Flutterwave, a prominent payment service provider, has encountered another setback as unauthorized individuals diverted billions of naira in a recent security breach. This incident comes just a month after the company sought legal action to recover $24 million from unauthorized point-of-sale (POS) transactions.
Insiders reveal that in April 2024, an estimated ₦11 billion ($7 million) was illicitly transferred to various bank accounts. Although Flutterwave did not disclose the exact figure, they reassured that customer funds remained secure.
The breach involved transferring funds to multiple accounts across different financial institutions over four days, evading detection by keeping deposits below fraud check thresholds. Law enforcement has been alerted, and investigations are underway.
This breach differs from previous incidents where funds were routed through hundreds of unsuspecting users’ accounts. Instead, an organized network may have been involved, utilizing a closed-loop system to transfer funds among interconnected accounts.
This marks the fourth reported incident of unauthorized transfers at Flutterwave in the past fourteen months. Despite these challenges, identifying account owners involved in the breach may be facilitated by recent regulatory measures mandating bank verification numbers (BVN) or national identification numbers (NIN) for all customers.
Flutterwave’s recourse includes leveraging court-issued Mareva injunctions to recover funds from identified account holders, even if the funds have been spent, utilizing KYC details provided by financial institutions
