wazua Sat, Dec 21, 2024
Welcome Guest Search | Active Topics | Log In | Register

Vendors that defraud banks-Software Universe
stoner
#1 Posted : Monday, November 20, 2017 10:29:56 AM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
SOFTWARE UNIVERSE-A MOBILE BANKING SERVICE PROVIDER THAT HACKS AND DEFRAUDS ITS BANKING CLIENTS

Software Universe http://www.softwareuniverse.co.ke/ is a mobile banking service provider that defrauds its banking clients.This firm has deployed its mobile banking service platform called WAP-TX for a number of banks from tier 1 to tier 3 banks.Unfortunately some of the organization's current and former staff have been running a fraud syndicate there they have been pilfering money from these banks via their mobile banking platform for several years.They have at defrauded at least 5 banks.Due to reputation risk,the said banks choose not to publicize the frauds but some opt to quietly terminate their contract with Software Universe and employ a new mobile banking vendor.Some banks still retain the vendor even after being defrauded.Since no defrauded bank pursues and prosecutes the vendor and fraudsters,the thieves operate with impunity and have stolen from banks repeatedly.Some of the fraudsters names are Dima Odhiambo,Wilson Wamutte and Stanford Momanyi and their photos are attached.Lets expose and shame them

Swenani
#2 Posted : Monday, November 20, 2017 11:26:36 AM
Rank: User


Joined: 8/15/2013
Posts: 13,237
Location: Vacuum
stoner wrote:
SOFTWARE UNIVERSE-A MOBILE BANKING SERVICE PROVIDER THAT HACKS AND DEFRAUDS ITS BANKING CLIENTS

Software Universe http://www.softwareuniverse.co.ke/ is a mobile banking service provider that defrauds its banking clients.This firm has deployed its mobile banking service platform called WAP-TX for a number of banks from tier 1 to tier 3 banks.Unfortunately some of the organization's current and former staff have been running a fraud syndicate there they have been pilfering money from these banks via their mobile banking platform for several years.They have at defrauded at least 5 banks.Due to reputation risk,the said banks choose not to publicize the frauds but some opt to quietly terminate their contract with Software Universe and employ a new mobile banking vendor.Some banks still retain the vendor even after being defrauded.Since no defrauded bank pursues and prosecutes the vendor and fraudsters,the thieves operate with impunity and have stolen from banks repeatedly.Some of the fraudsters names are Dima Odhiambo,Wilson Wamutte and Stanford Momanyi and their photos are attached.Lets expose and shame them



I believe you because of your one post on wazua
If Obiero did it, Who Am I?
stoner
#3 Posted : Thursday, November 30, 2017 8:45:19 AM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
stoner wrote:
SOFTWARE UNIVERSE-A MOBILE BANKING SERVICE PROVIDER THAT HACKS AND DEFRAUDS ITS BANKING CLIENTS

Software Universe http://www.softwareuniverse.co.ke/ is a mobile banking service provider that defrauds its banking clients.This firm has deployed its mobile banking service platform called WAP-TX for a number of banks from tier 1 to tier 3 banks.Unfortunately some of the organization's current and former staff have been running a fraud syndicate there they have been pilfering money from these banks via their mobile banking platform for several years.They have at defrauded at least 5 banks.Due to reputation risk,the said banks choose not to publicize the frauds but some opt to quietly terminate their contract with Software Universe and employ a new mobile banking vendor.Some banks still retain the vendor even after being defrauded.Since no defrauded bank pursues and prosecutes the vendor and fraudsters,the thieves operate with impunity and have stolen from banks repeatedly.Some of the fraudsters names are Dima Odhiambo,Wilson Wamutte and Stanford Momanyi and their photos are attached.Lets expose and shame them



This dubious vendor has become very skilled in bribing IT Heads and internal fraud investigators of the banks he has defrauded not to prosecute
him and his fraudsters.Banks report these frauds to Banking Fraud Investgation Unit where these cops are also greased to conduct shody,incomplete
probes that never implicate the vendor but are just as a formality to get insurance compensation.Thus the vendor and his fraudsters are never made accountable
for their crimes and operate with impunity to defraud again and again.Some banks have even been defrauded more than once by the same vendor with no action taken against them.

