HabariPay, the fintech arm of Guaranty Trust, has started legal proceedings to recover ₦1.1 billion ($1.1 million, exchange rate as at Sept 2023 was ₦923/$1) mistakenly sent to thousands of account holders in 2023. On Wednesday, a federal high court in Lagos approved an application to restrict accounts across more than 40 financial institutions that received these funds.
The fintech lost the money after it mistakenly credited merchants twice. According to court documents, recipients of the double transactions will be contacted and asked to refund the extra funds. “Any other account that benefitted or received the double credit transaction” will also be required to return the money.
While the court documents did not detail how the double credits occurred, one source with direct knowledge said hackers accessed the fintech’s website using a tactic called race conditioning. This method allowed them to trigger simultaneous transactions.
However, at least one person connected to Guaranty Trust claimed the incident occurred due to human error.
Before the court process began, HabariPay had already recovered some of the money by contacting merchants directly. However, the court orders became necessary to compel unresponsive merchants to reverse the extra transactions. Financial institutions need legal authorisation to reverse erroneous payments.
The fintech’s delay in initiating the court process underscores the slow pace of legal proceedings in Nigeria, a challenge for financial institutions that need to recover lost funds quickly.
This incident also draws attention to the rising fraud risk in Nigeria’s financial sector. In the second quarter of 2024, financial institutions in the country lost $25.7 million to fraud, a 1,784.94% increase from the previous quarter.
As HabariPay continues its efforts to recover the lost funds, the fintech industry remains on high alert for similar breaches and threats to security.
