How a Kenyan Living in USA and a Fake Burundian Hacker Tried to Blackmail KCB

Boniface Atika who resides in the USA complained to Kenya Commercial Bank (KCB) on 8th September 2016 that someone might have unlawful access to his account number 1178315851.

Immediately after the report, sources within the KCB indicate that the bank conducted investigations and found that Atika had two accounts linked to internet banking.

Boniface’s personal USA mobile phone line was specified in the KCB system as the delivery channel for his Transaction Authorization Number (TAN), for second level authorization. On logging into the system, a unique transaction number is automatically generated for each transaction and is sent to the specified phone number through SMS. The transaction number is then keyed in into the internet banking portal and used to authorise the specified transaction.

The people who targeted Boniface Atika’s account at KCB had access to his phone number and gmail account. Must have been someone who is very close to him and resident of the USA like himself.

After investigations, KCB established that Boniface’s cellphone line was registered on to the Magic Jack VOIP services and used to authenticate the transactions. Boniface discovered the breech when he logged into his SendWave account to conduct a transaction. He was informed that he had exceeded his daily limit.

Boniface called KCB, which established that the account had been accessed and withdrawal of approximately Ksh 1 million made. The account was cleaned and only around Ksh 150,000 was in the account. After the report, the same fraudsters attempted to take Ksh 118,200 from the account. KCB was not able to freeze the withdrawals because the client, Boniface, had not finished submitting the required documentations to effect a freeze.

But KCB still deemed it fit to refund the over Ksh 118,000 which were withdrawn after the report on illegal access was made.

All these withdrawals were through the internet portal. KCB can’t be liable here.

On the allegations of massive hacking of KCB data, you are so FOOLISH to believe the shallow data provided by the said hackers. What the so called “Burundian Hacker” Chris Irakoze did was to mine phone numbers of clients posted on Twitter.

As you know with social media, some clients don’t see the need to send their phone numbers through direct messaging. They post their numbers on public Twitter timeline when reporting a case to KCB. The Chris Irakoze fellow mined these numbers and attempted to use the same to extort money from KCB. KCB so the foolishness and didn’t even see the need to engage him.

Boniface Atika need not blackmail KCB for him to get some money. KCB was willing to help him pursue the case and bring the culprits to book but Boniface has totally refused to report the case to the US police. There is strong suspicion within the anti-fraud unit in KCB that Atika might have transferred the money knowingly. This might be the case of someone stealing from himself then expecting a refund.

Instead of blaming KCB, customers like Boniface Atika need to see the need to protect their own credentials as KCB doesn’t even own the same.