By William Kumwembe
Picture this; you open a bank account with one of the commercial banks on the land, rendering all relevant personal information, including your mobile phone number.
“Doing so entails a significant element in the fight against financial crime and money laundering”, you are told by one of the bank’s officials advancing the Know Your Customer agenda championed by regulator, the Reserve Bank of Malawi.
Ironically, few months down the line, you receive a bank alert that K80, 000 has been debited from your account, a transaction you did not effect.
The bank system shows you have made the transfer electronically to a registered mobile money account.
It takes you calling the number and threatening the recipient before they reimburse the money, but in trenches, and then switch their phone off, forever.
This is an experience of one Josephine Chigoga (not real name) who in November 2021 fell prey to cell phone fraudsters who, supposedly, swapped her simcard to swindle her.
“I had not given my password to anyone although the bank was alleging that my relative might have made the transaction,” she claims.
While she might have recovered her money, like most other victims of the vice in the country, level of her confidence and trust in the banking system has eroded.
Chigoga’s experience is a hint that cyber criminals have just become smarter in duping people.
In some instances, they are even taking advantage of promotions and mobile phone money transactions which mobile phone service providers and banks offer.
One might think that this message from 0889459972 is random: “Ministry of health Malawi. Ndalama zanu zatuluka za Covid-19 zokwana K95000.00. Kuti mukatenge imbani pa #0889459972 ##0983055417#”
But only when you try to call the numbers do you realise that everyone is equally susceptible to cyber attacks, a thing that has turned rampant in the country lately, despite the recent sim-card registration exercise which aimed to counter the vice.
Both commercial banks and mobile phone services providers, whose systems are integrated, concede some subscribers are duped by fraudsters through various ways.
In its fraud alert notice issued recently, Malawi’s largest bank by assets, National Bank of Malawi (NBM), for instance, said its customers were receiving pop-up adverts that claim to be from the bank, directing the recipient to a website which requests for personal information.
In a response to our emailed questionnaire earlier, NBM Deputy Chief Executive Officer Harold Jiya said a surge in cybercrime was noted and the primary target was customers.
“The magnitude is negligible relative to the quantum of the digital business reflective of the effectiveness of our internal controls. A few months ago, we implemented controls that have made it not possible for a sim swapped not to link to an account,” he said.
The Bankers Association of Malawi (Bam), an umbrella body for commercial banks in the country, also says while sim-swaps are not as rampant as were in the past, cyber fraud remains a threat.
Bam Chief Executive Officer Lyness Nkungula said the fraudsters are taking advantage of people who are made to believe that they have won a prize in a certain competition and in excitement reveal their secret numbers
“The big problem that we have now is where some people are using deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes,” Nkungula said.
Before 2018, Malawi Communications Regulatory Authority (Macra) instituted a mandatory registration of sim cards and generic numbers intended at helping prevent crime and fraudulent cases encountered in the absence of the provision.
But from the look of things, blank simcards are still flooding the market; being sold at less than K500 each and anyone can register anywhere through mobile phone services agents.
This makes the option porous as our investigation points to the fact that some are even able to register simcards multiple times using one national identity card.
But Macra Director General Daud Suleman says, to curb the malpractice, the regulator intends to start registering handsets using the Central Equipment Identification Register.
“The sim registration exercise has been effective but there are now new digital opportunities for fraudsters to exploit. What has gone wrong is that we have not been in a position where we can synchronise our records in as far as id copy is concerned,” he said.
Malawi, like most African economies, are pushing the digitisation agenda, which, if successful, will see the country attaining the cashless mark at not long a distance from now.
But it appears a foregone conclusion that the faster the pace, the smarter the fraudsters are becoming.