By Andrew Bagala
Fraudsters who hacked into the mobile money system and fleeced two banks of billions of shillings used about 2,000 mobile phone numbers to execute the scam, Daily Monitor has learnt.
After hacking into the mobile money payment system, the hackers digitally instructed the banks to transfer billions of shillings to telecommunication companies who in turn remitted the money to the different SIM cards which were seeking payment across the country, just a few hours before the crime was detected at the weekend.
MTN, Airtel, Stanbic Bank and Bank of Africa temporarily suspended their mobile money services after detecting the scam and have since involved police to investigate the crime.
In a joint statement released on Monday, signed by MTN, Airtel and Stanbic Bank chiefs, they said there had been a system incident in which hackers accessed systems of a third party service provider (Pegasus Technologies) thus impacting all mobile money or wallet transactions.
“… the system incident has had no impact on any balances on both bank and mobile money accounts,” the joint statement read in part.
The CID spokesman, Mr Charles Twiine, confirmed police had commenced investigations into the hacking.
“We shall establish whether the unauthorised access caused any losses,” Assistant Superintendent of Police Twiine said yesterday, but declined to give further details on the case.
Banks and telecoms are interlinked through aggregators. Uganda has around six aggregators including Pegasus.
Aggregators facilitate a transaction from the bank to the phone such as buying airtime or paying school fees. Similarly aggregators facilitate operations such as sending money across networks.
MTN has an account at Airtel and vice versa. In between is Pegasus which facilitates transactions across the two telecoms.
When money is being transferred from MTN to Airtel, it is debited from a customer’s account and deposited