BY Xpress Times Reporter
Woes, woes and woes! It’s lately the order of the day at Dfcu Bank. For starters, the genesis of Dfcu’s woes dates back in 2017 when BOU gave out the Crane Bank fraudulently to the Dfcu.
Crane Bank Shareholders have strongly contested their Bank’s Assets UGX1.3 trillion to DFCU at a paltry UGX200bn. Until now the Central Bank (BoU) faces Lawsuit and they must face punishment for their (BOU) sins.
In May 2019 DFCU bank detected a case of fraud which was reported to CID head offices at Kibuli in Kampala and a general inquiry file was opened- (CID HDQTRS GEF 604/2019) to aid in investigations. DFCU had chosen to remain tight lipped about the case.
It only took media reports and the resultant pressures for the financial institution officials to comment. Their only considered comment was to dismiss as malicious and grossly misrepresented information, and that, that was to damage the reputation of the banking house.
Truth be told the Bank had by July 2019 lost over $2.6m dollars that belonged to customers as saving with DFCU bank. A separate fraud detail was from media reports whose details were the execution, identities of the bank’s branches that were affected.
This compelled Uganda Police to come out to acknowledge that it had launched investigations into the matter. The case was related to breach of the bank’s system though case was treated as highly concealed for fear of losing customers. Lately the Bank (Dfcu is at it again.
This time the Bank has issues where telcoms MTN and Airtel and the National Identification Registration Authority (NIRA) are involved in the such scandals of identities and hacking into the bank and money lost $2.6 m\mysteriously from customers saving.
This is a story of how external individuals (hackers) could have masterminded the fraud at DFCU. The investigation reveals shocking details of which companies and government institution are involved in facilitating the scam.
Sources listed giant telecoms – MTN ,Airtel and also the National Identification Registration Authority (NIRA) as key entities used to extract information to help in execution of the fraud. The criminals connived with bad elements in these institutions (above) to access data.
“The hackers needed the following information, customers ID e,g nation ID and passports no, names account number, telephone contact and date of birth,” said a source. Our investigation reveals that after obtaining such details it was easy for the culprits to log into DFCU website or download the bank’s wallet application and register for mobile banking and start transacting right away.
“Here the most important thing is the telephone number. It has to be swapped first,” a source says, and that is how telecom firms mostly MTN and Airtel come in. Conniving with wrong elements in MTN and Airtel, customers’ numbers are swapped to access customers’ data which corresponds with what NIRA has. “The only information needed from DFCU would be the bank account and the balance of the customer,” added a source.
The connivance at DFCU can’t be ruled out because the bank audit trails and therefore DFCU would be able to know which staff checked whose account. The investigations further reveals that after registering for mobile banking the masterminds get a token on the swapped sim-card which validates the whole registration process.
And at that stage they are able to transfer to another account, withdraw using sim-cards and even transfer to other banks. “Basically the fraud begins from swapping customer’s sim-card and validating the details from NIRA.” MTN Uganda admits that there could be “bad apples” that connive with outsiders to leak data.
However, the acting spokesperson Martin Sebuliba said he was unaware that such could have happened at MTN. “I don’t know what you know but I can tell you that we are guided by one principle and the regulations of the regulator. We don’t compromise on that.”
Airtel’s Sumin Namaganda Contests the case saying for a customer to swap a sim-card, his/her ID must be provided which is stored in the telecom’s system arguing that if there is any breach the owner is easily identified.