The State of African Fintech Fraud - H2 2023
A collation of everything you need to know | Vol 47 | Oct 31st, 2023
Last week we had a debate in the Fintech Slack Community about this post
Someone ( not sure the gender or if it’s a bot) claimed to have the ability to access anyone’s bank account, not just that, but also debit 2 digits from the account. She threw a challenge to those proving her wrong and no one took it. 👻
As if that was not enough, the following week this happened :
😲🤔🤯.. this is all we felt at the same time.
If this preamble is enough to pique your interest then join us to explore this edition.
Ready?👟🔭
The African Fintech State of Fraud - 2023
If you work in Fintech in Nigeria, and you have not gone off-grid, perhaps to visit your Grand mum, you’ll know that this subject of fraud and hacking has been trending for the past 2 weeks.
To find out how pervasive the issue was, we did a quick search on our Insights DB and we found about 11 incidences of fraud leading to a loss ( confirmed or unconfirmed) in the African Financial space.
How exactly does this happen? A Product Manager shared his personal story reacting to a LinkedIn post by the CEO of Lendsqr on the matter.
He further confirmed he had done the due diligence to follow up for recovery and to date, the bank, Fintech, and Regulatory stakeholders had done nothing.
What exactly is enabling this to happen in the 1st place? 👇🏽
📌Thought 1: There is this thing called a Tier 1 account. People can open this ( or it is automatically opened) without any ID of any sort. It is alleged that these hackers open like 10 or 15 accounts per time. So what then? isn’t that account supposed to be almost useless? 🤔
Guess what? BIG, FAT - NO!!
📌Thought 2: Apparently you can deposit or withdraw a maximum of N50k daily and you can save( 😲) up to N300k in that unidentified account.
For context 50k is above the monthly minimum wage in Nigeria. So if you can withdraw above the monthly minimum wage per transaction, surely you can get an ID and open a regular account.
📌last Thought: So it appears that is what they do, find a way( and this can mean many scary things) to gain access to the customer’s account and transfer it out to these loose accounts, and from there ✈️Otilo.. (google the meaning 😉)
🚫 Now before you start the sermon, this isn’t an African or Nigerian thing. Neobanks all over the world have faced or are facing something similar.
A 2023 article by Finextra stated that… ‘'Fraud complaints against Starling, Revolut and Monzo have increased at a rate higher than customer growth’
What are Banks doing?
The week before, there were confirmed reports that Banks had disabled transfers to some Neobanks to stem the tide of the fraud.
Also, a Nigerian Bank reportedly froze the accounts of not 10, 20, or 100.. but 500 accounts belonging to USDT traders as it was alleged that the stolen funds were used to buy USDT
What can the Fintech Ecosystem do?
👉🏽Fintech PMs and Founders: Please review and refresh authentication on your APIs. I know this doesn’t sound as sexy as entering the latest accelerator or collecting yet another strange award, but it will help you and your customers. The same thing goes for sensitive information in clear text that is on your Server Desktops and DBs.
👉🏽Fintech Users: Protect yourself by layering your accounts, do your due diligence when you choose a Neo bank, and put custom limits on your salary accounts so large amounts can’t be transferred if they get into the wrong hands.
👉🏽Fintech Regulators: It is time to harden the controls on the Tier 1 account. If they are really meant for the minimum wage workers who can barely save, then let the limits reflect this. Just this change can reduce fraud by a whole lot!
👉🏽Fintech Investors: Educate yourselves on this occurrence, it is time to lead Fintechs in your portfolio with empathy and assist to ensure they adhere to necessary governance to mitigate this.
👉🏽Fintech People and HR leads: 📢The Office is your Family Slogan should not prevent you from thorough background checks and swift measures to remove access when employees resign. This is a good week to check how many exes still have fingers in your code and Databases.
Interested in other perspectives on this matter? I recommend you read this well-written article by Deji Olowe where he likens the fraud, victim-shaming and all to a rape incident. 👉🏽 here
I wanted to also write about something else, but all this talk about fraud and hacks had left me wondering if I should withdraw the N8900 naira I have left in one microfinance bank and store it in my mattress.
I’ll tell you what I decide. 🤔
The Weekly Roundup
Finally, on today’s dashboard, these are 7 highlights that describe how the ecosystem made strides last week amidst all the attempts to undermine it.
My favourites are, a Ghana-based Fintech that has been crushing it this year - They raised 2M USD equity from Domestic Investors. My Easy Transfer from Tunisia also raised almost 500k USD and PAPSS scored a major one sealing a deal outside the continent for Intra-Region payments with the Caribbean Community of Central Banks.
And that is all for this week’s newsletter. Stay safe and talk next week.👋🏽
The PaymentLogue is a Fintech Insights Company. We enable a skilled Fintech ecosystem via -
The School of Fintech - which provides structured learning for Fintech.
The Fintech Open House - hosting Fintech experts as they dissect complex subjects from their vast experiences.
This Newsletter- which provides Fintech news analysis focused on Africa.
A community hosting the largest gathering of skilled Fintech professionals.
Interesting post here payment logue. Everyone should tighten their securities (Banks and FinTechs) and implement Zero trust on their APIs. This will help reduce implicit trust on the platforms which gives hackers easy access to funds.
Its very sad to witness people lose their hard-earned money due to insecure systems.
This was such an enlightening read! 🙌🏾