State-Owned Zimbabwean Telco Shaken by Multiple Internal Frauds

Friends, colleagues and some Commsrisk readers will have heard me state publicly that:

Once is unfortunate. Twice is a coincidence. Three times, you’re guilty.

This adage was brought to mind by a recent report of fraud at NetOne, a mobile network in Zimbabwe.  I did a little online research and in this context, I must regard NetOne management as one of the guilty parties.  This article provides details of recent NetOne frauds and identifies ways in which the situation could be improved.


According to their website, NetOne was the first GSM network operator in Zimbabwe.  It is a company wholly owned by the government and was formed as a subsidiary of the Posts and Telecommunications Corporation (PTC) in 1996.  Its main focus was to introduce and offer mobile cellular telecommunications to complement the fixed line telecommunication services offered by PTC. Since launch, service has been extended and the network has expanded from five hundred to an aggregate customer base of more than a million subscribers.

The information on NetOne’s website is likely to be out of date. For example, in 2019 the Harare Post said NetOne had 3.3 million subscribers and an August 2022 article from Techzim said NetOne added nearly 780,000 customers during 2021, taking their total subscriber base to 4.4 million.

Once Is Unfortunate

In June 2022, Nehanda Radio reported that the Zimbabwe Anti-Corruption Commission (ZACC) had arrested Daniel Kalira (39), a cashier at NetOne, after he allegedly stole approximately ZWL150mn from the mobile network in an airtime voucher scam operated over two years.  Nehanda Radio reported this as equivalent to USD8.8mn, although this is calculated from a January 2020 exchange rate.

It is alleged that from January 2020 to 23 May 2022, Kalira stole airtime from NetOne by falsifying his sales of airtime on the stock issue vouchers which he dispatched to NetOne sales agents.  For example, it is alleged that on 25 August 2021 he falsified issue voucher number 77064, where he recorded the despatch of 17,400 airtime cards of ZWL100, whereas he actually shipped 80,300 cards.  According to the ZACC statement, an audit to ascertain the actual amount stolen from NetOne was still ongoing.

Twice Is a Coincidence

In December 2022, H-Metro reported the story of Delight Ncube, a university student who had been working on attachment to NetOne.  When Ncube started his attachment on 1 July, he was issued a post-paid staff line, data access and a laptop.  It was alleged that, at some time during August, Ncube got access to NetOne’s recharge platform.  According to H-Metro, sometime between November and December, Ncube terminated his attachment and returned the laptop but retained his telecoms and data access. This presented Ncube with a wide-open opportunity to defraud the telco.

Ncube allegedly advertised discounted NetOne data bundles, employing a friend on commission to help advertise and sell them.  H-Metro reports that NetOne discovered Ncube’s activity via a Facebook advert which offered these discounted data bundles. NetOne’s internal investigation established that the data bundles were being recharged from the post-paid staff line issued to Ncube.  NetOne blocked the line, but it is reported that Ncube was still able to recharge the data bundles and continued selling them until he was arrested by the police. Ncube has been charged with theft of property valued at ZWL16mn.

And Three Times – You’re Guilty

The most recent NetOne crime report from ZimLive relates to – you guessed it – the theft of more airtime.  The report is dated 28 January 2023 and it states that police in Harare have arrested four NetOne employees in connection with the theft of over ZWL565mn worth of airtime between December 2022 and January 2023.

Primrose Maireti, 32, James Mwanza, 35, Kumbulani Nyapfumbi, 30, and Simbarashe Mandimutsira, 27, are facing fraud and cybercrime related charges.  Police spokesperson Assistant Commissioner Paul Nyathi confirmed the arrests and said the suspects stole airtime from their employer and sold it to dealers at a greater discount than the company offered. ZimLive quotes Nyathi saying:

Police detectives teamed up with NetOne Loss Control and Fraud Management Unit to track the suspects leading to the arrest of Mwanza.  Checks made confirmed that Mwanza received ZW$50 000 000 worth of pin-less airtime from the deal.

Mwanza is said to have implicated the others involved in this crime.

Some Context

If you’re not familiar with operating conditions in developing countries, it is easy to be critical of NetOne’s fraud performance. My first reaction was negative when I started researching these fraud reports.  Then I looked at some of the factors that may have contributed to the problem.

  • A government-owned will typically suffer from underinvestment, especially in countries where food security is always a higher priority.
  • Wages will be lower than commercial competitors. The business cannot attract the best staff and any staff that progress within the business are likely to be poached by privately-owned rivals.
  • Management tends to be older, will have less industry experience and will be less motivated than management in the private sector.
  • Inflation is a huge headache in Zimbabwe. Runaway inflation would pose serious problems for most organizations, but are especially problematic for a company working in a globalised industry.

Zimbabwe has a troubled history with currency. In 2009, Zimbabwe adopted the US dollar after hyperinflation destroyed the value of the Zimbabwe dollar. At its peak, prices were almost doubling every day and the reserve bank resorted to printing notes worth 100tn Zimbabwe dollars to try and keep up. This was futile because so many more US dollars were leaving the country to pay for exports than the number of dollars coming in. US dollars were in short supply, leading to long bank queues as people struggled to get their money out.  In 2019, the government introduced the RTGS dollar, which was supposed to bring together bond notes, debit card and mobile money payments to make sure that they were all worth the same.  The government said the value of the RTGS dollar would be set by the market. One US dollar would buy you 100 RTGS dollars at the start of 2022, but was worth 800 RTGS dollars by the start of 2023.  This inflation is the reason I’ve avoided quoting US dollar equivalents for the fraud losses and would encourage you to think of the fraud equivalent value in your own companies. How would you view the loss of 1.5 million airtime top-ups?

Alternatively, let’s look at fraud as a percentage of revenue.  The latest revenue figure I could find was ZWL14.4bn in H1 2022, equivalent to ZWL2.4bn per month.  If we assume a similar revenue for December 2022 and January 2023, when the most recent fraud occurred, that ZWL565mn fraud loss could represent 12% of revenue, which is unsustainable in any business.

Time for a Change

So who is guilty of what?  Well, if this was a listed company there would be hordes of angry shareholders who could answer that question.  They would be demanding the removal of members of the management team which, in 2019, was warned by the Zimbabwean Auditor-General about poor governance practices.  If management did anything about governance, it wasn’t effective, as evidenced by the fraud reports above (and there are more which I didn’t include). These recurring cases demonstrate that management is guilty of failing to deal with fraud risks.

I’ve been unable to find NetOne’s annual reports online. The website shows it has a Risk Governance and Compliance Committee whilst press reports confirm the existence of a Loss Control and Fraud Management Unit – but how well are they resourced?

Even within the difficult conditions outlined above, there are significant opportunities to deliver improvements with minimum outlay, including:

  • Make someone responsible for fraud management and hold them accountable
  • Conduct a fraud risk assessment
  • Apply segregation of duties
  • Establish preventive and detective controls
  • Operate those controls and respond to breaches
  • Apply appropriate governance, such as ‘the three lines of defence’

It may be difficult but for this business to succeed it must change, or these frauds will continue.

David Morrow
David Morrow
Dave has 35 years of law enforcement, investigation and fraud management experience including multiple international assignments. He is a recognised telecoms fraud expert and for a number of years chaired the GSMA workgroup responsible for Security & Fraud Risk Assessments.

Dave now provides fraud management support as an independent consultant.