This went on for three days. By the time NIBSS discovered the incident — during routine end-of-weekend settlement processes on Monday, September 9 — the total financial exposure had reached ₦13,662,138,920. Thirteen billion, six hundred and sixty-two million naira. Three days. ₦13.66 billion. And the system that processes the entire country's interbank transactions did not catch it in real time. NIBSS has now approached the Federal High Court in Lagos, seeking orders to freeze the 176 identified accounts, impose Post No Debit restrictions on beneficiary BVNs, and compel nineteen financial institutions to reverse all traced funds. The banks, for their part, declined to act without a court order — which, while understandable from a legal standpoint, cost critical time. This is the story. But the story is not really about NIBSS. It is about what happens when systems run without sufficient real-time visibility — and what every Nigerian organisation, fintech, and individual needs to understand before the next incident.
What "Dry Posting" Actually Means — And Why It Is So Dangerous To understand why this incident is technically significant, you need to understand what a properly functioning instant payment system does. When you initiate a transfer, two things must happen simultaneously and atomically: your account is debited, and the recipient's account is credited. These two events are inseparable in a healthy transaction record. One cannot happen without the other. A "dry posting" means the credit happened — but the debit did not. The system confirmed receipt to 176 accounts without ever actually moving real money from anyone. The funds did not exist. They were accounting ghosts. This is not a hacking incident in the traditional sense. No attacker broke through a firewall. No credentials were stolen. The glitch was internal — a malfunction in NIBSS's own platform logic that broke the atomicity of transactions. The result is arguably more alarming than a conventional cyberattack, because it originated from within the system itself, and the system had no mechanism to catch it until settlement day.
The Three Days Nobody Noticed This is the detail that should stop every technology leader in Nigeria cold. The incident began on September 6. It was discovered on September 9. That is 72 hours during which ₦13.66 billion in ghost credits circulated across the Nigerian banking system undetected. How is that possible at this scale? The answer is a familiar one to anyone who has worked in financial infrastructure: end-of-period reconciliation. Most Nigerian financial institutions — including, apparently, the infrastructure layer itself — rely on batch reconciliation processes that run at the end of a settlement window (typically end-of-day or end-of-weekend) to catch discrepancies between debits and credits. This means that for the entire duration between reconciliation runs, anomalous transactions can exist in the system without triggering any alert. Real-time anomaly detection — the kind that flags a transaction the moment a credit occurs without a matching debit — was either absent or insufficient at the NIBSS platform level. Three days is not an anomaly. Three days is a systemic visibility gap.
Then It Got Worse If the original incident was bad, what happened next was a second crisis layered on top of it. After NIBSS discovered the dry postings and began contacting banks to request account freezes, investigators uncovered a secondary wave of fund dissipation. The funds that had landed in the original 176 accounts were being moved again — to a new set of beneficiaries that had not been previously identified. These secondary recipients held accounts at a different set of banks. The additional amount traced to this second wave: ₦4,190,101,636. Over four billion naira, gone before NIBSS could even finish accounting for the first loss. This is where the case becomes more than a story about a technical glitch. It raises serious questions about whether some account holders knew what they had received and moved deliberately to obscure it. That is a question for law enforcement. What it tells us from an infrastructure standpoint is this: once money is in the Nigerian banking system without controls to freeze it in real time, recovery becomes exponentially harder with every hour that passes. NIBSS is now before the court asking for BVN watchlisting and account liens. The fact that the organisation must go through the court system to freeze accounts it can demonstrably prove received ghost credits tells you everything about the current state of real-time financial controls in this country.
What This Means If You Run a Business in Nigeria Whether you operate a fintech startup, a mid-size company with a treasury function, or a large enterprise with multiple banking relationships, the NIBSS incident carries concrete lessons. Your reconciliation schedule is a risk window. If your organisation runs daily or weekly reconciliation, you have a window during which financial anomalies can exist without being caught. That window is your exposure. The shorter and more automated your reconciliation cycle, the smaller your risk surface. "The bank will handle it" is not a security posture. Several banks in this incident declined to take action without a court order — even with NIBSS, their own regulatory infrastructure body, on the phone requesting account restrictions. If that is what happens at the infrastructure level, do not assume your business banking relationship offers you meaningful real-time protection in a fraud scenario. It does not. Your internal controls are your first and most reliable line of defence. Visibility is not optional. You need to know — in real time, or as close to it as technically feasible — what is moving in and out of every financial account your organisation operates. This is not a luxury reserved for banks. Any business processing payments needs transaction monitoring, threshold alerts, and anomaly detection built into its financial operations. Third-party infrastructure risk is underrated. NIBSS processes every instant payment in Nigeria. That makes it systemic infrastructure — which means its failure is not NIBSS's problem alone. Every fintech, every payment service provider, every business relying on NIP is downstream of this infrastructure. Most organisations do not have a documented response plan for what happens when that layer fails. After this, they should.
