Equity Bank Rwanda Fraud Investigation Exposes $2.5 Million Mobile Money Scheme
Kigali, 16 March 2026
A sophisticated fraud scheme has struck Equity Bank Rwanda, with criminals exploiting mobile money systems to steal $3.4 million using SIM cards that had never received even $1 previously. Investigators have detained 35 suspects across Rwanda and Uganda, including two of the bank’s own IT staff with data centre access. The fraud involved purchasing mobile money float worth up to $72,000 per SIM card, bypassing transaction limits through bulk purchases. Whilst the bank successfully reversed transactions within 24 hours and assured customers no deposits were lost, $2.5 million remains unrecovered. CEO James Mwangi has vowed to be ‘ruthless’ in addressing the crime, marking another major challenge for the East African banking giant following similar incidents in Kenya during 2025.
Detection and Swift Response
Equity Bank Rwanda’s internal surveillance systems detected the irregular transaction patterns on 15 March 2026, triggering immediate security and incident-response protocols [2][4]. The bank’s monitoring infrastructure identified unusual activity that deviated from normal transaction flows, prompting swift containment measures in coordination with relevant authorities [3]. Within 24 hours of detection, the majority of affected transactions were successfully reversed, demonstrating the effectiveness of the bank’s risk management procedures [2][3][4]. The rapid response prevented further losses and maintained operational stability across the institution’s network.
The Mobile Money Float Exploitation
The fraud scheme exploited Rwanda’s mobile money float system by bypassing standard transaction limits through sophisticated manipulation [2]. Criminals used SIM cards with no prior transaction history to purchase mobile money float worth up to $72,000 each, a stark contrast to their previous inactivity [2]. As one bank official explained to Taarifa Rwanda: ‘What we saw were SIM cards buying float of up to $72,000. Some of those SIM cards had never previously received even $1’ [2][4]. The suspected entry point into the bank’s systems was identified as a platform operated by ESICIA Ltd, though the exact method of access remains under investigation [2]. Investigators are examining whether the breach involved physical access to Equity Bank’s data centre infrastructure or technical vulnerabilities [4].
Cross-Border Investigation Unfolds
The Rwanda Investigation Bureau (RIB) is leading a comprehensive investigation that has resulted in 35 arrests across two countries [3][4]. Six suspects connected to the fraud were detained in Uganda, highlighting the cross-border nature of the criminal network [4]. Among those in custody are two Equity Bank IT staff members who held roles in data centre operations, raising concerns about potential insider involvement [2][4]. Forensic specialists are currently reviewing server logs, user activity data, and seized devices to trace the full extent of the fraud [2]. The timing of this investigation coincides with increased regional financial integration, as Kenya and Rwanda signed an agreement on 11 March 2026 allowing payment companies to operate freely across both nations [2].
Financial Impact and Leadership Response
Of the alleged $3.4 million total fraud amount, approximately 73.529% or $2.5 million remains unrecovered despite the bank’s swift intervention [2]. Equity Bank Rwanda has emphasised that no customer deposits were affected by the incident, with all customer accounts remaining secure throughout the crisis [2][3]. Group CEO James Mwangi has adopted an uncompromising stance towards the fraud, declaring: ‘I don’t even care. I have just started the journey. I will protect the customers and the bank. I will be ruthless’ [2]. This incident represents another significant challenge for the Equity Group, following the termination of over 1,200 employees in Kenya during 2025 after investigations revealed staff collusion with external fraudsters in schemes exceeding $15 million [2]. The bank continues strengthening its cybersecurity infrastructure and transaction monitoring systems whilst authorities pursue the remaining suspects and missing funds [3][4].