A suspected flaw in MPesa
Hi, I had an interesting experience with MPesa on Saturday when I received a payment received notification with a deadline message as would happen with an unregistered recipient yet I am a registered user. My registered account did not register the transaction at all which was interesting. Being a law abiding citizen and client I called customer service, the person I spoke to as usual went off script to ask me all kinds of irrelevant questions such as do I have a dual SIM phone, was I expecting money from the person and when was my last transaction all of which are questions that do not assist in resolving my question. I sometimes wonder why I actual take the trouble yet all I should have done was gone to an mpesa agent and withdrew the money. As in the case of funds wrongly credited to a bank account I would have paid back the amount at my own rate. The error in this case was equivalent to me picking cash from the floor of the supermarket. I noted that the transaction has been reversed this morning still and the message still assumes that I am an unregistered recipient. It is my hope that Safaricom's technical team have identified and sealed the hole as its exploitation will open them up to money laundering charges. Robert Yawe KAY System Technologies Ltd Phoenix House, 6th Floor P O Box 55806 Nairobi, 00200 Kenya Tel: +254722511225, +254202010696
Hi Robert, Assuming it was the sender of the cash reporting the way you did ( a wrong funds transfer), the other party on the other end would have gleefully withdrawn the cash before you could spell MPesa backwards as the telecon cross-examination rolled on nonstop.. Maybe the Telcos need to review how they can quickly & concisely ask the right questions & press the pause button on the transaction, on verifying authenticity. Perhaps a small "negligence" fee can be levied where applicable.. On the other hand, I suppose it's worthwhile for subscribers to migrate to the new generation SIM cards that allows you to choose from your contact list whom you wish to wire funds. This immensely limits such mistakes. Harry _____ From: kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke] On Behalf Of robert yawe Sent: Monday, August 15, 2011 11:27 AM To: harry@comtelsys.co.ke Cc: KICTAnet ICT Policy Discussions Subject: [kictanet] A suspected flaw in MPesa Hi, I had an interesting experience with MPesa on Saturday when I received a payment received notification with a deadline message as would happen with an unregistered recipient yet I am a registered user. My registered account did not register the transaction at all which was interesting. Being a law abiding citizen and client I called customer service, the person I spoke to as usual went off script to ask me all kinds of irrelevant questions such as do I have a dual SIM phone, was I expecting money from the person and when was my last transaction all of which are questions that do not assist in resolving my question. I sometimes wonder why I actual take the trouble yet all I should have done was gone to an mpesa agent and withdrew the money. As in the case of funds wrongly credited to a bank account I would have paid back the amount at my own rate. The error in this case was equivalent to me picking cash from the floor of the supermarket. I noted that the transaction has been reversed this morning still and the message still assumes that I am an unregistered recipient. It is my hope that Safaricom's technical team have identified and sealed the hole as its exploitation will open them up to money laundering charges. Robert Yawe KAY System Technologies Ltd Phoenix House, 6th Floor P O Box 55806 Nairobi, 00200 Kenya Tel: +254722511225, +254202010696
participants (2)
-
Harry Delano -
robert yawe