A Ghanaian who is now based in London has hinted Techfocus24 that he recently became a victim of fraudulent SIM Swap leading to a whopping GHS250,000 being transferred from his Ecobank account in just one day.
Even though he did not share details of how it all happened, Techfocus24 learnt that the fraudsters were able to swap his MTN e-SIM and used that as a channel to gain access to Ecobank account.
The most shocking part was that the victim had a GHS20,000 daily digital transaction limit on that account and so even if he was the one doing a digital transaction on that account, he was limited to only GHS20,000. But the fraudsters were able to transfer as much as GHS250,000 from that account in less than 24 hours without anyone at Ecobank raising the red flag.
A source close to the victim said they suspect an inside job at both MTN and Ecobank because a staff of MTN played a role in swapping his e-SIM without him being present, as required by their own internal protocols, and some people at Ecobank also ignored the daily transaction limit advice and transferred GHS250,000 from his account in a day.
The victim himself has decided to keep the details of how it all happened from the public because he said the police, MTN and Ecobank are currently investigating the matter.
MTN Acknowledges
At the recent MTN Ghana Media Forum, the CEO, Selorm Adadevoh acknowledged that the matter is a “live case we are investigating in collaboration with the police and Ecobank”, adding that the company will publish the findings once they are done with the investigations.
He also stated that all the selected categories of agents who were allowed some level of access to play a role in the SIM swap process have also had their accesses terminated until MTN figures out what is going on.
Indeed, telcos and banks have been accused of refusing to name and shame their staff who commit such crimes, but accomplices outside of the telcos and banks are often named and shamed.
A case in point – following reports of a similar case, where another man also had his MTN SIM swapped on a Sunday and by Monday, GHS4,000 and $8,000 had been transferred from his two Ecobank Accounts, the police traced the mobile wallets used in transferring those moneys to Kumasi and Assin Fosu.
Eventually, five persons were arrested, including a 17-year-old female student, while one is still at large. All five were arraigned before the law courts and their names and ages were mentioned and published by the media.
But till date, not a single telco or bank staff has been mentioned in any of these cases.
Meanwhile, it has been established that SIM swap can never be done remotely by anyone outside of the telco’s offices. SIM swaps are only possible with the intervention of telco staff and those telco staff can easily be traced since their credentials go along with whatever activity they perform in the system.
Till date, it is not clear whether the telco and bank staff involved have been picked up and are assisting with police investigations or they are also at large.
SIM registration and SIM Swap
But it is also important to state that the ongoing SIM registration may be contributing to the incidents of SIM swap.
Here is how:
The Stage 2 of SIM registration compels applicants to handover their Ghana Card details to persons the National Communications Authority (NCA) has described as “unscrupulous agents”, who then use those Ghana Card details to pre-register SIM cards in the names of the actual owners of the Ghana Cards without their consent.
The agents also use the Ghana Card details to register already-active SIM cards belonging to persons who don’t have Ghana Card and are trying to beat the deadlines and avoid deactivation of their SIMs.
In effect, because some of these users of the active SIM cards have now gotten the names of the actual Ghana Card owners attached to their SIM cards, it has become much easier for them to convince telco staff that they are the owners of the SIM cards they want swapped.
Once the SIM is swapped, they have access to the owner’s phone and can try many things, including even accessing some other details of the owner from the dark web and using that enter their bank account and steal their money.
SIM Swap Procedure
But per each of the telcos’ procedures for SIM swap, the actual owner is either required to be present for the SIM swap (in order to confirm he is the one whose picture is on the Ghana Card), or a super agent of the telcos can make the application on behalf of the customer, once the agent confirms he is the one.
In both cases, the final decision rests with the telco staff who eventually does the actual swapping.
Genuine Mistake of deliberate
Head of Products and Services at MobileMoney Limited (MTN MoMo), Sylvia Otuo-Acheampong recently said that the approval of SIM swap without following due process, could be a genuine mistake on the part of the telco staff and not necessarily a sign that the staff was in cahoots with fraudsters.
This, she said, calls for a holistic education for both telcos staff and customers on how to correctly follow due process and how to figure out the highly-dynamic social engineering tactics of the fraudsters to prevent such unfortunate incidents.
“It is important for our customers to know that even if your SIM card is mistakenly or deliberately swapped, the only way anyone can have access to your mobile money wallet or bank account is when you give them your MoMo PIN and bank account PIN. So, let’s all ensure that our PINs remain a secret.
“We have internal mechanisms to stop fraudsters from having access to your wallet but those internal measures lose their essence once the customer divulges his or her PIN to a fraudster. When it happens that way there is nothing we can do about it,” she said.
Sylvia Otuo-Mensah said MTN is also working on the US$2.5 million artificial intelligence system it promised in 2020 to help fight mobile money fraud more effectively by pre-empting fraudsters based on specific patterns the system is provisioned to pick up.
She said such interventions require collaboration from other stakeholders like the regulator and the security services to ensure it’s successful, so, MTN is working on all of those details before rolling out that infrastructure.