Some of the banks that have been pilfered include Family Bank,Housing Finance and Trans-National Bank.
majimaji
#4 Posted : Thursday, November 30, 2017 10:22:52 AM
Rank: Veteran


Joined: 4/4/2007
Posts: 1,162
stoner wrote:
stoner wrote:
SOFTWARE UNIVERSE-A MOBILE BANKING SERVICE PROVIDER THAT HACKS AND DEFRAUDS ITS BANKING CLIENTS

Software Universe http://www.softwareuniverse.co.ke/ is a mobile banking service provider that defrauds its banking clients.This firm has deployed its mobile banking service platform called WAP-TX for a number of banks from tier 1 to tier 3 banks.Unfortunately some of the organization's current and former staff have been running a fraud syndicate there they have been pilfering money from these banks via their mobile banking platform for several years.They have at defrauded at least 5 banks.Due to reputation risk,the said banks choose not to publicize the frauds but some opt to quietly terminate their contract with Software Universe and employ a new mobile banking vendor.Some banks still retain the vendor even after being defrauded.Since no defrauded bank pursues and prosecutes the vendor and fraudsters,the thieves operate with impunity and have stolen from banks repeatedly.Some of the fraudsters names are Dima Odhiambo,Wilson Wamutte and Stanford Momanyi and their photos are attached.Lets expose and shame them



This dubious vendor has become very skilled in bribing IT Heads and internal fraud investigators of the banks he has defrauded not to prosecute
him and his fraudsters.Banks report these frauds to Banking Fraud Investgation Unit where these cops are also greased to conduct shody,incomplete
probes that never implicate the vendor but are just as a formality to get insurance compensation.Thus the vendor and his fraudsters are never made accountable
for their crimes and operate with impunity to defraud again and again.Some banks have even been defrauded more than once by the same vendor with no action taken against them.

Some of the banks that have been pilfered include Family Bank,Housing Finance and Trans-National Bank.



This is where you make disclosure about yourself, like how you came across this info and if you are one of the players
stoner
#5 Posted : Monday, December 04, 2017 9:21:57 AM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
These criminals take advantage that their underlying program source code is encrypted and proprietary to program loopholes into their system that internal IT staff of banks have no access to and cannot detect.They select the least busiest time of the week ie Sunday midnight when few or no IT staff are in banks to carry out their heist.Their preferred method is to use the Mobile App platform that they set up for banks whereby using their malicious code they masquerade as genuine customers and perform mass Bank to M-Pesa transfers from several high net worth accounts into their M-Pesa accounts and pilfer millions of shillings in a single hacking attack.
doubletap
#6 Posted : Tuesday, December 12, 2017 1:00:48 AM
Rank: Member


Joined: 7/17/2014
Posts: 132
Location: Wherethewindblows
stoner wrote:
These criminals take advantage that their underlying program source code is encrypted and proprietary to program loopholes into their system that internal IT staff of banks have no access to and cannot detect.They select the least busiest time of the week ie Sunday midnight when few or no IT staff are in banks to carry out their heist.Their preferred method is to use the Mobile App platform that they set up for banks whereby using their malicious code they masquerade as genuine customers and perform mass Bank to M-Pesa transfers from several high net worth accounts into their M-Pesa accounts and pilfer millions of shillings in a single hacking attack.



Am no expert but would assume the back-end was never secure [the banks database] which was the work of the bank to make secure with passwords and codes that when a client connects it authenticates the client. Encryption is good so man in the middle cannot see what passwords and codes are being passed around and therefore ensuring the safety of the client. Anyway think the banks are to blame if this did happen whatever software/ app that was being used was too rudimentary.

Looking forward into the future maybe an independent testing company should check such apps and really see what they are up to before being set up for use. A rubber stamp of clean working code...
You have to learn the rules of the game. And then you have to play better than anyone else - Albert Einstein
stoner
#7 Posted : Wednesday, December 20, 2017 1:40:50 PM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
doubletap wrote:
stoner wrote:
These criminals take advantage that their underlying program source code is encrypted and proprietary to program loopholes into their system that internal IT staff of banks have no access to and cannot detect.They select the least busiest time of the week ie Sunday midnight when few or no IT staff are in banks to carry out their heist.Their preferred method is to use the Mobile App platform that they set up for banks whereby using their malicious code they masquerade as genuine customers and perform mass Bank to M-Pesa transfers from several high net worth accounts into their M-Pesa accounts and pilfer millions of shillings in a single hacking attack.



Am no expert but would assume the back-end was never secure [the banks database] which was the work of the bank to make secure with passwords and codes that when a client connects it authenticates the client. Encryption is good so man in the middle cannot see what passwords and codes are being passed around and therefore ensuring the safety of the client. Anyway think the banks are to blame if this did happen whatever software/ app that was being used was too rudimentary.

