Blog

After a few days into the Nigerian market, the MTN mobile money service MoMo PSB was hacked, and as much as $86 million was diverted. But like many other financial institutions in recent times, MTN chose to keep the news of the fraud attack from the public.

MoMo Payment Service Bank, popularly known around many parts of Africa as MoMo PSB, is a new financial services subsidiary of telecoms giants – MTN. Just a few days after the company introduced the service in Africa’s most populous Black Nation, Nigeria, it suffered a breach.

Some Sources reported that MTN Nigeria lost over 22 billion naira ($53 million) to the fraud attack. But sources claim that the total loss was to the tune of $86 million.

Is MTN MoMo PSB Government Recognised?

To operate a mobile money payment of financial service in Nigeria, a company must obtain the mobile money license reserved for non-bank institutions in the country.

With the license, companies can offer a range of services, including deposits, withdrawals, and even cross-border remittances. They are even allowed to issue debit cards, but must ensure that the majority of their operations are targeted in the rural areas of the country where many of the financially-excluded citizens live.

The initiative is supported by the Central Bank of Nigeria in its drive to improve financial inclusion in the country and bank the unbanked.

How Did the Fraud Attack Occur?

According to sources, just a few days after its launch in Nigeria, MoMo PSB lost millions of U.S. dollars as a result of about 700,000 unauthorized transfers to about 8,000 accounts domiciled in 18 Nigerian commercial banks.

In an official statement released by MTN Nigeria, the company said it stopped the transfers after noticing them on May 25. The company needed to release a statement because the action caused a temporary service suspension that caused panic among customers, even though it was eased within 24 hours.

However, the statement did not reveal the truth that the MTN MoMo PSB lost millions of U.S. dollars to hackers or how much was lost. Instead, it said that they are working “with relevant stakeholders to reverse the vast majority of those wrong transactions, whilst through the legal processes we are working to reverse the remaining.”

“No customer funds were lost and all customer data is secure,” the statement by MoMo PSB’s CEO Usoro Usoro said. In essence, the statement did not deny categorically that funds were not lost. Rather it assured its customers that their funds and data were secure.

MTN Blamed the Nigerian Banks

Although MTN did enough to manage the situation from the media and maintain customer confidence, it sued the affected Nigerian banks to court. There were news reports that MTN filed a case in court against 18 Nigerian banks, requesting them to explain how much of the hacked money they received in their customers’ accounts.

Although they agreed that some customers of those banks may have already withdrawn the proceeds of the breach, MoMo PSB wanted the banks to return whatever remains of the transfers.

According to a report by Quarts in June, MoMo PSB said the money was withdrawn from a settlement account it maintains with First Bank, Nigeria’s oldest bank and one of the country’s top five by assets. First Bank is one of the 18 being sued by MoMo PSB.

With its lawsuit, MoMo PSB has put the banks on the hot seat to remedy fraud carried out by yet-to-be-identified hackers. But the episode suggests the new bank was vulnerable from the beginning, raising questions about how well MTN prepared for the rollout.

MTN Told a White Lie to Save MoMo PSB

According to the report, the MoMo PSB hack was worse than was reported, and it appears there was much more than meets the eye. According to the report, a senior staff member at one of the 18 banks briefed on the breach told Quartz that the scale of the hack was broader than MoMo has indicated.

The initial loss from the error was N36 billion ($86 million), but some banks returned N14 billion within days, and the hack involved more than the 8,000 accounts mentioned, the person said. MTN or MoMo PSB did not respond to Quartz’s questions about the comments made by the senior bank official.

However, some financial analysts believe that MTN told a ‘white lie’ to save the PSB as it risked losing its customers if it was revealed that a hack was experienced.

Fraud Attacks in the Financial Sector

Earlier this week, we reported How Hackers Stole $11 Million from 12 African Countries Overnight. Unfortunately, the cases of fraudulent attacks in the financial sector are on the rise – especially within the last couple of years.

However, Banks and other financial institutions almost never officially disclose or admit the hacks. Still, data show it happens: between July and September 2020 alone, Nigerian banks lost N3.5 billion (about $9 million) to fraud, over 534% more than in the same period in 2019. Experts claim that such activities are mostly carried out by insiders, former staff, or external hackers.

Massive Loss for MTN MoMo PSB

It is disheartening that MTN MoMo PSB lost in a couple of days, six times what all Nigerian banks lost in three months.

It is still unclear how the hacks were carried out, but critics believe clarity would save them and the financial sector in general from further sophisticated attacks. The company has stuck to its decision to report in the media that the hacks were “customer-initiated transfers.”

It appears that in making the decision, MTN decided to safeguard the customer base rather than exposing the hack, which may lead to losing the customer confidence in the security of the funds with MTN MoMo PSB. It is safe to say, however, that there is no doubt that measures have been taken to ensure that such hacks do not occur in the future.

What are your thoughts?