Researchers Demo Hack Against African Micro-Finance Accounts

mask.of.sanity writes "Security researchers have shown how to raid Africa micro-finance bank accounts en masse using fake audio one time passwords. The banks use audio one-time passwords to authenticate users logging into their accounts, but failed to implement properly security controls across numerous systems. Crucially, the researchers did not reveal how they cracked the encryption in order to protect users."

Re:A *lot* of microfinance is just a scam

[Trepidity]

I think this is on a slightly different use of the term "microfinance", though there's overlap. The books you link are about microcredit specifically, a hyped-up approach to poverty reduction based on very small loans spread throughout a community, which Grameen Bank made famous. But the kind of microfinance this article talks about is more about regular banking: accounts and transactions, usually via a mobile phone. It's become popular in Africa because of the lack of traditional financial networks, and the increasing ubiquity of mobile phones as the main link into modern systems.