Monday, October 7, 2024

ZANACO Xapit suffers major hack, thousands lose savings

Share

A group of fraudsters hacked the ZANACO Mobile Money platform and defrauded thousands of customers of their hard earned money.

The data breach which happened between Friday and Sunday saw thousands of ZANACO customers lose their cash in their Xapit Accounts.

The fraudsters accessed the ZANACO Mobile money system and managed to send unsolicited SMSs using the ZANACO sort code 5000 to thousands of customers informing them the Bank was undertaking an update of its Mobile Money platform following the launch of ZANACO Zee-Wallet.

The fraudsters suspected to have been from Nigeria later followed up phone calls to a number of customers to whom they had sent the SMS prompt and advised them to surrender their PIN codes in order to carry out the upgrades.

Within a few seconds, thousands of customers lost their Xapit deposits after receiving messages from ZANACO that their accounts had been debited.

Investigations have shown that on Friday and Saturday, the ZANACO Call Centre was flooded with numerous complaints from affected customers demanding to be refunded their money.

The ZANACO Customer Services team confirmed that the system had been hacked adding that investigations were underway to ascertain the true value of the cash that was stolen.

A Branch Manager at ZANACO Novarre Pinnacle Mall only identified as Banji advised all the affected customers to report the matter to the police saying “there is nothing that the bank can do.”

Some displeased customers interviewed appealed to the Bank of Zambia to step in and protect the customer.

One of the customers who claimed to have lost K35,000 in one fraudulent transaction after he agreed to update the account said she was saving up to buy a Car and now all her entire savings are gone.

Another customer vowed to close her account with ZANACO saying her money is no longer safe at ZANACO.

“This Bank is irresponsible with our money. How do they allow someone to access their system and start sending us messages regarding an update which we didn’t ask for and they turn around to say there is nothing we can do? This is so sickening and I am closing my Xapit and my fixed deposit with this bank immediately.”

57 COMMENTS

  1. Another theft in Zambia.

    Land of thieves. The place where thieves get jobs in governments, and get promoted.

    Everyone in Zambia wants to be like Lungu.

    They all want to be thieves.

    God save us please. I do not know why he has forsaken Zambia.

    • @IndigoTyrol; Not everything is about politics. Data breaches happen all over the world even with the biggest and most trusted institutions; it’s not a Zambian government thing. American banks have learned huge lessons after losing billions of dollars through data breaches and now very diligent in educating consumers on how to spot fraudulent electronic communications!

    • Please dont state “that thousands lose savings” this is false …you should be worried about personal details (data) than anything as bank’s clients funds are insuranced its not like money is just sitting there in a vault. This is why people use banks ….

    • In fact even if the clients were fooolish enough to give their pin…the false still lays with the bank for not securing clients details!!

    • MONEY IS KEPT IN BANKS FOR SAFE KEEPING. IF IT IS STOLEN IN THE BANK THEN THE BANK SHOULD REIMBURSE. SIMPLE LOGIC.

    • It is highly possible to think that this happened as a result of a data breach without inside help. But again you have to think about who the possible culprits are. 99.9% chances are that foreign hacking entities must be ruled out as they would not benefit by stealing a few million kwacha. These guys hack systems where they steal or demand over 100millioms of dollars or pound.
      I m tempeted to think that what Lungu said about corruption being “ubomba mwibala alila mwibala” is beginning to bear fruit for real.
      Forget data breaches for a moment and take a look at the cultural norms being exhibited by Lungu and his PF. One can not help it but think that in Zambia hard honest rewards you with perpetual poverty while corruption and theft rewards you with riches without having to account…

    • CONT;
      One can not help it but think that in Zambia hard honest rewards you with perpetual poverty while corruption and theft rewards you with riches without having to account how you acquired them.

      People are thinking its okay to steal and when caught and jailed, become a PF supporter so that Lungu pardons you on 24 October.

      This rampant theft of money is highly inspired by President Chagwa Lungu.

    • A pin is yo underwear it is yos n cannot be shared with anyone i wonder how we succum so easily to 419 cybers shibukeni mwebantu

    • 1.2 JayJay, don’t tell lies on exhibit ignorance. It is not all bank deposits that have insurance. It depends on the regulatory regime in place. Zambia, similar to many African countries, including South Africa, does not have deposit insurance in place!!

