On September 4th, 2020, one of our customers, Funmi Oyatogun, posted a tweet regarding a security incident involving her account with Cowrywise. We would like to share an update on this case and reassure our users of the security of their accounts.
First and foremost, we would like to acknowledge that we highly value our customers and thank everyone for their immense support over the years, as well as to publicly apologize for the time it has taken to get this issue resolved. As of today, we are glad to report we have come to a resolution following the completion of a thorough investigation into the reported incident. The customer now has full value for the sum, recovered from the bank accounts the funds were moved to.
On April 16 and April 23, 2020, funds were transferred out of Funmi’s Cowrywise account without her knowledge. Her correct personal credentials were used to access her account on the two different occasions. Cowrywise sends email alerts to customers for every withdrawal transaction. We also send push notifications to customers who enable this on their phones. This is why we encourage our customers to enable this feature on their phones. Because Funmi didn’t see these emails in her account, we suspect the perpetrator had access to her email account and deleted the notifications to conceal the withdrawals. On April 17th, Funmi made a withdrawal from her Cowrywise account using the same credentials and confirmed the receipt of the withdrawal notification in her email account.
When the incident was brought to our attention on April 27, 2020, we took the necessary steps to resolve it in accordance with Nigerian law. We were required to collaborate with the banks where the transfers were made, and work with the appropriate law enforcement agents to reveal the identities of the intruders before funds could be reconciled. This took a long time. Towards the end of the investigation, we discovered that the two suspects had earlier given reversal mandate for the bank to return the funds after a lien was placed on their accounts since April and May. However, the banks didn’t act nor honour these mandates.
This investigation has now been completed and the total sum of the fund recovered. We have shared all the private details of the outcome with the customer to give her better clarity of what exactly happened and the suspects behind this.
We do, however, acknowledge that throughout the course of this investigation, we failed to keep the customer properly informed of progress as much as we should have, and address her ongoing concerns. As a result of this, we are improving our escalation process on any incident like this to ensure all parties involved are properly carried along and resolutions are reached much quicker.
We would also like to take this opportunity to further educate our users about their overall web security and the safety of their private information. To this end, we have also published a guide which outlines different methods scammers deploy to defraud innocent users on digital platforms generally and how users can avoid these scams to remain safe.
We remain highly committed to the security of our customers, their funds and their information. That commitment is reflected in the multiple security layers we have in place on Cowrywise. To all our users, we appreciate your commitment to Cowrywise, your commitment to pushing us to be a better version of who we were yesterday and for your advocacy in making Cowrywise a company you are proud of.
We empathise with Funmi for being a victim of this unfortunate experience. We thank her for being a Cowrywise advocate and for her patience during the period of resolution. We will always have the back of all our customers. We wish you well.
Thank you for this update,I was beginning to get worried but I kind of have a bit of faith in you guys.
Your customer service is superb
Keep up the good job.
Do they have a physical address, in case
Yes, we do. 5C reverend Ogunbiyi street, Ikeja GRA
1. You need a robust fraud management system to help manage customer’s patterns and behavior.
2. More is to be done to ensure that funds can only be transferred to the customer’s account used when registering or setting up account and extra layer of scrutiny when funds are to be transferred to another recipient.
3. Setup a fraud desk in order build relationship with all banks (this is essential and regulatory)
4. Review your architecture and see where you can seal-up leakages
5. You need to introduce another form of authentication when funds are to be withdrawn.
6. Ensure authentication is done when new card or new account is account is added to a profile.
Oga forget robust issues. Once one gain access to your account, the person will do away with your cash. At leadt cowrywise do send push notifications and the rest. Get your points please
Thank you for the update.
Egbon G-swag!!!
Thank you Cowrywise. As an advocate myself, I was taken aback when I read about Funmi’s experience.
Thankfully, we believe this ugly incident would not repeat itself.
Well done Guys!
Glad it worked out eventually, I am have almost beginning to lose faith.
Thanks for restoring our confidence.
It’s good to know you guys finally resolved the issue but customers need to know if the breach was as a result of her being careless with her login details or your system was accessed through a backdoor to get her login details. Who’s responsible for the breach, cowrywise or funmi?
Not sure you read the message distinctively.
Read bro!
Did you read the article at all?