Looking forward into the future maybe an independent testing company should check such apps and really see what they are up to before being set up for use. A rubber stamp of clean working code...


The frauds are not being done at database level where database is already secured with a password that the vendor isnt aware of.The frauds are being committed at application level where the vendor has conveniently encrypted his application code to conceal it from scrutiny from the banks IT staff and any other parties by claiming the programs are proprietary and should not be reviewed by other stakeholders.Its common acceptable practice for vendors to encrypt their programs as they are proprietary eg you dont have access to underlying code of Microsoft Windows Operating System. Also,even if the code was made available,the programs constitute thousands of lines of code thus its quite impossible of internal IT staff to review each code line to assess what is malicious from what is genuine not unless you developed the system.From the encrypted application code,the vendors are able to easily introduce malicious code that other stakeholders cannot detect and thus defraud banks at their pleasure hence the vendor doesnt need to have direct access to the database to perform their heists.In fact the fraudsters dont even need to be at the banks premises to undertake their vice.Through the mobile app deployment at their premises the vendor uses the connectivity between the bank and his premises to pilfer money.
shocks
#8 Posted : Wednesday, December 20, 2017 9:27:13 PM
Rank: Member


Joined: 3/15/2009
Posts: 359
Smells like a hit job, time will tell!
Angelica _ann
#9 Posted : Wednesday, December 20, 2017 11:45:13 PM
Rank: Elder


Joined: 12/7/2012
Posts: 11,908
stoner wrote:
doubletap wrote:
stoner wrote:
These criminals take advantage that their underlying program source code is encrypted and proprietary to program loopholes into their system that internal IT staff of banks have no access to and cannot detect.They select the least busiest time of the week ie Sunday midnight when few or no IT staff are in banks to carry out their heist.Their preferred method is to use the Mobile App platform that they set up for banks whereby using their malicious code they masquerade as genuine customers and perform mass Bank to M-Pesa transfers from several high net worth accounts into their M-Pesa accounts and pilfer millions of shillings in a single hacking attack.



Am no expert but would assume the back-end was never secure [the banks database] which was the work of the bank to make secure with passwords and codes that when a client connects it authenticates the client. Encryption is good so man in the middle cannot see what passwords and codes are being passed around and therefore ensuring the safety of the client. Anyway think the banks are to blame if this did happen whatever software/ app that was being used was too rudimentary.

Looking forward into the future maybe an independent testing company should check such apps and really see what they are up to before being set up for use. A rubber stamp of clean working code...


The frauds are not being done at database level where database is already secured with a password that the vendor isnt aware of.The frauds are being committed at application level where the vendor has conveniently encrypted his application code to conceal it from scrutiny from the banks IT staff and any other parties by claiming the programs are proprietary and should not be reviewed by other stakeholders.Its common acceptable practice for vendors to encrypt their programs as they are proprietary eg you dont have access to underlying code of Microsoft Windows Operating System. Also,even if the code was made available,the programs constitute thousands of lines of code thus its quite impossible of internal IT staff to review each code line to assess what is malicious from what is genuine not unless you developed the system.From the encrypted application code,the vendors are able to easily introduce malicious code that other stakeholders cannot detect and thus defraud banks at their pleasure hence the vendor doesnt need to have direct access to the database to perform their heists.In fact the fraudsters dont even need to be at the banks premises to undertake their vice.Through the mobile app deployment at their premises the vendor uses the connectivity between the bank and his premises to pilfer money.


Surely you take us to be idiots,?
In the business world, everyone is paid in two coins - cash and experience. Take the experience first; the cash will come later - H Geneen
stoner
#10 Posted : Thursday, December 21, 2017 9:25:33 AM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
Angelica _ann wrote:
stoner wrote:
doubletap wrote:
stoner wrote:
These criminals take advantage that their underlying program source code is encrypted and proprietary to program loopholes into their system that internal IT staff of banks have no access to and cannot detect.They select the least busiest time of the week ie Sunday midnight when few or no IT staff are in banks to carry out their heist.Their preferred method is to use the Mobile App platform that they set up for banks whereby using their malicious code they masquerade as genuine customers and perform mass Bank to M-Pesa transfers from several high net worth accounts into their M-Pesa accounts and pilfer millions of shillings in a single hacking attack.



