Unidentified hackers broke into the systems of Pegasus Technologies, a company that integrates mobile money transactions between telcos, banks, and other local, regional, and international money transfer services, making off with a yet to be known sum, but said to be in billions of Shillings.
The most affected firms are the leading telcos, Airtel and MTN Uganda, as well as Stanbic Bank, Uganda’s largest bank that also backs up most of the mobile money transactions.
In a joint statement released on October 5, 2020, Anne Juuko, Wim Vanhelleputte, and VG Somasekhar, the CEOs of Stanbic Bank Uganda, MTN Uganda, and Airtel Uganda respectively, admitted there was an “incident”, but did not give details.
“Stanbic Bank Uganda, MTN Uganda and Airtel Uganda inform the public and their customers that on Saturday, October 3, a third-party service provider experienced a system incident which impacted Bank to Mobile Money transactions. All Bank to Mobile Money/Wallet services have since been temporarily suspended,” the trio said.
“This system incident has had no impact on any balances on both Bank and Mobile Money accounts. Our technical teams are analysing the incident and will restore services as soon as possible.
“We apologise to all customers for any inconvenience that this has caused and reiterate our commitment to delivering seamless banking and mobile money services,” they added.
Ronald Azairwe, Managing Director Pegasus Technologies Limited, could neither deny nor confirm the incident.
“Sadly I can’t comment on that. I can’t confirm or deny anything of the sort. I can’t speak about it. MTN/Stanbic/Airtel should be able to tell you whether it is Pegasus or not,” he told this reporter on phone.
But Twiine Charles, the Criminal Investigations Directorate spokesperson confirmed to CEO East Africa Magazine that an electronic fraud incident had been reported to police.
“The fraud incident has been reported. We are constituting a team of electronic countermeasures investigators and investigations begin effective tomorrow,” he said.
A source at one of the affected companies, told this reporter that hackers broke into the system of Pegasus Technologies who handles MTN to Airtel and Airtel to MTN transactions as well as the respective telco to bank payments on Thursday night. Pegasus also handles Stanbic Bank’s Flexipay, a cashless solution that allows the bank’s customers to pay for goods and services via mobile money.
“From Thursday night, the hack went on undetected until Saturday. By this time, hackers had sent themselves almost UGX1.3 billion but had managed to withdraw UGX900 million from Airtel Money. We estimate MTN also lost almost twice the same amount of money since they are mobile money leaders. When the fraud was detected all transactions going through Pegasus Technologies, were suspended,” said the source.
CEO East Africa Magazine, also understands that other than the local mobile money firms, other international money remittance firms were also affected.
“Hackers usually target financial institutions over weekends when there is less activity and reduced vigilance. It is easy to strike, withdraw the cash and cover up by the time the weekend is over,” said the insider who is very familiar with such online frauds.
Established in 2007, Pegasus handles up to UGX1.7 trillion in financial transactions annually. This includes mobile money aggregation, mobile payments and remittances, loans and savings, and value-added services such as SMS, airtime, and data loading.
Its flagship product, PegPay payments platform, is currently being used by several institutions including banks, telecoms, and utility companies such, retailers, Pay-Tv providers’ and schools, to aggregate and manage financial transactions for both internal and external purposes.
In an April 2020 interview with CEO East Africa Magazine, Sydney Asubo, the Executive Director of Uganda’s Financial Intelligence Authority (FIA), the financial crimes watchdog said that fraud, because of its lucrativeness, accounts for more than half of all the financial crimes in Uganda.
“Fraud is of course wide but it has subsets- it has corruption, theft, cybercrimes, including identity theft and embezzlement. That is number one by far. The gap between number one (fraud) and number two is so big- I would say half is fraud,” he told this reporter at the time.