  2. THE CUSTOMER IS ALSO AT FAULT…..HOW CAN YOU GIVE YOUR PIN TO ANYONE.
    NEVER SHARE PINS WITH YOUR SPOUSE ,FAMILY MEMBER OR EVEN YOUR BANK.

    • Zambians are docile…these things are new to them these were part of 419 Nigeria scams of 20 years ago in UK…banks also emphasis that they will never ask you for pin number or secruity details on the phone/email/text

    • You started well, ended badly. You don’t just ever give your PIN even to your bank Manager.

    • Not even Zanaco Branch bwana. The bank will never ever ask you for your pin – never! By the way not even your better half. Your pin is your pin no third parties – ask ZICTA! Of course there is nothing the bank can do in this case because its all their fault to give away their account to anyone!

    • Zanaco was suppose to educate t
      customers and well , about their e app when they just introduced it. Send SMS, educating customers that one can get money at an ATM through this app by just puting in your mobile number used with XAPIT on a certain tabulate of this template, then an SMS of ODP is sent to that number.
      But , now, if you send them that CODE_the fraudsters_they use it at the ATMs

  3. I do share my ATM and PIN with my wife and I have had no problems for the past 15 years. It just depends on the caliber of the person you have taken to be your wife.

    • Zambians are so trusting… I have friends entrusted relatives in the UK with pin who have these Zanaco accounts who leave their cards here for them to withdraw money from their account rather than wire funds via western union as its cheaper….when buying goods in the UK.

    • @Popolyongo
      Exactly my point. It depends on the type and caliber of one’s spouse and even some family members especially your children and how you relate with them. My spouse and our daughters know my PIN for my bank cards, and for a very long time now, I have been giving them my cards to conduct bank transactions. I have never had a problem.

    • James
      That’s very true. I have also shared it with my daughter and she usually does bank transactions on my behalf and I have had no issue. Maybe a relative I would not entrust but it depends how you have brought up your kids.

    • Don’t give your PIN to anyone PIN means Personal Identification Number this is your personal number not to be shared with anyone not even the Bank

  4. All this is dues to lack Information Security Awareness among the Zanaco customers and the General public at large in Zed. A BANK will NEVER call you and ask for your PIN or any other personal information.
    ZICTA must move in and investigate. If the ZANACO is to blame for the breach/fraud then all customers who have lost their saving should be compensated.

    • But in this case its the banks responsibility to secure clients data ….that caused this theft…I hope ZANACO will not cheat its clients and not cough up and replace the monies!!

  5. Banks should improve in conditions of services for its internal clients(employees). Most of bank tellers ‘salaries are very minimal and yet they handle a lot of cash. Managers are the ones who get a bigger chunk of money at the expense of workers who toil. This fraud cannot be erased if people who toil are not appreciated. Most of these bank tellers are degree holders who put in the best for these banks to survive. But their take for home is very minimal. Let the conditions of services in these banks be harmonized to avoid corrupt activities in these banks. A feasibility study should be conducted to find out why fraud has been rife in banks. Most of these managers do not care about their employees. They have better conditions such as week end allowances which add no value at all.

  6. Wht do u expect whn those leading the country are jst after riching themselves, so they follow suit.

  7. When did BOZ Deputy Governor launch this National Financial Switch? Is this system safe? we were better off with Visa Electron of the UK. Nigerians will penetrate our system and get all our money. stop using atm/debit cards in Zambia. You will lose all your hard earned cash

  8. Ha!! You people still keep money in Commercial Banks, Kwena you are backward.
    I keep my money with a Village Bank where we have no restrictions, I can withdraw K100000 cashwithout questions!!

  9. Be careful people. As the world advances technologically and so are fraudsters. You should have confirmed with the Bank about the ‘upgrade’. Too bad!

  10. This is a useless bank. Introducing products which are being hacked? They will have to pay back the customers especially those who didn’t give away their pin

    • Banks in Zambia are slow to invest as they are greedy …they want to continue to rip you off whilst offering yesterdays technology

    • baMoonga evstemen if you look at the Natsave bank which is the last Zambian owned bank’s network and system, you can not hack into it. This was definitely an inside job! It is another Pamela or Imenda story!!!!!!!!!

