The Cyber Crime Unit (CCU) of the Ghana Police Department have said that their investigations into mobile money fraud have led to the arrest of some staff of telcos. They further revealed that some of these staff infiltrate the mobile money database and change PIN numbers, which allowed them to withdraw money from customers’ account. And to some extent, they even change the owners of the line to enable criminals who they have been in cahoot with to make withdrawals, etc.
Now, MTN has come out to say that none of their staff was arrested; neither were any of them involved.
To me, this is a simple issue, because in every serious organisation, the database administrator has access to the database. But, changes to customer details are not allowed to be done at low level (i.e. at database level). In other words, changes to customer details are enforced via a front-end application. These front-end applications keep logs of everything, so it’s easy to trace who changes what.
Even at database level, it is easy to track changes made by DB users. And only very few people have access to the database, so I find it difficult to believe that something like this is happening.