Skip to main content

M-PESA Fraud - Agents Beware!

Tricksters and dishonest people have always existed in our midst.  It is definitely naive to imagine that our new techno-savvy way of life is an exception to the age old social patterns. This afternoon, an M-PESA agent was a victim of a new line of M-PESA fraud.

Here goes the story; this is factual and occurred on February 1st 2010 in a peri-urban setting about 24 kilometres from the Nairobi City Centre
  1. About 2.00PM, a lady and a gentleman who looked to be in their mid twenties visited an M-PESA outlet, claiming to be Safaricom supervisors. The two wore valid looking M-PESA badges and even carried M-PESA promotional material for the outlet.  The two inspected the outlet’s log books then left. Note: It is normal for Safaricom to send supervisors to routinely inspect various parameters on operations of M-PESA outlets. The supervisors usually wear Safaricom badges and often take with them M-PESA promotional material to the outlets
  2. About 20 minutes after the purported supervisors left, an old looking man estimated to be at his late 50s or early 60s came to the same outlet requesting to withdraw Ksh.35,000. The man was allowed to withdraw the desired Ksh 35,000 and went ahead to initiate the withdrawal from his phone – as is the normal procedure.
  3. Shortly after, the outlet attendants received an SMS purporting to record and authenticate the old man’s withdrawal transaction. The SMS received by the attendant had a valid looking M-PESA transaction number and the old man’s purported names which were verified against an original national ID which he presented.
  4. The M-PESA attendant, convinced about the validity of the transaction (just like hundreds of others processed daily) gave the old man an initial Ksh. 30,000 and was reaching out for the remaining Ksh. 5,000. Before the exta amount could be retrieved, the old man calmly signed the outlet transaction and walked away saying he would come for the remainder later.
  5. The M-PESA attendant continued with the next customer, expecting their float to have increased by Ksh. 35,000 as a result of the withdrawal. The expected float was then not reflected in the valid M-PESA SMS after the next customer’s transaction – raising a red flag to the M-PESA attendant.
  6. The M-PESA attendant shortly after called 234 – Safaricom’s M-PESA service line for clarification and the service support person on the other end reported that the transaction withdrawing Ksh. 35,000 was not reflected in the M-PESA system
  7. Alarmed at the Safaricom claim, the M-PESA attendant frantically attempted to call out for the old man who had disappeared by then without a trace. 
  8. Late in the afternoon, the M-PESA agent went to the police station to report the incident. The police officers took initial details and promised to visit the outlet the following day for further investigations.
A number of discrepancies have since been highlighted on the fake M-PESA SMS which is copied and pasted below

P47DT685 confirmed on 01/2/2010 at 2.20PM Give Ksh 35,000 to DANIEL MAINA New M-PESA balance is Kh 42,049 Sender:MPESA +254771831462’ 

I shall leave the analysis of the text and the resulting fraud to the reader for now.

Note that according to the Safaricom M-PESA support person, the M-PESA agent only has to count their loss as no indemnity is payable to the agent for their predicament. When the known Safaricom / M-PESA representative for the affected region was contacted they disowned  ‘supervisory visit’ by the lady and gentleman 20 minutes before the 'withdrawal' was requested. I wonder how many more M-PESA agents have fallen pryy to this new M-PESA trickery.

Comments

  1. This is how the tricks works : -
    The conmen visit your premise pretending to be from Safaricom or use any other excuse to handle the dispensing phone. Once they access the phone they save themselves in your phone book by the name mpsesa. Then they edit a normal mpesa message and send as a normal sms to the dispensing phone. what you see is actualy an sms message bearing the name mpesa but if you scroll the message further down you see the actual number of the sender. a very cheap trick but higly devastating.

    ReplyDelete
  2. @kipsang sorry for delayed response. You may go ahead and repost. It may have been prefferatble to simply link to this post but you may repost as you wish.

    @anon 9.24am, am informed that the fake Safaricom guys did not gain access to the dispensing handset but true to your hypothesis, there was a fake contact labelled M-PESA on the handset. Its still unclear how it got there eg a VCARD sent and saved inadvertently. What is puzzling now is the thought that a dispensing handset should be allowed to receive SMS texts from an origin other than the Safaricom system.

    Me thinks M-PESA agents are highly exposed to fraud and theft from employees and such tricksters. Several such incidents practically eat away the float deposited at safaricom and they either inject more capital of they are out of business

    ReplyDelete
  3. I thought that the SMS was encrypted and could ONLY be deciphered by the SIM application?

    Are you saying that the thieves got around this?

    ReplyDelete
  4. The most basic education to the Agent HAS to be to check the ID of the sender of the SMS.

    If it is sent by MPESA, it would normally contain an MPESA sender ID.

    If it is sent by a fraudster then it would contain the Fraudsters Mobile number.

    This is one of the most obvious fraud possibilities in launching such services and I am surprised that it wasn't foreseen and the agent trained accordingly.