What Individuals Should Know If you are a regular banking customer in Nigeria, here is what this incident means for you practically. If you ever receive a credit you cannot account for — money you did not earn, expect, or receive from an identifiable source — do not spend it. Do not transfer it. Do not assume it is a gift or an error in your favour. Report it to your bank immediately and in writing. This may seem counterintuitive. The money is in your account. But under Nigerian banking law, receiving and spending funds you knew or reasonably should have known were not legitimately yours exposes you to civil and potentially criminal liability. NIBSS has already identified 176 accounts. It knows exactly where the money went. Courts have been asked to freeze those accounts and reverse all funds. Anyone who spent that money is now in a far worse position than if they had left it untouched and called their bank. If you are reading this as someone who received funds in the September 2024 window and has not yet had your account flagged — the process is still active. The court proceedings are ongoing. Cooperation is a significantly better outcome than resistance.
What Every Fintech and Financial Product Builder Must Take Away If you are building on top of Nigerian payment infrastructure — which means if your product integrates NIP, NIBSS, or any bank API — this incident should directly inform your engineering decisions. Design for infrastructure failure. Your system should have a defined behaviour for when the settlement layer beneath you produces inconsistent data. What does your application do when a credit appears without a confirmed debit? Does it allow the user to spend those funds immediately? That is a design decision. Make it deliberately. Implement real-time balance reconciliation. Do not rely on end-of-day settlement to be your source of truth. Maintain your own internal ledger and reconcile against the external source continuously. Discrepancies should trigger automatic holds and human review — not just an end-of-month report. Build transaction anomaly detection into your core product, not as an afterthought. Flag unusual credit patterns: amounts that do not match typical user behaviour, credits that arrive without any corresponding initiation on your platform, accounts receiving high-value credits with no prior activity. These are engineering problems with engineering solutions. Know your liability surface. When your users receive ghost funds and spend them, who bears the loss? If your product allowed immediate access to unreconciled credits, the answer may involve your company. Review your terms, your settlement logic, and your fraud policy now — before you find out the hard way.
The Bigger Picture: Nigeria's Infrastructure Moment It would be easy to read this story as a single embarrassing incident for NIBSS and move on. That would be a mistake. The NIBSS glitch is a symptom of a deeper truth about Nigeria's financial infrastructure: it is operating at scale without the observability, redundancy, and real-time controls that the scale demands. Nigerian banks processed over two billion transactions in 2024. Fraud losses across the system hit ₦52.26 billion in the same year. This is not a small problem being managed well. It is a large problem being managed reactively. The good news is that the tools to do this better exist. Real-time transaction monitoring, automated anomaly detection, intelligent authentication enforcement, continuous reconciliation — these are not futuristic concepts. They are implemented systems. The question is whether Nigerian financial institutions and the businesses that depend on them will treat infrastructure investment as a strategic priority or continue to treat it as an overhead cost until the next crisis forces the conversation. Mandleva's position has always been that security and infrastructure resilience are not costs. They are competitive assets. The organisations that build visibility into their operations now — that know what is happening on their systems in real time and can respond before a three-day exposure window becomes a ₦13 billion court case — will outlast and outperform those that do not.
Three Things You Should Do This Week One: Audit your reconciliation cycle. How often does your organisation compare what your internal records say against what your bank statements say? If the answer is weekly or monthly, shorten it. Automate it where possible. Two: Set up transaction alerts on all business accounts. Every major Nigerian bank supports SMS or email alerts for transactions above a threshold. Set that threshold to zero. Every naira that moves should send a notification to at least one responsible person in your organisation. Three: Document your incident response for financial anomalies. What is the process if your company receives an unexpected credit? Who decides whether to hold or release? Who contacts the bank? Who escalates to legal? If that process does not exist as a written document, write it today. If your organisation needs a deeper assessment — transaction monitoring, financial controls review, or infrastructure security evaluation — Mandleva works with Nigerian businesses at every stage. Reach us through our contact page. We would rather you call us before the incident than after it.
The NIBSS matter is currently before the Federal High Court in Lagos. This article is purely analytical and educational in nature. It does not seek to prejudice, influence, or comment on the merits of any ongoing legal proceedings. All facts referenced are drawn from publicly available news reports and court filings already in the public domain. This does not constitute legal advice.
