KONGAPAY IS NOT A GOOD DEVELOPMENT FOR MERCHANTS ON KONGA MALL

Konga marketplace recently mandated all merchants on Konga Mall to register for KongaPay.

I received the communication below from Konga Mall on February 20th, 2016

Dear Seller,

Effective 29th February 2016, the wallet system will no longer be available on SellerHQ. Therefore it is mandatory that all merchants are registered on KongaPay on or before the 29th February 2016.

This means that all merchants are mandated to register on KongaPay with their debit cards.

Why You Should Register On Konga Pay?

• Instant Payment of sales proceeds to registered Konga Pay accounts
• Secured Platform
• Less stress for invoice payment
• 5% discount on all purchases on konga

I dared Konga by ignoring the communication because the word “Mandatory” connote command not a service request. I didn’t register for KongaPay as at the deadline day because something was very fishy in the first communication.

So on March 10th, 2016 I received another communication from Konga Mall:The second communication from Konga Mall sound more like a service request than the initial command style, so I proceed to my Seller Dashboard to register for KongaPay only to meet the shock of my life.

KongaPay!! Easiest Way to Receive Your Funds

Dear Seller,

We have noticed that you are yet to register on Konga Pay, kindly do so as this will enable you receive your pending funds.

Please note that all pending funds can only be received once you have registered on Konga Pay. The funds will be remitted instantly into your Konga Pay registered account.

Click link below to view the step by step method of registering on Konga Pay.

Life Made Easy With Konga Pay

Kind Regards,

Your Konga Mall Team.

At the registration page, what was required was your personal, confidential and financial information like the following:

• First Name (as it appears on your Debit Card)
• Last Name (as it appears on your Debit Card)
• Enter your Debit Card Number (16 digit number in front of your Debit card)
• Card Expiry Date
• CVV
• Bank Verification Number (BVN)
• Phone Number (as registered with your bank & BVN)
• 4 Digit PIN
• Date of Birth

THE IMPLICATIONS OF GIVING OUT THE REQUIRED INFORMATION

According to Konga Mall, KongaPay was to ensure you receive your Konga storefront sales proceed instantly without the delay – which was intentional from Konga – associated with the wallet system.

Konga Mall currently use NEFT transfers to credit your bank account for sales proceed made on their platform.  The NEFT payment channel is a 24 hours or same day value system if done before 12noon. If done after 12noon, the beneficiary will receive the credit the next day unlike the Konga Wallet system that requires at least 3 working days before you get credits in your bank account for sales proceed on Konga.

If Konga Mall will be honest and sincere with merchants on the platform, we don’t need to register for KongaPay because Konga can easily use NIPs (NIBSS Instant Payment System) or NAPs (NIBSS Automated Payment System). NIPs and NAPs is a same day value system with no time limits. NIPs payment will get to any bank account in Nigeria within an hour whereas NAPs will impact within fifteen Minutes, Yes it takes fifteen minutes for credits to impact any bank account in Nigeria if you use NAPs.

Other notable source of concern is that Konga Mall doesn’t need my card details, BVN and my bank registered mobile number to credit any bank account. What they need is your bank account number, name of bank and sort code which they already have with the wallet system.

Even your bank has warned you severally NEVER to be careless with your debit card or disclose it to anybody except for the sole purpose of concluding or authorizing a transaction with specific amount.

THE RISK OF GIVING KONGA YOUR CARD DETAILS

According to PCI DSS standards, “Cardholders should not have to provide information to businesses unless those businesses must know that information to protect themselves and effectively carry out a transaction.” Konga Mall doesn’t need your card details to credit any bank account in Nigeria for sales proceed done on the platform.

The risks you are exposed to if you disclose the required details for KongaPay registration:

1. The following details are what that is required to authorize a Card Not Present or Web Transactions using your Debit Card:
   • First Name (as it appears on your Debit Card)
   • Last Name (as it appears on your Debit Card)
   • Your Debit Card BIN Number (16 digit number in front of your Debit card)
   • Card Expiry Date
   • CVV

If anybody or organisation have those details, they can carry out a debit transaction on your bank account without your card PIN. Giving out this information is like pre-authorizing Konga Mall to debit your bank account directly without any more approval from you.

If you have use your debit card online on foreign websites like Amazon.com, Alibaba.com, ebay.com, Aliexpress.com Zappos.com or any type of foreign transactions what is required to authorise the transaction and have your bank account debited are the following:

• First Name (as it appears on your Debit Card)
• Last Name (as it appears on your Debit Card)
• Your Debit Card BIN Number (16 digit number in front of your Debit card)
• Card Expiry Date
• CVV

So if you believe that Konga doesn’t have ulterior motives for asking for this details, Please think again. Do you really need to give anyone this information before they can credit your bank account?

What Konga need to credit your bank account is your bank account number and nothing more?

2. If you bank with GTBank, you will have learnt about the 737 banking system. What is required to buy airtime or transfer money from your GTBank account number to any bank account in Nigeria is your registered mobile number with the last 4 digits of your GTBank Naira MasterCard.

Now that Konga is asking for your full card BIN number and registered mobile number, what happen when Konga system is compromised?  Who pay the liability for the loss you will suffer.

All the information KongaPay required for registration are strictly personal and confidential. They are the type of information that you need guide with your life because you will loss all your earned money if they are compromised.

KongaPay is asking for all these information without any indemnity to merchants that if they are compromised they should be held responsible for all loss incurred.

WHY YOU NEED TO WORRY ABOUT KONGAPAY AS A MERCHANT ON KONGA MALL

You might think you are safe giving Konga all your financial information but you need to worry because of what is called Data breach.

According to Wikipedia, A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by individual unauthorized to do so.

Data breach is a serious global issue that countries and organization that are well capitalized and organized than KongaPay has been victim.

In October 2015, a 15-year old hacker hacked British telecommunication provider TalkTalk by stealing information on the company’s 4 million customers. In July 2015, adult dating site Ashley Madison suffered a data breach when a hacker stole information on its 37 million users.

In August 2014, 200 nude photographs of celebrities were posted on the image board website 4chan. The hackers have hacked into Apple iTunes to obtain the nude pictures. In September 2014, Home Depot suffered a data breach where hackers obtain 56 million credit card numbers of customers. Staples also suffered data breach in November 2014, when hackers have access to 1.16 million customer payment cards details.

In October 2013, Adobe Systems revealed that 130 million user records were stolen by hackers from their corporate data base and in November 2013, Target Corporation announced that data from 40 million credit and debit cards was stolen.

Over seventy-five percent (75%) of data breach are insider threat according to NETIQ. Majority of employees perpetrated their acts while in the office right under the noses of co-workers and most of insider instructions are handled internally – without legal action or law enforcement.

Hackers and criminals always seek to have access to names, card numbers and three-digit security codes (CVV). This information would allow hackers to create counterfeit credit/debit cards, and possibly allow them to make purchases and withdraw cash from ATM machines.