Exclusive: Flutterwave Obtains Court Order to Reclaim $24 Million Lost to Unauthorized POS Transactions

Flutterwave, considered Africa's most valuable startup, has announced plans to contact over 6,000 account holders across 35 banks and financial institutions to recover ₦19 billion (approximately $24 million) that was illegally transferred by POS merchants. This action follows a High Court ruling on February 1.

The decision to recover the funds stems from Flutterwave's discovery in 2023 that certain POS device merchants had abused their access by conducting unauthorized transactions. As a response, Flutterwave temporarily suspended the accounts through which the funds were improperly transferred. However, the company assures that no customer funds were lost in this process.

The February court order, known as a Mareva injunction, grants Flutterwave the authority to recover the funds and assets of the identified account holders. This action is crucial because the account holders may have already spent the funds they received in October 2023.

Flutterwave stated that they are actively engaging with relevant authorities to investigate and address the situation.

According to court documents obtained by TechCabal, an earlier court order had placed debit restrictions on those accounts two months after the incident occurred.As per the most recent order granted on February 1, 2024, 35 financial institutions, including Opay, Paga, Palmpay, Access Bank, VFD Bank, Zenith, Polaris, and Providus Bank, are required to share the email addresses and telephone numbers of the account holders with Flutterwave.

Flutterwave intends to contact the over 6,000 account holders through their respective email addresses, as well as via SMS and WhatsApp messages to their telephone numbers, according to court documents obtained by TechCabal.The fintech company may enlist the services of a recovery agency to assist with this process, as suggested by a lawyer familiar with similar procedures.

The incident began on October 10, 2023, when a technical glitch in Flutterwave's operating system led to funds being automatically transferred to the bank accounts of customers listed in Schedule A of a memorandum. Upon discovering the glitch, Flutterwave promptly notified the affected banks and fintech companies about the issue and the resulting erroneous funds transfers.

The letter from Flutterwave's lawyers emphasized that the merchants listed did not provide any services to their client and were not entitled to the funds that were erroneously transferred to them. Despite this, they have retained the funds.Flutterwave also offered indemnity to the banks, should they choose to reverse the erroneous transfers. Typically, such a reversal request would require the receiving bank to seek further approval from the court.

This incident underscores the importance of Know Your Customer (KYC) procedures. The success of Flutterwave's recovery efforts hinges on financial institutions like Opay, Palmpay, and Moniepoint having accurate customer information. Similarly, it relies on banks having up-to-date information on their customers to facilitate the reversal of the erroneous transfers.

The recent surge in fraud incidents highlights the challenges faced by financial institutions in maintaining effective Know Your Customer (KYC) procedures. Neobanks, aiming to enhance financial inclusion, have facilitated the proliferation of easily accessible accounts with relaxed KYC requirements. Similarly, traditional banks may not always possess accurate customer information, as customers are not obligated to update their details such as addresses, emails, or phone numbers.

This situation has been exacerbated by a significant increase in fraud attempts within Nigeria's financial services industry, with traditional banks attributing blame to neobanks. For example, Fidelity Bank, one of Nigeria's commercial banks, suspended transfers to several neobanks due to concerns that neobank wallets and accounts were being exploited for fraudulent activities.

In response to these challenges, the Central Bank of Nigeria mandated all financial institutions to implement stricter KYC measures by requiring customers to provide their bank verification number (BVN) or a national identification number (NIN) for account or wallet opening by March 2024. This move aims to enhance the integrity of customer information and mitigate the risk of fraudulent transactions within the financial system.