[kictanet] A suspected flaw in MPesa

Harry Delano harry at comtelsys.co.ke
Mon Aug 15 18:17:08 EAT 2011


Hi Robert,
 
Assuming it was the sender of the cash reporting the way you did ( a wrong
funds transfer), the other party
on the other end would have gleefully withdrawn the cash before you could
spell MPesa backwards as the 
telecon cross-examination rolled on nonstop..
 
Maybe the Telcos need to review how they can quickly & concisely ask the
right questions & press the 
pause button on the transaction, on verifying authenticity. Perhaps a small
"negligence" fee can be levied 
where applicable..
 
On the other hand, I suppose it's worthwhile for subscribers to migrate to
the new generation SIM cards 
that allows you to choose from your contact list whom you wish to wire
funds. This immensely limits 
such mistakes.
 
Harry
  _____  

From: kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke
[mailto:kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke] On
Behalf Of robert yawe
Sent: Monday, August 15, 2011 11:27 AM
To: harry at comtelsys.co.ke
Cc: KICTAnet ICT Policy Discussions
Subject: [kictanet] A suspected flaw in MPesa


Hi,

I had an interesting experience with MPesa on Saturday when I received a
payment received notification with a deadline message as would happen with
an unregistered recipient yet I am a registered user.  My registered account
did not register the transaction at all which was interesting.


Being a law abiding citizen and client I called customer service, the person
I spoke to as usual went off script to ask me all kinds of irrelevant
questions such as do I have a dual SIM phone, was I expecting money from the
person and when was my last transaction all of which are questions that do
not assist in resolving my question.


I sometimes wonder why I actual take the trouble yet all I should have done
was gone to an mpesa agent and withdrew the money.  As in the case of funds
wrongly credited to a bank account I would have paid back the amount at my
own rate.  The error in this case was equivalent to me picking cash from the
floor of the supermarket.


I noted that the transaction has been reversed this morning still and the
message still assumes that I am an unregistered recipient.  It is my hope
that Safaricom's technical team have identified and sealed the hole as its
exploitation will open them up to money laundering charges.
 
Robert Yawe
KAY System Technologies Ltd
Phoenix House, 6th Floor
P O Box 55806 Nairobi, 00200
Kenya


Tel: +254722511225, +254202010696 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20110815/8d3e72c2/attachment.htm>


More information about the KICTANet mailing list