Glad this came to a positive conclusion, a lot were really worried about this. Cowrywise should take note of the lapses and try as much as they to correct them. I trust your services and im sure it wont happen again
Not sure you read the message distinctively.
Better late than never. Happy you guys learnt vital lessons from this also. Kudos to the Cowrywise support team for the update.
Good job on allaying the concerns of many.
That your tweeter response was not it at all.
This does it.
Also, I support the notion that a more robust authentication is required.
People want to click away easily but when things like this happen, they suddenly expect to have been better secured.
Keep up the good job.
Thank God this has been resolved
Was scared when the tweet came up
Thanks for making us trust you
Good job!
Kudos CowryWise. Well done. I particularly like the fact that you were opened about the whole incident and the steps taken to resolve the issue. More impressing, was owing up on your areas of weakness. For me, this further instills confidence transacting with CowryWise. My advice: Quick resolution of client’s complaints is very key in gaining the confidence of existing customers and winning new ones. Constant improvement of your security checks & mechanism is equally important. Keep sensitizing your clients to remain security conscious so that their login details doesn’t get into the wrong hands as it’s clear that the perpetrator in this case had the correct details of this particular customer.
cowrywise,bravo for the good jobs you are doing, for the customers to receive her money back. please make sure you do more investigation to knowing who is at fault, is it cowrywise or fungi,so that others customers will learn from their mistakes
Fantastic! More authentication process required like Gmail and Yahoo mail does. Trust and faith 🙏 restored
Good to see that this has been resolved, because I was beginning to wonder if I made a good choice moving my money here.
Reading this Article gave me a relief. Thanks guys for seeing this to the end . I was deeply worried wen this trend came up on twitter. But now I can seat back and ride with the company I can trust
Egbon G-swag!!!
Great Job Guys! I am rooting for you all.
Kudo Cowrywise… You did well on how you handle the case… I don’t know why people are blaming Cowrywise on this… Most of the fault is from Funmi… Her email was hacked, not cowrywise fault.. I’m a cowrywise user too… Before someone can withdraw money from your stash.. the person must be able to access your account. Via email and password after then have access to your your transaction pin.. that’s like 2 layer security… if she lost all those.. why is it cowrywise fault that she didn’t secure her email properly.. many of them when they Signup on a platform instead to be careful and read all instructions they will be clicking skip button… Two factor authentication would have help to protect her email if enabled…
The integrity of cowrywise has never been in question to me as an advocate of cowrywise
Thank you for getting it sorted.
My mind don rest for the chinkini money wey I get for cowrywise.
Since I read that tweet my heart be don dey do duduke.
Cowrywise una too much. I hail oh!
I’m glad a resolution was reached upon this issue. And I’m relieved knowing that my funds are in secure hands. Keep up with the good work Cowrywise. Thanks for restoring your good image
Awesome work resolving this in light of everything. Really glad to see how you guys handled it overall. Hope to see more updates
We appreciate your effort Cowrywise
Good job
Cowrywise should look into device authentication.
Also authenticate the withdrawal process and also limit the amount a person can transfer at a time
I know the goal is to be flexible with savings and payment but we are in Nigeria where fraud is high.
Hello Cowrywise,
Your genuine concern is very superb, I could recall back than earlier this year when I had some issues with my account and the Lady that responded to me really took Her time to explain to me like I was a Toddler (LOL). That was so Professional, please keep up with your good and GOD bless every one of you that have been working tirelessly for the growth of the Organisation and its Customers.
I’m so relieved this has been sorted out cos I ve always been an advocate of cowrywise.my friends have started using it cos i convinced them to..I also support the more robust authentication process.
Good thing it’s finally resolved and lessons learnt.
Let’s all ensure we safeguard our banking credentials at all times.
We move
Thank you for this update
I want to to thank yօu fօr thіs wonderful гead!! I certainly enjoyed every ⅼittle bіt of
it. I have got you book-marked to check оut new stuff yоu post?
Wow! After all I got a webpage from where I can in fact get useful data concerning my study and knowledge.
I was trying to put my girlfriend through on how to make transfer. My Account got flagged during the process. I need you guys to fix this problem I please 😞😞😞
Why am I unable to change my mail on Cowrywise?
I can not top up my account, I need help too
I being debited twice from my account today
I did a transfer to my old cowrywise account number I saved on my phone pls help to reverse back to my present account cause you people changed the bank not know it sterling bank I thought is wema