Ugandan Mobile Money Services Suspended Following Major Fraud

There are reports of a major mobile money breach affecting Stanbic Uganda, MTN Uganda and Airtel Uganda. Some unconfirmed sources suggest losses may be equivalent to several hundred thousand US dollars. The CEOs of the three companies have issued a press release announcing the suspension of mobile money services. They claim that this decision has been taken due to “unprecedented technical challenges”.

Stanbic Bank Uganda, MTN Uganda and Airtel Uganda inform the public and their customers that on Saturday 3 October 2020, a third party service provider experienced a system incident which impacted Bank to Mobile Money transactions.

It seems the entry point may have been from the integrator that provides the interface between the banks and the telcos.

Sources at the affected companies indicate that hackers broke into the system of Pegasus Technologies, a company that integrates mobile money transactions between telecom companies, banks and other local, regional and international money transfer services making off with a yet to be known sum of money.

Pegasus is a major player according to this piece.

The company’s flagship product, PegPay payments platform which is used by several institutions including banks, telecoms and utility companies, retailers, Pay-TV providers and schools helps aggregate and manage financial transactions for both internal and external purposes. Pegasus also offers e-commerce services where organisations with websites or mobile applications are allowed to vend their services online and receive payments online.

The incident may have gone undetected for three days, from Thursday to Saturday. For some reason, at the time of writing, the website of Pegaus technologies appeared to be down and returned a default error page.

Even without clear communication of the amounts that may have been lost, the incident is yet another reminder of the double-edged sword that mobile money is. It is a service that is changing the lives of customers for good and generating much needed revenues for telcos, banks and integrators, but at the same time a platform which can be hit by major incidents, anytime, anywhere.

Joseph Nderitu
Joseph Nderitu
Joseph Nderitu is a director at Integrated Risk Services Ltd and specializes in revenue assurance. He previously worked as Head of Revenue Assurance and Fraud Management at Vodacom's operation in Tanzania, having previously served in the same role at Vodacom Mozambique.

Before his work with Vodacom, Joseph was an internal audit manager for Airtel, with responsibility that covered their 17 countries in Africa. Whilst at Airtel, Joseph led reviews of the Revenue Assurance, Customer Service and Sales & Marketing functions.

Prior to his stint at Airtel, Joseph was an RA manager at Safaricom in Kenya. He holds an MSc Degree in Information Systems.