1. SPARK – Startups, Valuation, Funding, and Saga
2013 saw the launch of Spark , an initiative defined by co-founder, Jason Njoku of
iROKO Partners as a business that build companies. With start-ups like ToLet.ng,
Bus.ng, Drinks.ng, setting out, and others like Hotels.ng, Giddimint, and Kuluya
Games joining the network of companies, Spark has indeed taken the whole idea
of business incubator to a whole new level in Nigeria, providing it’s businesses with
working space, $1m funding, and the press network iROKO enjoys.
It has not been all been rosy with Spark as it has also been laced with news of
mass firing, in-house dispute, and acquisition-gone-bad. However, 2013 did get
Sparked by this venture as people are now in the spirit of GettingShitDone.ng.
2. Arrival of the TechCabal
Online and offline conversation in the local tech ecosystem took a whole new turn
with the launch of TechCabal. The convener, Bankole Oluwafemi popular known by
his twitter handle @MrBankole has done a great job. Taking on the trending term
“cabal” in the political arena, the platform brings together tech veterans,
enthusiast, and other players with online content and offline events – Tech Cabal
Sessions, which featured Tayo Oviosu of Paga in its maiden edition. Bigger things
are expected of Big Cabal , the parent company having recently acquired
OTEKBITS, to add to its web asset along side Republica, and gearing for a
relaunch in 2014.
3. The Future Awards for African Tech
Described as the Nobel Prize for young people by the World Bank, The Future
Awards Africa is arguably the most prestigious award recognizing the African
youth. 2013 did see more recognition given to youths in the technology sector, and
winners included Hugo Obi of Maliyo Games, the Jobberman Trio, and Kingsley
Ezeani of Information Nigeria. It is interesting to note that the 2013 edition of
the awards had the most number of categories related to technology in its 8
years of running. This sure goes to show young people are making commendable
ventures in the area of science and technology.
4. More Incubators and Co-Working Spaces
2013 saw the addition of new incubators and co-working spaces. The iDEA
hub launched in Lagos and Calabar, while Audax, Startuphub, and Capital
square launched on the island of Lagos for technology and business entrepreneurs.
iBrigde Hub got down to business in Ibadan, and another hub opened shop at
Ekiti. With the success stories coming out of the Co-Creation Hub, Veneer Hub,
and Wennovation hub, no doubt the same will soon be heard of these newly
5. Walking with Giants
One thing founders, and entrepreneurs should make an habit of is
collaborating smartly with bigger players. However the giants have to be willing
to work with the little people first, and a lot of that happened in 2013. Telecom
giants MTN came close to the developer community and ran a 16-week app
challenge in collaboration with the Co-Creation Hub. OEMs like Samsung, Nokia,
and Tecno also ran developer competitions, trainings, and other projects. The Tony
Elumelu Foundation offered seed funding to a good number of startups, and
other companies like Qualcomm, Visa, and the Federal Government (Ministry of
Communication and Technology) got into the trenches to work with local
developers in hacking social products and services.
6. Startups – Fly, Pivot, or Crash
Having mentioned that 2012 saw the launch of sooooo many startups, 2013 did see
some fly, pivot, and others crash. This is no anomaly in the tech space anywhere
in the world. Due to factors like team, product offering, quality, funding,
scaling, and market forces, startups need to adapt or die. 2013 saw startups like
Paga, and Jobberman fly with increase market size, revenue, and funding,
TaxiPark had to pivot to Tranzit, and Tiketmobile had to close shop for reasons
between funding, and product offering. Perhaps growth hackers will be welcomed
7. Rocket Internet blazes on
How can we talk about 2013 without mentioning Rocket Internet? This name
probably made the headlines more than any other in the course of the year, and
for various reasons. The most recent is the exit of the two African co-founders
of Jumia. Other buzz worthy moments include the partnership with MTN ( investing
about N65Bn ) along side Millicom, and new ventures such as Easy Taxi, Hello Food,
Carmido, Varmido, and others that may not be known to you and me.
8. Getting Funded by Angel Investors and VCs
One of the biggest issues of 2012 was funding. Not to say the problem is over in
2013, but it can be said that solutions are now available to founders,
entrepreneurs, and startups looking for seed and growth funding.
The Angel investors arrived with the launch of the Lagos Angel Network with
Tomie Davis of Technovision as convener. Venture Capitalist firms like Intel
Capital, Echo VC, Tiger, Adlevo, among others are also actively engaging in
funding startups and business in Nigeria. Rancard recently raised a 2nd round,
Jobberman is said to have raised a 3rd round, and iROKOtv recently raised an
$8m 4th round.
9. Cracking The Code of Digital Content Distribution
Lots of players are taking a jab at digital content distribution in Africa, and
Nigeria is at the forefront with players like Orin.io, Freeme Digital, MyMusic,
iROKING, DoBox, NextSpeel, iROKOtv, Spinlet, BattaBox etc. With the value of
local content – videos, film, music videos, movies – on the rise, as well as demand
locally and in diaspora, 2013 did see a lot of work go into working out a profitable
way of producing, and distributing these content. So far, some have started
raising revenue, others are focused on the how-to models of delivery, but no one
is profitable yet, so let’s see what 2014 has in store.
10. Gadgets – Smart Just Got Cheaper
Thanks to Nokia, Samsung, and most especially Tecno, Nigerians can afford to own
a smartphone. These gadgets were out of reach only in 2012, but 2013 saw the
arrival of Nokia Asha and Lumia series, as well as the Samsung Galaxy Duos, and
Tecno Phantoms, with a N15,000 to N45,000 range. Staying connected also got
cheaper as telecos – MTN, Airtel, and Glo stayed competitive by releasing
affordable data plans and bundles. No doubt more Nigerians are now connect to
the internet via mobile phones that offer rich experiences.
Wednesday, 1 January 2014
1. SPARK – Startups, Valuation, Funding, and Saga
Tuesday, 31 December 2013
Credit and debit card accounts stolen in a recent data breach at retail giant
Target have been flooding underground black markets in recent weeks,
selling in batches of one million cards and going for anywhere from $20 to
more than $100 per card, KrebsOnSecurity has learned.
Prior to breaking the story of the Target
breach on Wednesday, Dec. 18, I spoke with
a fraud analyst at a major bank who said his
team had independently confirmed that
Target had been breached after buying a
huge chunk of the bank’s card accounts from
a well-known “card shop” — an online store
advertised in cybercrime forums as a place
where thieves can reliably buy stolen credit
and debit cards.
There are literally hundreds of these shady
stores selling stolen credit and debit cards
from virtually every bank and country. But
this store has earned a special reputation for selling quality “dumps,” data
stolen from the magnetic stripe on the backs of credit and debit cards. Armed
with that information, thieves can effectively clone the cards and use them
in stores. If the dumps are from debit cards and the thieves also have access
to the PINs for those cards, they can use the cloned cards at ATMs to pull
cash out of the victim’s bank account.
At least two sources at major banks said they’d heard from the credit card
companies: More than a million of their cards were thought to have been
compromised in the Target breach. One of those institutions noticed that one
card shop in particular had recently alerted its loyal customers about a huge
new batch of more than a million quality dumps that had been added to the
online store. Suspecting that the advertised cache of new dumps were
actually stolen in the Target breach, fraud investigators with the bank
browsed this card shop’s wares and effectively bought back hundreds of the
bank’s own cards.
When the bank examined the common point of purchase among all the
dumps it had bought from the shady card shop, it found that all of them had
been used in Target stores nationwide between Nov. 27 and Dec. 15.
Subsequent buys of new cards added to that same shop returned the same
On Dec. 19, Target would confirm that crooks had stolen 40 million debit and
credit cards from stores nationwide in a breach that extended from Nov. 27
to Dec. 15. Not long after that announcement, I pinged a source at a small
community bank in New England to see whether his institution had been
notified by Visa or MasterCard about specific cards that were potentially
compromised in the Target breach.
This institution has issued a grand total of more than 120,000 debit and
credit cards to its customers, but my source told me the tiny bank had not
yet heard anything from the card associations about specific cards that might
have been compromised as a result of the Target breach. My source was
anxious to determine how many of the bank’s cards were most at risk of
being used for fraud, and how many should be proactively canceled and re-
issued to customers. The bank wasn’t exactly chomping at the bit to re-issue
the cards; that process costs around $3 to $5 per card, but more importantly it
didn’t want to unnecessarily re-issue cards at a time when many of its
customers would be racing around to buy last-minute Christmas gifts and
traveling for the holidays.
On the other hand, this bank had identified nearly 6,000 customer cards —
almost 5 percent of all cards issued to customers — that had been used at
Target stores nationwide during the breach window described by the
“Nobody has notified us,” my source said. “Law enforcement hasn’t said
anything, our statewide banking associations haven’t sent anything out…
nothing. Our senior legal counsel today was asking me if we have positive
confirmation from the card associations about affected cards, but so far we
haven’t gotten anything.”
When I mentioned that a big bank I’d spoken with had found a 100 percent
overlap with the Target breach window after purchasing its available cards
off a particular black market card shop called rescator[dot]la , my source at
the small bank asked would I be willing to advise his fraud team on how to
do the same?
Ultimately, I agreed to help in exchange for permission to write about the
bank’s experience without actually naming the institution. The first step in
finding any of the bank’s cards for sale was to browse the card shop’s
remarkably efficient and customer-friendly Web site and search for the
bank’s “BINs”; the B ank Identification N umber is merely the first six digits of
a debit or credit card, and each bank has its own unique BIN or multiple
According to the “base” name for all stolen cards sold at this card shop, the
proprietor sells only cards stolen in the Target breach.
A quick search on the card shop for the bank’s BINs revealed nearly 100 of
its customers’s cards for sale, a mix of MasterCard dumps ranging in price
from $26.60 to $44.80 apiece. As one can imagine, this store doesn’t let
customers pay for purchases with credit cards; rather, customers can “add
money” to their accounts using a variety of irreversible payment
mechanisms, including virtual currencies like Bitcoin , Litecoin , WebMoney
and PerfectMoney, as well as the more traditional wire transfers via
Western Union and MoneyGram .
With my source’s newly registered account funded via wire transfer to the
tune of USD $450, it was time to go shopping. My source wasn’t prepared to
buy up all of the available cards that match his institution’s BINs, so he
opted to start with a batch of 20 or so of the more recently-issued cards for
Like other card shops, this store allows customers to search for available
cards using a number of qualifications, including BIN; dozens of card types
(MasterCard, Visa, et. al.); expiration date; track type ; country; and the name
of the financial institution that issued the card.
A key feature of this
particular dumps shop is
that each card is assigned
to a particular “base.” This
term is underground slang
that refers to an arbitrary
code word chosen to
describe all of the cards
stolen from a specific
merchant. In this case, my
source at the big bank had
said all of the cards his
team purchased from this
card shop that matched
Target’s N0v. 27 – Dec. 15
breach window bore the
base name Tortuga , which
is Spanish for “tortoise” or “turtle.”
Indeed, shortly after the Target breach began, the proprietor of this card
shop — a miscreant nicknamed “Rescator” and a key figure on a Russian-
language cybercrime forum known as “Lampeduza” — was advertising a
brand new base of one million cards, called Tortuga.
Rescator even created a graphical logo in the Lampeduza forum’s typeface
and style, advertising “valid 100% rate,” and offering a money-back
guarantee on any cards from this “fresh” base that were found to have been
canceled by the card issuer immediately after purchase. In addition,
sometime in December, this shop ceased selling cards from other bases aside
from those from the Tortuga base. As the month wore on, new Tortuga bases
would be added to shop, with each base incrementing by one with almost
every passing day (e.g., Tortuga1, Tortuga2, Tortuga3, etc.).
Another fascinating feature of this card shop is that it appears to include the
ZIP code and city of the store from which the cards were stolen . One fraud
expert I spoke with who asked to remain anonymous said this information is
included to help fraudsters purchasing the dumps make same-state
purchases, thus avoiding any knee-jerk fraud defenses in which a financial
institution might block transactions out-of-state from a known compromised
The New England bank decided to purchase 20 of its own cards from this
shop, cards from Tortuga bases 6-9, and Tortuga 14 and 15. The store’s
“shopping cart” offers the ability to check the validity of each purchased
card. Any cards that are checked and found to be invalid automatically get
refunded. A check of the cards revealed that just one of the 20 had already
The bank quickly ran a fraud and common point-of-purchase analyses on
each of the 19 remaining cards. Sure enough, the bank’s database showed
that all had been used by customers to make purchases at Target stores
around the country between Nov. 29 and Dec. 15.
“Some of these already have confirmed fraud on them, and a few of them
were actually just issued recently and have only been used at Target,” my
source told me. Incredibly, a number of the cards were flagged for fraud
after they were used to make unauthorized purchases at big box retailers,
including — wait for it — Target . My source explained that crooks often use
stolen dumps to purchase high-priced items such as Xbox consoles and high-
dollar amount gift cards, goods that can be fenced, auctioned or otherwise
offloaded quickly and easily for cash.
My source said his employer isn’t yet sure which course of action it will
take, but that it’s likely the bank will re-issue some or all of the 5,300+ cards
affected by the Target breach — most likely sometime after Dec. 25.
The bank is unconcerned that its cards compromised in the Target breach
might be used for online shopping fraud because the stolen data does not
include the CVV2 — the three digit security code printed on the backs of
customer cards. Most online merchants require customers to supply the CVV2
as proof that they posses the legitimate, physical card for the corresponding
account that is being used to fund the online purchase.
Update, 5:20 p.m. ET: In a message to consumers, Target CEO Gregg
Steinhafel said Target would be offering free credit monitoring for affected
customers. Not sure how credit monitoring helps with this specific breach,
but at any rate here’s the rest of his statement:
“Yesterday we shared that there was unauthorized access to payment card
data at our U.S. stores. The issue has been identified and eliminated. We
recognize this has been confusing and disruptive during an already busy
holiday season. Our guests’ trust is our top priority at Target and we are
committed to making this right.
We want our guests to understand that just because they shopped at Target
during the impacted time frame, it doesn’t mean they are victims of fraud. In
fact, in other similar situations, there are typically low levels of actual fraud.
Most importantly, we want to reassure guests that they will not be held
financially responsible for any credit and debit card fraud. And to provide
guests with extra assurance, we will be offering free credit monitoring
services. We will be in touch with those impacted by this issue soon on how
and where to access the service.
We understand it’s been difficult for some guests to reach us via our website
and call center. We apologize and want you to understand that we are
experiencing unprecedented call volume. Our Target teams are working
continuously to build capacity and meet our guests’ needs.
We take this crime seriously. It was a crime against Target, our team
members, and most importantly, our guests. We’re in this together, and in
that spirit, we are extending a 10% discount – the same amount our team
members receive – to guests who shop in U.S. stores on Dec. 21 and 22.
Again, we recognize this issue has been confusing and disruptive during an
already busy holiday season. We want to emphasize that the issue has been
addressed and let guests know they can shop with confidence at their local