Am no expert but would assume the back-end was never secure [the banks database] which was the work of the bank to make secure with passwords and codes that when a client connects it authenticates the client. Encryption is good so man in the middle cannot see what passwords and codes are being passed around and therefore ensuring the safety of the client. Anyway think the banks are to blame if this did happen whatever software/ app that was being used was too rudimentary.

Looking forward into the future maybe an independent testing company should check such apps and really see what they are up to before being set up for use. A rubber stamp of clean working code...


The frauds are not being done at database level where database is already secured with a password that the vendor isnt aware of.The frauds are being committed at application level where the vendor has conveniently encrypted his application code to conceal it from scrutiny from the banks IT staff and any other parties by claiming the programs are proprietary and should not be reviewed by other stakeholders.Its common acceptable practice for vendors to encrypt their programs as they are proprietary eg you dont have access to underlying code of Microsoft Windows Operating System. Also,even if the code was made available,the programs constitute thousands of lines of code thus its quite impossible of internal IT staff to review each code line to assess what is malicious from what is genuine not unless you developed the system.From the encrypted application code,the vendors are able to easily introduce malicious code that other stakeholders cannot detect and thus defraud banks at their pleasure hence the vendor doesnt need to have direct access to the database to perform their heists.In fact the fraudsters dont even need to be at the banks premises to undertake their vice.Through the mobile app deployment at their premises the vendor uses the connectivity between the bank and his premises to pilfer money.


Surely you take us to be idiots,?


@Angelica _ann.This is real.All banks that deal with this vendor know how they truly operate.The vendor is very adept in protecting himself whenever a fraud happens by bribing IT heads not to take action against him but claim stolen money from insurance companies.Banks also find it easier to claim compensation from insurance than engage in a long protracted legal battle thus the fraudsters go scot free and believe they have the impunity to defraud again and again.I have felt the need to expose this vice as it simply cannot continue this way.Its unfortunate that 99% of bank frauds go unpublicized but this I shall make it known to all.
stoner
#11 Posted : Thursday, January 04, 2018 5:15:31 PM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
The banks that have been defrauded are also poor performers
stoner
#12 Posted : Monday, April 02, 2018 10:32:09 PM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
Its unfortunate that instead of the banks pursuing the vendor and prosecuting the fraudsters for compensation they sack innocent internal bank staff so as to claim insurance compensation.
stoner
#13 Posted : Thursday, February 28, 2019 1:30:29 PM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
Co-operative Bank,National Bank and Commercial Bank of Africa have also been defrauded by these criminals in prior years
rico14
#14 Posted : Thursday, February 28, 2019 10:32:33 PM
Rank: Hello


Joined: 9/30/2014
Posts: 7
stoner wrote:
Co-operative Bank,National Bank and Commercial Bank of Africa have also been defrauded by these criminals in prior years

How are this poor performers?
stoner
#15 Posted : Thursday, April 16, 2020 7:46:58 AM
Rank: New-farer


Joined: 10/31/2017
Posts: 14
stoner wrote:
SOFTWARE UNIVERSE-A MOBILE BANKING SERVICE PROVIDER THAT HACKS AND DEFRAUDS ITS BANKING CLIENTS

Software Universe http://www.softwareuniverse.co.ke/ is a mobile banking service provider that defrauds its banking clients.This firm has deployed its mobile banking service platform called WAP-TX for a number of banks from tier 1 to tier 3 banks.Unfortunately some of the organization's current and former staff have been running a fraud syndicate there they have been pilfering money from these banks via their mobile banking platform for several years.They have at defrauded at least 5 banks.Due to reputation risk,the said banks choose not to publicize the frauds but some opt to quietly terminate their contract with Software Universe and employ a new mobile banking vendor.Some banks still retain the vendor even after being defrauded.Since no defrauded bank pursues and prosecutes the vendor and fraudsters,the thieves operate with impunity and have stolen from banks repeatedly.Some of the fraudsters names are Dima Odhiambo,Wilson Wamutte and Stanford Momanyi and their photos are attached.Lets expose and shame them



At least Co-op,NBK,Trans-National Bank and Family Bank had the sense to throw out this vendor after the firm defrauded them.

HF Group and the then CBA (now NCBA) still retain this dubious outfit as their mobile banking service provider.Why?Its because one George Njuguna,who was before the Head of IT at CBA and later Chief Information Officer of HF Group protected the vendor from retribution.George now serves as Chief Information Officer at Safaricom.George's picture is as below



Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Copyright © 2024 Wazua.co.ke. All Rights Reserved.