  11. Ignorance is a curse indeed. Just wondering how some people are bringing in politics and zanaco into this. Please banks have always warned people never to submit their PINs to anyone whether request appears to have come from the bank. I can and will never sympathize with people who submitted their PINs and lost money. Let me know if you lost money even after refusing to submit your PIN. We all see on Facebook and through smss where fraudsters request for details including PINs but we ignore and each time we ask zanaco about such requests they just tell us to never attend to such but visit the nearest branch for any clarification but it looks like some people technology has failed them. For me I am waiting to loose my money even without responding to foolish requests from thiefs, then my…

  12. Its sad to read about this especially that almost all ZANACO branches have their branch adverts stating that customers should not share their pin with anyone. I also got a call but went to the branch to confirm and was told it’s false..There is need to move away from being relaxed about sharing bank details especially with the digital movement happening.. it gives banks the power to not refund when fraud is due to customer negligence..

    • Educator – even this day and age surely did you have to drive to your branch to confirm this…these scams just further proves that SIM registration no matter which pictures the take is a waste of time!!

  13. Mmmh sad development… Though as much as as Zanaco should tighten their security system, I blame those customers. Zanaco always sends out smses advising it’s customers that no one should share their PIN as it does not at any point request such info from it’s customers… So Kaya mwandi

  14. A customer is always advised never to share there PIN with anyone,so I don’t understand how these customers would give there PIN to someone that calls them randomly.The bank even goes as far as to send messages to all its customers not to share there PIN with anyone…this story is rather suspicious because a xapit account can only hold a maximum of 5,000 so that person talking about k35,000 in their xapit account has to get there story checked..

  15. What is it to be a Zambian? Uninsured,a property,tool name it!Intermaket , Finance,African and so on… Academy of African Thought.

  16. Banks always advise us not to share our pins even to bank staff you can see on a desk, so why should u share it with some ***** u have not even seen with yo naked eye????? Same with zoona, airtel etc. They always emphasize on that…

  17. I thought XAPIT had a limit of less than K10,000. Now the story of missing or stolen K35,000. Really????
    Disaster!!!!

  18. Do we have robots running the bank cause this issue should have been detected morever,how did it happen was the money Physically withdrawn on ATM counter or transferred into some accounts.

  19. I lost trust in Xapit 10 years ago. I began losing monies. Then Wham! One day I found a ZMK10,000,000 [Approx ZMW10, 000 rebased]. I thought to myself maybe they finally did a Reconciliation and that’s what was owed me, No sooner had I noticed this balance than I withdrew the money. I have never been called no have I ever used that account again.

  20. Zanaco is just rotten, I hv lost almost 5000 kwacha through their system of POS, investigations pathetic and slow,,,
    Iam fade up of it..

  21. The same *****s from the bank they are behind all these theft they r the ones giving data to fraudsters friends

  22. When fraud of this nature happens, it’s the Banks responsibility to investigate thoroughly where their systems broke in protecting client money. In this regard the Bank in all instances refund the customers account in full. The only time that the bank may not be held responsible in similar instances is upon the fraud being discovered they immediately notify all customers via emails, text messages and Public media not to share any of their bank details with anyone as it is fraudulent. If the client shares their details and it is proven that they had in fact received the bank warnings long before they did then customer must pursue with police .
    People must learn their rights and not just accept what they are told

  23. Surrender your pin naiwe u send just like that ummm…. June 17 text from ZANACO ”ZANACO does not request for your mobile pin via facebook or watsapp or any link. Contact 5000 for any queries” Making a call to 5000 just to verify could have been helpful, we are all aware of the frequent money scams on the rise, let us be a little more cautious.

  24. THERE WAS A BREACH OF CLIENTS DATA.Regardless of clients giving away their PIN codes the Bank is suppose to ensure that the customer information s not “stolen”
    Please read in today’s BBC news of British Airways being sued for more than one Hundred Million Pounds for clients data breach.If we don’t take responsibility by taking the Bank to task this is bound to happen again.Remember that even the mobile phone service providers have our personal data which may be stolen and used for even worse things!!!!WAKE UP ZAMBIA.Time for idle talk/useless criticisms/shallow political analyses must go please!

Comments are closed.

Read more

Local News

Discover more from Lusaka Times-Zambia's Leading Online News Site - LusakaTimes.com

Subscribe now to keep reading and get access to the full archive.

Continue reading