Know Your Customer

LETTER TO XEXEMUXE
Dear Xexe,
Ei Xexe, there are serious criminals in our country o, you better watch out.

Today the branch manager of one of the top banks in the country told me how several cheques of a corporate client were cloned and the SIM card of the MD of the company was also cloned by criminals who work in the bank, the company and possibly the telco involved.

For strategic reasons I won’t say the names of the bank, the telco and the company now. But several cheques of that company for amounts ranging from Ghc28,000 upwards were submitted at various branches of that bank across Accra on the same day for clearance. As usual the bank will call the MD to confirm. The branch manager of the bank was not available so the deputy was in charge. The deputy called the company MD’s mobile line and the one who picked (pretending to be the MD) said they should pay the money.

But because of the bank’s strict KYC (know your customer) rules, they actually knew how the MD speaks. He is said to be a very jovial person and would often speak a particular local dialect and make jokes. But this pretender went straight to the point and said “pay”.

The Deputy branch manager became suspicious and called the branch manager who was out on training. The branch manager then managed to reach the MD of the company on company phone line and he told her the original cheques are with him so the ones at the bank were fake.

He also reported that since that morning his SIM card has not been working. All the cloned checked we’re traced to the bank’s branches where they were submitted and they were all stopped.

Xexe I heard you say “thank God!” Yes we thank God. But I have learnt one very biiiiig lesson, and I can also make one small deduction.

Firstly, the lesson. I remember posting the picture of an Access Bank Deposit Slip on Facebook because I had issues with why they are asking for my mother’s maiden name while I was making a deposit. But I can now appreciate why a bank would ask a customer such seemingly silly questions. It is all about KYC. In this case, if the criminal who cloned the SIM had been asked some security question, he might have failed. Thank God his voice and attitude on phone gave him away. But in case he had mimicked the MD, the silly security question would have exposed him.

Secondly, if the telecom company involved had also had KYC and asked the guys who went to them to clone the SIM a few security questions, they would have known that the guys reporting the lost or damaged SIM were criminals. But they replaced the SIM for them. The other possibility in that instance is that the telco staff who did the supposed replacement may be part of the syndicate so he/she ignored the necessary security questions and issued the new SIM, probably unregistered.

I think the MD should trace the cloning to the telco’s customer care shop where the cloning was done and who in particular did it. It should be easy to find who and whether the person followed laid down SIM registration rules.

Speaking of unregistered SIM, Xexe stand by for my next article on how unregistered and or badly registered SIMs are issued to SIM box fraudsters in bulk and and that is shoring up the subscriber base of some telcos in the country. They are, by commission and or omission incentivizing criminals and are just happy to quote those fraudulently used SIM cards as part of the customer base.

Watch out for it Xexe, but don’t forget to let your bank get enough information on you as possible. It is for your own good.