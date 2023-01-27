Former Standard Bank software expert Henry McMurray allegedly stole close to R6.3 million from the bank by inflating amounts in transactions processed by six of his “acquaintances”, Mail & Guardian reports.

McMurray tried to make off with R6,279,716 through 25 transactions with which he interfered between 13 July and 3 August 2017, according to the National Prosecuting Authority (NPA).

“Standard Bank can confirm that this matter is currently being heard in court. It relates to a fraud committed against Standard Bank in 2017,” a Standard Bank spokesperson told MyBroadband.

“Standard Bank has assisted the authorities in their investigation and has provided the relevant information to assist in a successful prosecution.”

“The bank has a zero-tolerance stance against fraud of any kind and will vigorously pursue wrongdoing within the confines of the law,” they added.

However, as the case is currently being presented in court, Standard Bank cannot provide further detail relating to the matter.

According to the NPA charge sheet, McMurray inflated the balances of the Standard Bank accounts belonging to six “acquaintances” for his and their benefit.

One of the acquaintances is his co-accused Augustin Ifeanyi Anosike.

The first example of his fraudulent activity occurred on 13 July 2017, when McMurray added three zeros to the R500 balance reflected in Anosike’s account, changing it to R500,000.

He processed a similar transaction on 21 July when he again added three zeros to a transaction amount of R47 paid into his co-accused’s account, causing the deposit to reflect that Anosike had R47,000 in the bank.

MyBroadband asked the NPA for comment, but it had not responded by the time of publication.

Standard Bank is not the only financial institution to have levelled fraud allegations against former IT staff. The South African Post Office’s Postbank halted South African Social Security Agency (Sassa) withdrawals after R18 million was stolen.

On Tuesday, 29 November 2022, Postbank CEO Lucas Ndala revealed to Parliament’s portfolio committee on communications that it had experienced “a number of cyber fraud incidents — most of them relating to the Sassa beneficiary grant payment system”.

The state-owned entity lost over R18 million in three months due to cybercrime attacks.

Ndala said the Auditor General had flagged the Postbank IT system for “control weaknesses”.

“There has been a concerted effort to address these system deficiencies since the grant system was ceded to Postbank in 2021,” he said.

“A lot of these weaknesses come from the system itself because it came with a number of flaws that needed to be addressed over time.”

The R18 million stolen is part of more than R150 million Postbank has lost to fraudulent transactions by external syndicates to access its systems with the help of insiders.

The rampant theft at Postbank is likely due to several severe operational security flaws at the Postbank.

For instance, employees use a single set of credentials to access sensitive systems, including Postbank’s integrated grant payment system.

The same key is used by up to 40 employees of varying ranks to access the systems, and, as a result, it is difficult to trace the transactions to a particular staff member when fraud is detected.

Those with the credentials can also delete transaction logs, which makes it difficult for Postbank to detect fraud in the first place.

Reportedly, Postbank has been operating the grant payment system without activating a feature designed to detect and alert relevant parties to possible fraud.

Ndala said all indications suggest an inside job.