTN Nigeria’s MoMo Payment Service Bank

“No customer funds were lost and all customer data is secure,” the statement by MoMo PSB’s CEO Usoro Usoro said.

MTN’s MoMo is suing Nigeria’s banks

News reports about the breach cited a court filing that shows MoMo PSB requesting each of the 18 banks to explain how much of the $53 million they received in their customers’ accounts. While conceding that some customers of those banks may have already withdrawn proceeds of the breach, MoMo PSB wants the banks to return whatever remains of the transfers.

Advertisement

MoMo PSB, according to the reported court filing, said the money was withdrawn from a settlement account it maintains with First Bank, Nigeria’s oldest bank and one of the country’s top five by assets. First Bank is one of the 18 being sued by MoMo PSB.

With its lawsuit, MoMo PSB has put the banks on the hot seat to remedy fraud carried out by yet to be identified hackers. But the episode suggests the new bank was vulnerable from the beginning, raising questions about how well MTN prepared for the rollout.

Advertisement

The MoMo PSB hack was probably worse

A senior staff member at one of the 18 banks briefed on the breach told Quartz that the scale of the hack was broader than MoMo has indicated. The initial loss from the error was N36 billion ($86 million) but some banks returned N14 billion within days, and the hack involved more than the 8,000 accounts mentioned, the person said. MTN did not respond to Quartz’s questions about this. MoMo PSB could not be reached for comment.

If true, it represents a stunning baptism by fire for the new company into Nigerian banking where cyber attacks and fraud have increased over the past two years. Banks almost never officially disclose or admit the hacks, but data show it happens: between July and September 2020 alone, Nigerian banks lost N3.5 billion (~$9 million) to fraud, over 534% more than the same period in 2019. Such activities are either done by insiders, former staff, or external hackers.

Advertisement

That a breach would cause MoMo PSB to lose, in days, six times what all Nigerian banks lost in three months is staggering. It is not clear how it happened. The company’s statement curiously described news reports about it as concerning “customer-initiated transfers.” The magnitude of the breach will be a warning to other payment service banks, particularly Smartcash, Airtel’s own PSB in Nigeria approved by the Central Bank of Nigeria together with MoMo PSB, which launches later this week.

Advertisement
citynews

Recent Posts

Tax Reform: AGF Fagbemi To Meet Senate Today

The Attorney General of the Federation (AGF) and Minister of Justice, Lateef Fagbemi (SAN), is expected to…

1 hour ago

Hackers gain control of NBS website

Hackers have gained control of the website of the National Bureau of Statistics, NBS. NBS…

1 hour ago

Serie A: Lookman credits Atalanta for rise to stardom

Ademola Lookman has credited Serie A club, Atalanta for his remarkable rise to stardom, CN…

1 hour ago

Movie review: Seven Doors is intriguing; it rivals Anikulapo in story-telling

Seven Doors surprised me because I never expected the level of storytelling I encountered while watching…

1 hour ago

Nigeria’s Economy Responding Positively To My Policies —Tinubu

President Bola Ahmed Tinubu says indicators have shown that the economy is responding positively to…

2 hours ago

Government funding plan collapses as Trump makes new demands days before shutdown

WASHINGTON (AP) — President-elect Donald Trump abruptly rejected a bipartisan plan Wednesday to prevent a Christmastime government…

2 hours ago