Flutterwave suffers another mega loss as it loses ₦11 billion to security breach, where the culprit diverted billions of naira into many bank accounts. This happened a month after the company obtained a court order to refund $24 million that it lost to an unauthorised POS transaction.
An insider with direct information on how the incident happened said that in April 2024, the criminal illegally transferred over ₦11 billion to different bank accounts. Another insider claimed that the amount that was transferred was more than ₦11 billion but up to $13.5 million.
In an interview with TechCable, Flutterwave said.
“As is common in the financial services industry, there will always be attempts by bad actors to compromise the security of systems set up to protect and monitor services.”
“In April, we detected unauthorised activities inconsistent with usual customer behaviour on one of our platforms used by a small subset of our customer base.”
The company did not mention how much money was lost, but it stated that “no customer funds were lost or compromised, and the confidentiality of our customers’ data remains intact.”
According to one insider, the incident happened undetected. The person involved kept transferring the cash in small amounts to avoid triggering a fraud alert. The cash was transferred and kept in an investigation at five different institutions for over four days before it was detected.
The same person also hinted that the matter had been reported to the law enforcement agency and that an investigation had already begun.
Flutterwave initiated an investigation and requested that the KYC details of the accounts that received the money be temporarily restricted. Two executives in financial services shared the information and confirmed the incident.
System breaches happen in such a way that the parties involved hide the transfer of cash to several unsuspended accounts. Sometimes, the details of the users of this account are gotten online through social engineering and later utilised to generate automated bulk transfers.
One of the highly placed staff members said that the April breach appeared distinct. He suggested that an organised network be used to divert the money.
“The perpetrators appeared to transfer the money to random accounts but those same accounts would also transfer money to other accounts, who then sent it back to the first beneficiary account, [in a sort of round trip].”
This has led to many bank accounts being frozen for illegal transfers from Flutterwave.
In October 2023, over 6,000 account owners in 35 different banks received over ₦19 billion through illegal transfers through unauthorised transactions by POS merchants. This is the fourth unauthorised transfer at Flutterwave in fourteen months.
Another breach occurred in March 2023, when over 170 bank accounts in 27 banks received ₦550 million. In February 2023, over 170 bank accounts in 27 banks received ₦2.9 million.
The good news is that identifying the culprit won’t be so hard after all this time because the Central Bank of Nigeria has ordered all financial institutions to require all their customers to use either their BVN or NIN number to open any accounts. Which will make it easier to identify the culprit.
Discover more from Infodorm
Subscribe to get the latest posts sent to your email.