Software Engineer’s Actions Expose NCBA Bank to KSh 58 Million Mobile Banking Fraud
Quote from Lawyer on June 20, 2025, 11:01 amA contracted software developer, Evans Harry Nandwa, has been detained in connection with a KSh 57.5 million fraud at NCBA Bank Rwanda, raising serious concerns about vulnerabilities in mobile banking systems across the region. The incident, which has sent shockwaves through the financial sector, highlights the risks of insider threats and the critical need for robust cybersecurity measures in digital banking platforms.
Evans Harry Nandwa, a tech contractor hired to upgrade NCBA Bank’s mobile banking system, is accused of manipulating the system’s code to facilitate fraudulent transactions. According to court documents, Nandwa allegedly altered the mobile banking platform to allow unauthorized access to customer accounts, enabling the siphoning of Kshs 57.5 million. The fraud was reportedly executed between January and July 2022, with the stolen funds channeled through a complex network of transactions, including the exploitation of NCBA’s mobile overdraft facility, Fuliza.
Authorities claim that Nandwa’s modifications to the mobile banking system created vulnerabilities that allowed fraudsters to bypass security protocols. This enabled the creation of fake accounts and the manipulation of transaction records, resulting in significant financial losses for the bank. The scale of the fraud was uncovered after an internal audit flagged irregularities in the mobile banking system, prompting a swift investigation by NCBA and law enforcement.
This incident is not an isolated case for NCBA. In 2023, eight individuals were charged with stealing Kshs 449.6 million from the bank through Fuliza, using a network of SIM cards and Safaricom registering machines to perpetrate the fraud. The recurrence of such incidents underscores the growing sophistication of cybercriminals targeting mobile banking platforms, which have become a cornerstone of financial services in East Africa.
NCBA, a leading financial institution in Kenya with subsidiaries across the continent, has invested heavily in digital banking through its LOOP DFS subsidiary. The bank’s mobile app, NCBA NOW, offers features like secure payment options, unit trust account management, and real-time forex trading. However, user feedback has highlighted persistent issues with the app, including logout functionality problems and delays in transaction updates, which may indicate underlying system vulnerabilities.
NCBA Bank has emphasized its commitment to cybersecurity, stating that it employs “state-of-the-art industry-proven security technologies” to protect customer data. The bank has advised customers to take proactive steps to safeguard their accounts, such as using strong passwords, enabling multi-factor authentication, and avoiding suspicious links or phishing emails. NCBA has also urged customers to report any fraudulent activity immediately to its contact center at +254 20 2884444 or via email at contact@ncbagroup.com.
In response to the recent fraud, NCBA issued a statement acknowledging the incident and assuring customers that it is working closely with authorities to investigate and prevent further breaches. The bank has also implemented additional monitoring and security enhancements to its mobile banking platform to address the vulnerabilities exposed by Nandwa’s actions.
The NCBA fraud case highlights the growing threat of insider attacks in the financial sector, where trusted employees or contractors can exploit their access to sensitive systems. Cybersecurity experts warn that as mobile banking adoption surges in Africa, where NCBA serves over 60 million customers, banks must invest in advanced fraud detection tools, such as AI-driven anomaly detection and mobile app shielding with runtime protection.
According to a 2023 report by Sopra Steria, AI-based solutions can identify unusual patterns in transaction data, helping banks detect fraud in real time. However, cybercriminals are also leveraging AI to create sophisticated phishing scams and voice-cloning attacks, making it a double-edged sword in the fight against fraud. In 2023 alone, global digital payment fraud schemes resulted in projected losses of $485.6 billion, underscoring the scale of the challenge.
Evans Harry Nandwa was detained following his appearance in a Nairobi court, where he faces charges of theft, conspiracy to commit fraud, and unauthorized access to a computer system. The prosecution has opposed his release on bail, citing the significant amount involved and the potential for further tampering with evidence. The case is ongoing, with investigators seeking to uncover whether Nandwa acted alone or as part of a larger criminal network.
NCBA Bank has pledged to cooperate fully with the authorities and is conducting a comprehensive review of its vendor and contractor vetting processes. The bank is also expected to roll out a harmonized mobile banking app to address some of the technical issues reported by users, which could help restore confidence in its digital platforms.
Advice for Customers
NCBA customers are urged to remain vigilant and adopt best practices to protect their accounts:
Secure Your Device: Use strong passcodes, enable biometric authentication (fingerprint or facial recognition), and keep your phone’s operating system updated.
Beware of Phishing: Avoid clicking on links in unsolicited emails or messages claiming to be from NCBA. The bank will never request personal or financial information via email.
Monitor Your Account: Regularly check your account statements and report any suspicious transactions immediately to NCBA’s fraud hotline at 0800722626.
Update Credentials: If you suspect your account has been compromised, change your login credentials and contact the bank to freeze affected accounts.
The Kshs 58 million fraud at NCBA Bank serves as a stark reminder of the vulnerabilities in mobile banking systems and the devastating impact of insider threats. As digital banking continues to dominate financial services in Africa, banks like NCBA must prioritize cybersecurity investments and rigorous oversight of their systems to protect customers and maintain trust. For now, the financial sector awaits further developments in the case, as authorities work to bring those responsible to justice and prevent future breaches.
