Farah Bashir was on a work trip to Johannesburg, South Africa when his bank accounts were wiped clean by fraudsters.
Mr Bashir lost Sh2.6 million from his four different Absa Bank accounts between February 7 and February 9. The transactions, he told the Nation, took a few hours.
The medical lab scientist on February 5 received numerous calls from friends and family letting him know that certain people had been looking for him. The fraudsters had accessed his contacts.
Everything was okay until he received an alarming SMS from Safaricom at 5.43 p.m. on February 7. The text notified him that the company had received a Sim Card swap request and that he should disregard the communication if he had not initiated it.
Mr Bashir had received around ten such texts an hour later. He contacted Safaricom Customer Care via Twitter, but was told to disregard the text as he had not initiated the swapping request.
But at around 11.31 p.m Mr Bashir noticed something was awry when he could not use M-Pesa to buy airtime to phone home.
Upon contacting Safaricom via Twitter, they requested his personal information, including his ID and phone numbers. It is then that he decided to check his bank account balance. The Absa bank app system rejected his fingerprint.
He used his laptop to log on to his account via the internet at 11:51 p.m. He was startled by what he saw. His Kenyan currency account, which held Sh335,000, had already been depleted by a withdrawal of Sh150,000. As he watched helplessly on his laptop, another Sh150,000 was withdrawn
He quickly contacted Absa and informed them of the problem, and changed the password. Soon after, however, another Sh34,000 was taken out of his account, completely emptying it.
His dollar account, which had US$17, 451 (Sh2 million) was swept clean.
On February 8, a few minutes after midnight, the hackers first took out US$936, then US$4,680, US$3,650, US$4,680, US$936, US$1,872, US$561, US$121, US$9.36, and lastly US$4.68, leaving US$0.12 in the account.
They transferred the entire sum to a Pesa Link account. They then moved on to his Sterling Pound account. They withdrew UK£225 before clearing his Sh231,000 credit card amount. The hackers made off with Sh2.6 million at the end of their loot.
On April 25, he wrote to Absa, requesting a status update on his case as well as assurances that his funds were safe in the bank.
“I would like to know how the fraud was conducted, what internal systems the bank has to detect illegal withdrawal of funds from my accounts, and why did the fraudsters access my account on February 8 at 11pm SA time after I had changed my password?” he wrote.
The lender responded in 14 minutes and then went mute until May 13 when he received a report labelled “complaint resolution”.
The bank acknowledged receiving his complaint via his relationship manager on February 9 and confirmed receipt of his follow-up email. The bank confirmed that Sh2,015,715 had been moved from his USD account as well as money from his GBP and credit card accounts.
According to Absa bank, the cash was transferred via mobile banking to two additional banks and M-Pesa mobile wallets.
Further, the lender indicated, the monies were transferred as a result of a Sim card swap on Mr Bashir’s Safaricom mobile phone.
“We managed to secure only Sh500,000.00 and credited the amount to your account on March 7. The rest of the funds unfortunately were already utilized,” the bank stated.
“From the above sequence of events, we have established that there was no compromise to the security/password integrity in your account on the part of the bank. Kindly note the credentials are only known to the customer. In addition, where a password is compromised, you are under a duty to inform us immediately so that we may take appropriate action to secure your account. Based on this, the bank is not liable for the net loss of Sh1,515,715.00 from your account,” the bank said.
Despite denying any wrongdoing, the bank stated that the matter had been referred to the Banking Fraud Investigations Department for further inquiry.
Reports indicate that the Sim swap took place at 11:31pm on February 7 at a Safaricom agent shop in Kasarani, and at least 15 different mobile numbers were used to transfer the money to other bank accounts.