Topic: How to avoid virtual bank apps hack when phone got stolen or misplaced - page 2. (Read 403 times)

To be sincere, this is indeed one of the best phone security safety update I have ever heard since the beginning of this year my friend, because until this moment, I never knew hacking into one's mobile app in his/her phone could be this easy with the two scenarios you just gave @ O.P, and I'm really grateful for that as you have given is to have a different angle on phone security, and save people from losing fund as time goes on.


Please, can you elaborate more on this statement written above @ Sir Charles-Tim? Because I always thought since fingerprint can't be duplicated, it is one of the best security measures,  but your statement is kind of making me confuse, and I will love to hear why you said so.

You can also use separate phone for your main sim card that can be used to get any sensitive information about your account, BVN and others so that when sending OTP, it will be in a different phone not the same phone the bank application for example Opay is logged in.


Using long password that will be very hard to memorize will also help because people close to you can easily memorize your password it they are short and easy to remember, but if your password is long, they will lose interest in memorizing the password.

I like them and I used opay always, but their security is not strong enough especially if you lost your phone because someone can easily get access quickly to your Opay account if they were able to unlock your phone, or even if they remove your sim and put it in another phone, they can log in successful because that your number will be the number they will use to get OTP, and BVN, and once they logged in, they can have access to changing trading passwords and swip your money.

Another option is to have a privacy screen protector on your phone; What does this glass does? The privacy screen protector blurs your phone from the immediate person closer to you either to the left or right; also, The privacy protector prevents people from a near distance from peeping directly into your phone screen.

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

The password should be long. Attacker can easily look at you while entering the password and memorize it. I can easily use 10 to 21 characters easily.

It's not new to us that the rate at which everyone uses banking Apps on their phone has grown rapidly due to the recent spike in digital banking like Opay, Palmpay, Kuda, Moniepoint and other related micro banks and this is due to their fast transaction unlike the commercial banks that sometimes delay payment, these banks save you when you want to make fast local transaction without having to wait, they are pretty fast and some don't charge for fees while some do but limit the free transfer you can do in every 24 hours.

There is a challenge with these Apps and one of them is when your phone is mislaced or stolen, the first thing they do with your phone is to find a way to unlock it if it's locked and if the phone is not passworded, they go straight to your mobile app to drain the account balance. This is how they do it and it's in two ways:

Accounts that are Tier 1: This is an account where KYC is not done or BVN is not requested and most of the time, the maximum balance you can have in your account is 300,000 naira and the daily transaction limit is 50,000. What they do when a phone is misplaced or stolen is they try to enter the app by forget password and request for one-time password(OTP) to set a new password, since KYC is not requested on this tier account, it will be easier for the person to recover the password from the sim and gain access to the account and transfer all the money on the account to another person until the account balance is empty, most of the time, they send it to POS person and collect cash.

Accounts that are Tier 2 and above: These accounts are usually KYC, BVN are been requested to use these accounts and above with daily transaction of #5M and unlimited max balance of Tier 3, and documents are required for the usage. When a phone is misplaced or stolen, anyone who finds the phone will try to get access to the mobile APP the same way as that of the Tier 1 through forget password by requesting for one-time password(OTP) through the sim card but even if the account is reset, BVN number will be requested but that doesn't stop anything. They can use *565*0# to request for the BVN to get the number and that's how easy it is to get into these virtual bank apps.

To verify, dial *565*0# and you will be charged #20 for your BVN, this is not magic, it is from Nigeria Inter-bank Settlement System(NIBSS)

How to prevent this from happening:
1. Make sure that your sim card is pin protected, this way it will be difficult to get access to your Sim when the phone is on, even if they are able to unlock the phone, the sim will remain locked and that gives you the advantage of making sure that your mobile wallet remains inaccessible.
2. Make sure to always password your phone, some phones are easily jail break but it is better than not having anything at all, this can give you time to do a welcome back before they get access to the phone.
3. Always have less money on this virtual app to protect yourself from this kind of emergency, this can help you in case the banks try to run away because there has been a lack of transparency from them, especially Opay and Kuda.

Stay safe, stay healthy.