A contracted software developer, Evans Harry Nandwa, has been detained in connection with a KSh 57.5 million fraud at NCBA Bank Rwanda, raising serious concerns about vulnerabilities in mobile banking systems across the region. The incident, which has sent shockwaves through the financial sector, highlights the risks of insider threats and the critical need for robust cybersecurity measures in digital banking platforms.
Evans Harry Nandwa, a tech contractor hired to upgrade NCBA Bank’s mobile banking system, is accused of manipulating the system’s code to facilitate fraudulent transactions. According to court documents, Nandwa allegedly altered the mobile banking platform to allow unauthorized access to customer accounts, enabling the siphoning of Kshs 57.5 million. The fraud was reportedly executed between January and July 2022, with the stolen funds channeled through a complex network of transactions, including the exploitation of NCBA’s mobile overdraft facility, Fuliza.
Authorities claim that Nandwa’s modifications to the mobile banking system created vulnerabilities that allowed fraudsters to bypass security protocols. This enabled the creation of fake accounts and the manipulation of transaction records, resulting in significant financial losses for the bank. The scale of the fraud was uncovered after an internal audit flagged irregularities in the mobile banking system, prompting a swift investigation by NCBA and law enforcement.
This incident is not an isolated case for NCBA. In 2023, eight individuals were charged with stealing Kshs 449.6 million from the bank through Fuliza, using a network of SIM cards and Safaricom registering machines to perpetrate the fraud. The recurrence of such incidents underscores the growing sophistication of cybercriminals targeting mobile banking platforms, which have become a cornerstone of financial services in East Africa.
NCBA, a leading financial institution in Kenya with subsidiaries across the continent, has invested heavily in digital banking through its LOOP DFS subsidiary. The bank’s mobile app, NCBA NOW, offers features like secure payment options, unit trust account management, and real-time forex trading. However, user feedback has highlighted persistent issues with the app, including logout functionality problems and delays in transaction updates, which may indicate underlying system vulnerabilities.
NCBA Bank has emphasized its commitment to cybersecurity, stating that it employs “state-of-the-art industry-proven security technologies” to protect customer data. The bank has advised customers to take proactive steps to safeguard their accounts, such as using strong passwords, enabling multi-factor authentication, and avoiding suspicious links or phishing emails. NCBA has also urged customers to report any fraudulent activity immediately to its contact center at +254 20 2884444 or via email at contact@ncbagroup.com.
In response to the recent fraud, NCBA issued a statement acknowledging the incident and assuring customers that it is working closely with authorities to investigate and prevent further breaches. The bank has also implemented additional monitoring and security enhancements to its mobile banking platform to address the vulnerabilities exposed by Nandwa’s actions.
The NCBA fraud case highlights the growing threat of insider attacks in the financial sector, where trusted employees or contractors can exploit their access to sensitive systems. Cybersecurity experts warn that as mobile banking adoption surges in Africa, where NCBA serves over 60 million customers, banks must invest in advanced fraud detection tools, such as AI-driven anomaly detection and mobile app shielding with runtime protection.
According to a 2023 report by Sopra Steria, AI-based solutions can identify unusual patterns in transaction data, helping banks detect fraud in real time. However, cybercriminals are also leveraging AI to create sophisticated phishing scams and voice-cloning attacks, making it a double-edged sword in the fight against fraud. In 2023 alone, global digital payment fraud schemes resulted in projected losses of $485.6 billion, underscoring the scale of the challenge.
Evans Harry Nandwa was detained following his appearance in a Nairobi court, where he faces charges of theft, conspiracy to commit fraud, and unauthorized access to a computer system. The prosecution has opposed his release on bail, citing the significant amount involved and the potential for further tampering with evidence. The case is ongoing, with investigators seeking to uncover whether Nandwa acted alone or as part of a larger criminal network.
NCBA Bank has pledged to cooperate fully with the authorities and is conducting a comprehensive review of its vendor and contractor vetting processes. The bank is also expected to roll out a harmonized mobile banking app to address some of the technical issues reported by users, which could help restore confidence in its digital platforms.
Advice for Customers
NCBA customers are urged to remain vigilant and adopt best practices to protect their accounts:
-
Secure Your Device: Use strong passcodes, enable biometric authentication (fingerprint or facial recognition), and keep your phone’s operating system updated.
-
Beware of Phishing: Avoid clicking on links in unsolicited emails or messages claiming to be from NCBA. The bank will never request personal or financial information via email.
-
Monitor Your Account: Regularly check your account statements and report any suspicious transactions immediately to NCBA’s fraud hotline at 0800722626.
-
Update Credentials: If you suspect your account has been compromised, change your login credentials and contact the bank to freeze affected accounts.
The Kshs 58 million fraud at NCBA Bank serves as a stark reminder of the vulnerabilities in mobile banking systems and the devastating impact of insider threats. As digital banking continues to dominate financial services in Africa, banks like NCBA must prioritize cybersecurity investments and rigorous oversight of their systems to protect customers and maintain trust. For now, the financial sector awaits further developments in the case, as authorities work to bring those responsible to justice and prevent future breaches.