MoMo PSB, according to the reported court filing, said the money was withdrawn from a settlement account it maintains with First Bank, Nigeria’s oldest bank and one of the country’s top five by assets. First Bank is one of the 18 being sued by MoMo PSB.
With its lawsuit, MoMo PSB has put the banks on the hot seat to remedy fraud carried out by yet to be identified hackers. But the episode suggests the new bank was vulnerable from the beginning, raising questions about how well MTN prepared for the rollout.
The MoMo PSB hack was probably worse
A senior staff member at one of the 18 banks briefed on the breach told Quartz that the scale of the hack was broader than MoMo has indicated. The initial loss from the error was N36 billion ($86 million) but some banks returned N14 billion within days, and the hack involved more than the 8,000 accounts mentioned, the person said. MTN did not respond to Quartz’s questions about this. MoMo PSB could not be reached for comment.
If true, it represents a stunning baptism by fire for the new company into Nigerian banking where cyber attacks and fraud have increased over the past two years. Banks almost never officially disclose or admit the hacks, but data show it happens: between July and September 2020 alone, Nigerian banks lost N3.5 billion (~$9 million) to fraud, over 534% more than the same period in 2019. Such activities are either done by insiders, former staff, or external hackers.
That a breach would cause MoMo PSB to lose, in days, six times what all Nigerian banks lost in three months is staggering. It is not clear how it happened. The company’s statement curiously described news reports about it as concerning “customer-initiated transfers.” The magnitude of the breach will be a warning to other payment service banks, particularly Smartcash, Airtel’s own PSB in Nigeria approved by the Central Bank of Nigeria together with MoMo PSB, which launches later this week.