A friend brought up a question recently, can’t a software developer at EcoCash just create a balance in their account. Then, said developer can go buy a shiny new Lamborghini Gallardo LP460? (I may be adding a bit of sweetening but you get the point).
A soccer analogy
Let us talk about soccer for a second, a game which as a stereotypical nerd I do not enjoy at all. Team A which we will call Techzim Strikers is playing Team B, Newsday F.C. As the match progresses and Newsday F.C. is losing dismally, a ball boy who is clearly a Newsday sympathizer throws in a second ball into the game. Newsday FC capitalises and scores. The referee then notices that there are now two balls being kicked around by a bunch of sweaty men instead of one and he obviously stops the game.
Just like a referee monitoring a soccer match, there are checks and balances in any banking system. The first is that there are levels of privilege to every system. This clearly was not the case a few years back when a Zimra employee just went ahead and credited a couple million dollars to himself. An employee should be protected by having limited access to the systems they operate. Notice I said the employee protected, as they are less likely to do any real harm beyond just giving in to the temptation to commit a crime that will automatically be detected a few days later.
I am a script kiddie
Say you do manage to hack in or internally create a balance. You have simply altered a display value, just like how altering the time on your watch does not make the displayed time the true one according to everyone else. There is a system of record that each transaction will either credit or debit depending on the transaction. Once you alter your displayed value according to the access credentials you have, you will have not created any actual real money.
When you transact via a digital banking platform, the system is not simply altering a figure in a couple of accounts. There are several records that a system will check to see if you have that amount of money. I am reminded of a glitch that was reporting inflated balances on the display end to the bank’s customers. Forgetting that spending money that gets credited to you even by mistake is a crime (more on this later), people hurriedly tried to spend the money but got the disappointing message, “Insufficient Funds.”
Well, our primary focus is developers and let us pretend that the system’s security is as lax as that of Zimra’s system. If a developer can go deep enough and be able to change the system of record balance, then they have created money. Well no, they have not. Even if you can change the primary system of record balance and credit money to yourself, the banking system automatically performs self-balancing using digital ledgers at the end of a predefined period. The money that came in, the money that goes out, the money in circulation and the money that is left in the system, they must all balance. Just like how our soccer match has several officials monitoring the game, there is no way that Newsday player scores the second ball without the linesman notifying the referee well beforehand.
Once a discrepancy is reported by the system the amount you created will determine what happens next. You can either be caught by other developers and internal accountants or the company will bring in a more dedicated audit team and you will have a few days to find an island where no one can get to you.
Miracle Money
In 2018, a student nurse in Gweru was sentenced to 12 years in prison after spending $54,000 that was deposited into his account by a technical glitch at CABS. His defense was that as a devout Christian who goes to a certain prophetic church, his prayers had been answered by miracle money blessings. That did not stop the Judge from sending him to jail though, with 3 years suspended on condition that he give back the house he had bought with the money.
The technical glitch came up after CABS upgraded its internal systems and a glitch reared its ugly head. The banking system was failing to correctly record figures after a bank to EcoCash wallet transfer. Since the systems are decoupled so to speak, it took a while for CABS to discover the glitch and clamp down on it, leading to the 24-year-old nurse’s arrest. Oh, and the young man had purchased two nun runner vehicles in addition to the house. Who steals money to buy two dead cars seriously? Well, the moral of the story is that even in instances where real money is involved, you will get caught, it is only a question of when.
What’s your take?