The issue of security for Big Data has become a talking point in Kenya, after a cartel of 10 scammers was found accessing the National Transport and Safety Authority (NTSA) online database, generating fake car log books and using them to defraud insurance companies. The Kenya Business Daily has more details. The NTSA Director General says:
“We inherited a weak system from KRA (Kenya Revenue Authority) but that is changing after we migrated services online with a robust system”
That raises more questions. Are the scammers using the weak system that was inherited or the new “robust system” that is, from the appearance, anything but robust? The scam includes insiders in NTSA, insurance firms, insurance brokerage firms and motor vehicle assessors.
The modus operandi appears simple:
- Access details of a vehicle that is known to already have been written off e.g. through an accident.
- Generate a fake log book using some of the details and assign it to a fictitious but pricey car.
- In collusion with top insurance brokerage and vehicle inspection firms, insure the fictitious vehicle.
- Lodge a theft claim and smile all the way to the bank. The theft claim is presumably done because in this case, the claimant need not provide much evidence. Difficult to stress a guy who tearfully says his pricey car, on which he has been dutifully paying premiums, has vanished into thin air.
Frauds that depend on collusion can be exceedingly difficult to detect. When everybody is wetting their beak, sometimes the state of affairs can be stable for years. That said, various government organs in Kenya have, in the past two decades, spent massive amounts of money in “modernising”, “streamlining”, “automating” and “digitising” their systems. This basic scandal is a reminder that a lot remains to be done and implementing a system is half the job.
Dare I also add that fraudsters are also happy to hear senior management confirm that a weak system was inherited.