Ibrahim Mahmud, a 32-year-old businessman, has been arrested by officers of the Federal Capital Territory (FCT) Police Command in Abuja for allegedly orchestrating a complex Point of Sale (POS) fraud scheme.
Mahmud, a Civil Engineering graduate, was arrested after a detailed investigation which followed the swapping of a POS machine at a shop in Karshi last December.
The suspect allegedly used an advanced hacking tool to transfer ₦1 million from an unsuspecting victim’s account; a development that has further exposed the weaknesses in the country’s digital payment systems.
Mahmud was alleged to have walked into the POS shop of Odo Hilary, a popular business operator at Karshi, posing as a customer.
While Odo was processing the transaction, Mahmud who had engaged him in a conversation in order to distract him, swapped the POS machine with an identical one he smuggled into the shop.
Unaware of the swap, Odo continued his daily business only to notice by evening that something was amiss. He decided to check the transaction records and discovered that he had been locked out of his system.
Alarmed, he inspected the device and realised, to his dismay, that his POS machine had been replaced.
Odo immediately reported the incident to the Karshi Police Station, which escalated the matter to the State Criminal Investigation Department (CID), Abuja.
Detectives assigned to handle the case commenced investigation and swiftly traced a fraudulent N1,000,000 transaction with half of the million transferred to one Abdulsalam Abdulsamad, a long time acquaintance of Mahmud.
It was discovered that the suspect funneled the remaining N500,000 through multiple bank accounts which made recovery difficult.
As the investigation progressed, forensic experts at the FCT Command looked into Mahmud’s digital footprints and discovered his elaborate fraudulent activities.
It was discovered that Mahmud’s small clothing business in Karshi was merely a front as he was allegedly neck-deep into electronic fraud, targeting POS vendors across the city.
Armed with irrefutable evidence, the police launched a manhunt for Mahmud and apprehended him on January 21.
The police subsequently arrested Abdulsamad for allegedly receiving proceeds of crime, laundering the money and requesting for his share, knowing full well the N500,000 sent to him was stolen.
It was gathered that Mahmud initially denied all the allegations against him but surrendered and confessed after the police presented evidence.
Mahmud admitted to the police that he used a hacking tool called ‘Ghost App’, to scan POS machines and obtain their security credentials.
“With Ghost App, Mahmud could steal account details, bypass PIN verification and initiate unauthorised transactions.
“He admitted to repeating this scam multiple times, making POS business operators his primary target,” a source said.
The Nation gathered that the two suspects were charged with fraud, unauthorised access to banking data and multiple cybercrime-related offences by the police.
Reacting to the development, the Federal Criminal Investigation Department (FCID) warned that law enforcement agents were actively tracking digital fraudsters and working with cyber-security experts to dismantle underground hacking tools like Ghost App.
The FCT Commissioner of Police, Olatunji Disu, assured business owners that stricter security measures would be introduced to protect electronic transactions from similar cyber fraud attempts.
“This case serves as a wake-up call for all POS vendors and digital merchants in Nigeria. Cybercriminals are evolving, but so are we.
“We are committed to tracking, arresting and prosecuting those who exploit digital payment systems,” Disu said.
The police boss advised business owners to always inspect their POS devices to be sure they have not been tampered with; enable instant transaction alerts on all accounts; regularly change PINs and security codes, as well as remain cautious of distractions during customer interactions.
