Apparently, Harare City Council employees may have swindled City of millions of dollars by simply introducing unregistered POS machines and proceeding to collect revenues which they did not submit to the council.
The city council is said to have only discovered this during a recent audit. They realised that a significant number of POS machines -19 to be exact- were not linked to their bank accounts whilst they were collecting revenue.
A statement in the audit minutes reads:
A 100
percent stock count on the 43 district offices and other council revenue collecting centres revealed a total of 188 POS machines. There were 19 POS machines that were located at district offices but could not be found on the bank list.It was also noted that there was a …
POS ID which had dual identification codes hence the risk was that it was open for abuse and manipulation.It was noted that some of the banks did not have corresponding BIQ cash books, hence audit could not extract the BIQ cash books of such banks.
Because of the lack of BIQ cashbooks, transactions made from such bank accounts were being posted into cashbooks in use on the day.
This is not the first time this has occured and it’s reported that a similar thing happened when an audit was taken last year. This doesn’t seem like something belonging in the realm of cyber crime (of it does but…) and instead it appears as if this is just negligence on the council’s part. It’s made worse by the fact that this was something the council knew was an issue as the minutes of the previous audit acknowledged the issues:
The POS devices are a particular area of vulnerability to HCC because it does not appear as if the finance department was in full control of their deployment across council premises.
Findings into the audit were that there was a mismatch between HCC register of POS devices, their physical count and the banks’ register of POS devices deployed. The city’s POS devices were not integrated with the BIQ system.
HCC Audit Minutes
6 comments
“Harare City Council Latest Victim Of Fake POS Machine Scam” please advise who the other past victims are? Thank you!
This sounds like major crime.
Busy cramping our cars in the city for no reason while the revenue is being looted,work up and smell coffee you lazy city fathers.
Isn’t this old news, I recall reading about this elsewhere a little while back. Anyway, doesn’t the POS receipt show the registered holder/company, or were accounts created in the name of HCC? Were payments made on these POS machines reflecting in their billing system? It’s not clear if fraud actually occurred, or if these were just discrepancies noted from an audit.
I have installed and configured POS machines. I know how they work. The only thing fake in this whole drama can only be this story. For a terminal to work, it needs firmware and configurations. For a bank to accept a transaction from a terminal, that terminal must be configured with the bank and the terminal id configured on the machine. So a terminal id can be traced back to a bank easily. What most likely happened in this scenario is bank technicians installed terminals at council offices without notifying head office first. From my experience, communications is usually handled by an account manager. I have been out of the POS industry for a while now, but this story just doesn’t add up. No way an unregistered terminal can just start making transactions.
What you see on the receipt is configurable, you can have anything there. The terminal id is the biggie here. With it, you can trace the bank processing transactions from the terminal. For a bank to issue a terminal id, there is a bunch of mandatory information that needs to have been captured first.