How did an EcoCash agent steal over $12000, are new security measures needed?

0
46

Tafadzwa Taziveyi was (is?) an EcoCash agent in Hwange who worked (works?) from Shanduka Econet shop. Tafadzwa is 23 years old and as all young adults probably feel, he felt he could do with a little more money in his life. He decided the law was a hindrance and found himself a friend who felt the same.

His friend, whose identity is not known yet (guess Tafadzwa ain’t a snitch) works (worked?) from Econet headquarters in Msasa, Harare. This unnamed friend is being called an Information Technology (IT) specialist. They shared the same belief that the law was merely a codification of suggestions.

What they did was impressive, in a bad way of course. Shame on you Tafadzwa and Co. They stole about $12 681 from 25 clients in four days. Four days! 25 clients! $12 681!

advertisement

It was all too simple for Tafadzwa and friend though, which does not fill me with confidence in the EcoCash system. I understand that internal controls work to a point and it is almost impossible to implement controls which can stop collusion (working together to beat the system) by employees, which is what happened here.

What they would do is target those clients who came to buy sim cards. After those clients filled in the details needed in order to obtain a sim card, Tafadzwa as an employee in the Econet shop would have that information. They would let the clients use their lines, create EcoCash accounts and transact.

Once they saw that there was a sizable amount in an EcoCash account (IT specialist handy here) they would report the line as lost and proceed to issue themselves the replacement sim. The IT specialist would then deactivate the old sim (the one in the client’s hands.) The client details needed to fill out the application for replacement sim would be in Tafadzwa’s possession so they were covered there. Document-wise everything would be in order.

Once they had the replacement sim and the PIN, they would then proceed to transfer the money into their own accounts. The IT specialist probably used different EcoCash accounts, none of them his, when receiving money from his friend in Hwange. That would explain how it is that they know that money was sent to him/her but do not know who he/she is.

The problem with their plan was that although the client would no longer be getting messages of the out-transfers and so would be in the dark, it remained that the client could no longer do anything with their sim. That’s because that old sim would have been deactivated. These clients would obviously get in touch with Econet, angry that their sim cards were not working.

They would be told, by the helpful other Econet employees that they replaced their lines and they would hiss fits and that’s how the whole thing unfolded. That is why this crime spree lasted only four days, from 29 September to October 4th this year. It was stupid and not thought out.

Of the $12,681 that was stolen, $4,935 was recovered.

Tafadzwa was arrested in Hwange and the IT specialist is still at large, for now. The lesson to be learnt here is that crime does not pay.

This story comes at a time when the country has shown its commitment to cyber security as a new Ministry of Cyber Security was created. We are close to the Computer Crimes and Cybercrimes Bill being passed into law. With Minister Chinamasa at the helm any would-be IT specialists better watch their backs. The government will tolerate no computer crimes any longer.

For Econet though I am a bit understanding. Auditing basics tell us that almost any system can be circumvented if employees choose to collude. So maybe the hiring process would be questioned but still it is the smooth talkers who ace job interviews and besides a company cannot be expected to anticipate a change in character of their employees.

Can Econet do more to ensure better system security? Probably. What is it they must do? Heck if I know.

LEAVE A REPLY

Please enter your comment!
Please enter your name here