How Fidelity Bank employees stole millions from customer accounts?

Nigerian authorities are still working on the case of the four employees accused of committing electronic fraud against Fidelity Bank to the tune of more than 870 million Naira. According to the report, the testimony of a new witness will be instrumental in convicting Olusegun Babasola, Abisola Ahmed, Uchechukwu Uma and Jude Alphaeus.

The defendants face two counts for their involvement in hacking the bank’s database and cloning more than 22 ATM cards, used to divert the compromised funds, belonging to corporate clients such as American International Insurance Company, Interswitch, OVH Energy Marketing, Fidelity Bank Sinking Fund Account and FSL Securities.

This fraudulent operation would have been completed in just three days, which demonstrates the capabilities of this hacking group. The four accused have already appeared before the Nigerian courts, pleading not guilty to the charges.

Peter Ige, a computer systems auditor working for Fidelity Bank, told the court that his department is collaborating in the investigation of this fraudulent activity and it was this work that managed to identify the four defendants.

When analyzing the systems, the bank’s security teams identified that the accounts used for this activity were linked to a set of payment cards, considerably increasing the withdrawal limit at ATMs from 150,000 to 1,500, 000 Naira: “This is a clear indication of fraudulent activity.”

The researcher adds: “Normally, there should be a request from the client or another department requesting the services. In this case, from our investigation conducted, there was no evidence provided by the defendants to enter these accounts.”

The court is including the testimony of this employee in the case, which could be the missing element to prosecute the defendants. At the moment it is unknown what the maximum sentence they could face is, as it is highly likely that more criminal charges will be filed.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.