Pan-African payment startup, Flutterwave, has confirmed that there was a security breach in one of its customer platforms but claims no money was stolen after early detection.
- •In a statement posted in the company’s blog, Flutterwave says it recorded suspicious activity within the said platform in April this year and proactively stopped any theft of customers’ money.
- •Moreover, as part of a wider security action, Flutterwave will notify some customers to migrate their accounts from the systems they are using.
- •Flutterwave has also asked its customers to ensure that their accounts have multifactor authentication, 3D security, and IP whitelisting.
“We can assure our customers, members of the public and our stakeholders that no customer funds were lost or compromised, and the confidentiality of our customers’ data remains intact,” Flutterwave said in a statement.
TechCabal reported that a source from the company confirmed that the money was stolen and diverted to several unknown accounts across five financial institutions. Another conflicting source even said the money stolen was about 20 billion Naira – opposed to the 11 billion Naira mentioned earlier.
However, in a statement to the media, the Fintech did not indicate the amount of money involved in the security breach.
This is not the first time this is happening to Flutterwave. Over the last fourteen months, organized security breaches have compromised the company’s ability to protect customers’ funds. In October last year, 19 billion Naira was illegally channelled out to 6,000 bank accounts after unauthorized POS transactions.
In March last year, 550 million Naira was lost to 107 bank accounts. A month earlier in February, another 2.9 billion Naira was diverted to 107 accounts. These prolific attacks have been a reputation blotch to Flutterwave’s integrity even as the startup looks forward to IPO.
Dealing with the Crooks
The pressing problem for Flutterwave in the past was identifying the owners of these accounts where its customers’ monies were directed. However, the Central Bank of Nigeria issued new regulations for financial institutions, simply known as ‘Know-Your-Customer’. All financial institutions must request for their customers’ bank verification number (BVN) or a national identification number (NIN) for account or wallet opening by March 2024. In the long run, it will be easier to identify the people involved.
Moreover, Flutterwave was also allowed to recover lost assets from the said accounts in February this year.
Although the company has acknowledged that security breaches affect all Fintechs in the ecosystem, some have believed that Flutterwave’s insiders are collaborating with malicious individuals to defraud customers.
See Also:
