Boda-Boda Rider Remanded in Luzira Prison Over Shs332 Million Centenary Bank Fraud
In a case that has exposed potential vulnerabilities in Uganda’s banking security systems, a boda-boda rider known by multiple aliases has been charged with siphoning Shs332 million from Centenary Bank through an elaborate scheme involving forged identities and allegedly exploiting biometric enrollment procedures. The suspect, identified as George Byaruhanga, also known as Ronald Kintu and Rogers Ainembabazi, was remanded to Luzira Prison after appearing in court today.
The alleged fraud comes despite Centenary Bank’s previous investments in sophisticated anti-fraud systems, including biometric authentication technology specifically designed to prevent exactly this type of identity-based fraud.
The Elaborate Fraud Scheme
According to investigators, Byaruhanga orchestrated a sophisticated multi-step process to illegally access and drain funds from the targeted account:
· Identity Fabrication: Created forged national IDs under multiple aliases to establish false identities
· Biometric Enrollment: Successfully enrolled fake biometric data at Centenary Bank’s Mapeera Branch, convincing staff he was the legitimate account holder
· Staged Withdrawals: Once system access was established, he immediately withdrew Shs50 million over the counter through traditional banking channels
· Funds Transfer: Moved Shs250 million to an account at Exim Bank through electronic transfer
· Final Drainage: Cashed out the remaining Shs32 million through ATM withdrawals and agent banking platforms
Table: Alleged Fund Diversion Methods
Method Amount Execution Point
Over-the-counter withdrawal Shs50 million Bank branch
Transfer to Exim Bank Shs250 million Electronic transfer
ATM & agent banking Shs32 million Multiple platforms
Investigators noted that the entire scheme proceeded without triggering the bank’s security firewalls, raising serious questions about the effectiveness of existing fraud detection systems.
Centenary Bank’s Security Infrastructure
This security breach is particularly surprising given Centenary Bank’s previous high-profile investments in advanced security technology. The bank had implemented what it described as a comprehensive Identity and Access Management (IAM) solution to strengthen customer verification processes.
In a previous case study, the bank had highlighted how their biometric authentication system was designed to “remove duplicates and false aliases from the customer database” and specifically “prevent customers from fraudulently operating accounts under different and false identities.”
The system, integrated with their core banking platform, was intended to ensure that “each banking transaction at the teller windows are validated and secured” through biometric verification, theoretically making the type of identity fraud alleged in this case impossible to execute.
A Pattern of Security Challenges
This incident represents the latest in a series of security-related challenges facing Centenary Bank:
· June 2025: Former Centenary Bank teller Alex Kyambade was convicted of embezzling more than UGX 100 million through a scheme involving fake foreign exchange transactions. The court found he had “exploited a weak core banking system and the absence of proper supervision” to manipulate internal systems.
· Recent Customer Complaints: The bank has faced scrutiny over allegations of missing customer funds, including a case where UGX 4,000,000 was allegedly illegally withdrawn from a customer’s account while he was working in the UAE.
Industry Implications and Response
The successful execution of this alleged fraud, despite existing biometric security measures, raises significant concerns for Uganda’s entire banking sector:
· Biometric System Vulnerabilities: Questions about whether systems can be compromised during the enrollment process rather than the verification stage
· Staff Training Gaps: Potential weaknesses in branch-level staff ability to detect fraudulent documentation during customer onboarding
· Multi-Channel Security: The need for coordinated security monitoring across traditional, digital, and third-party banking channels
· Real-time Monitoring: Enhanced detection systems capable of identifying suspicious transaction patterns across multiple withdrawal methods
Financial industry experts note that this case exemplifies the evolving sophistication of financial fraud, where perpetrators combine traditional identity theft with understanding of technical banking systems.
Legal Proceedings and Next Steps
Byaruhanga remains in custody at Luzira Prison awaiting trial. The court will likely examine both the specific fraud mechanisms and the broader systemic vulnerabilities that enabled such significant funds to be extracted through multiple channels without detection.
Centenary Bank has yet to release an official statement addressing the specific allegations or explaining how the security breaches occurred despite their anti-fraud investments.
As Uganda’s banking sector continues to digitize and expand financial inclusion, this case highlights the critical need for security systems that match the sophistication of modern fraud techniques while maintaining customer trust and financial safety.
About The Author