    I realise that you may think that even with training the Agent may omit seeing the sender ID on a per transaction basis, but then that is the fear that needs to be drilled into the agent that you cannot afford to miss out on seeing who is the sender of the SMS

    ReplyDelete
  5. Correction: The M-PESA fraud tool place on 1st Feb 2010 and not 2009 as earlier indicated

    ReplyDelete
  6. I hope I'm wrong, but irrespective of whether sms confirmation message was genuine or not, why would an MPESA agent pay out ?
    Are the agents not suppose to key in the confirmation supplied by customer on the MPESA system and than the system would validate same and advise if Agent should honor it or not. Am I missing something here?

    ReplyDelete
  7. Beware of money theft inside safaricom department kenya. I send my money to my bother 2 weeks ago. Here in USA was 1700 hrs which means it was 02oo or 0300 AM in kenya. That money was collected in 11 minutes by someone in safaricom. I am convinced about it because at least all agents were closed at that time of the night. secondly, the recipient never got that money and the M-pesa are still investigating it. Well, whoever picked the money had an ID. Why is that too hard to trace?. Personally I will never trust M-pesa again and I am shocked that western money union partnered with them. Is someone has a solution please help.

    ReplyDelete
    Replies
    1. "Well, whoever picked the money had an ID. Why is that too hard to trace?."

      1. Lost ID's are pasted all over public places in Kenya for fraudsters to harvest and misuse.

      2. Most MPesa agents are so lazy that they never examine the ID. Some simply ask "ID number" and put whatever you say in their records.

      I have not had any negative experiences with MPesa to date (knock on wood!) but have always thought that it is a very leaky system and can easily be abused.

      Delete
  8. Hello Guys!!! I am very new to blogging, wana create my own blog but I don't know that from where I should start. I want a little bit help from the admin of this site if possible. Appreciation for help in advance. Thanks!!!

    ReplyDelete
  9. Hi There ..Thanks A Lot For Your Article ..It's Very Helpful ..Nice Share

    Sedekah

    ReplyDelete
  10. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
  11. drrochelleskinexpert01.com
    drrochelleskinexpert01.com
    drrochelleskinexpert01.com
    drrochelleskinexpert01.com
    drrochelleskinexpert01.com

    ReplyDelete
  12. Jaguar303 Agen Bola Terpercaya, Judi Bola, Bandar Bola, Agen SBOBET, Agen Casino, Agen Betting, Agen Sabung Ayam Online, Agen Bola.

    agen bola terpercaya
    Agen sabung ayam

    ReplyDelete
  13. Agen Domino99 dan Bandarq Online Terbaik di Asia
    http://warungdaftar.com/mejaqq/

    ReplyDelete
  14. PROAKUN.WIN | AGEN BANDARQ | QQ ONLINE | DOMINOQQ | BANDARQ ONLINE | JUDI ONLINE TERBAIK DI INDONESIA, adalah Website Rekomendasi Situs Situs Terbaik dan Ternama dengan Hasil Winrate Teringgi Terbaik Di Indonesia.

    Agen BandarQ
    QQ Online
    DominoQQ
    BandarQ Online
    Judi Online

    ReplyDelete

Post a Comment

Popular posts from this blog

M-PESA is not a Kenyan Innovation

Many Kenyans still believe that 'their' Safaricom owns the patents to the M-PESA innovation. Some Kenyans even claim that Safaricom hijacked their idea and developed it into M-PESA - a court case was once reported on this. The reality being that the system  was 'developed' by Sagentia on behalf of Vodafone, it goes without saying that the corresponding intellectual property (IP) does not belong to Safaricom. That is also not to forget that Kenya has enough software development capacity to build such a system on a robust platform. Safaricom is paying patent fees to Vodafone just like any other network operator who will wish to use the money transfer platform. It might help for Michael Joseph to clarify if any benefits accrue to himself or others in Safaricom specifically for accepting to be the test platform for "Vodafone's innovation". Such a clarification should of course address the opportunity cost of a more direct contribution to Kenya's knowl...

Tribulations of the M-PESA Agent

M-PESA is the mobile money transfer platform introduced in Kenya by Safaricom - Kenya's arguably dominant mobile network operator. It is a fact that M-PESA has revolutionized lifestyles of Kenyans in the last three years. To-date there are about 20,000 M-PESA agents in Kenya according to statistics from Safaricom. It is the extensive network of M-PESA outlets that Michael Joseph - former CEO of Safaricom attributes to the phenomenal success of the M-PESA money transfer system (see my notes on ‘ reflections with MJ ’ in October 2010). Although the former CEO's assertion remains arguable, the significance of the agents and their outlets cannot be overstated in analyzing the money transfer system's success. Recently I engaged a couple of M-PESA agents in some discourse to try and understand their contribution to the platform's success. Perhaps it is because of our age old tendency to complain over everything that I caught a few concerns that would qualify to be the ...