Nigerian banks and their customers still lose billions of naira to fraudsters, despite security measures emplaced to check such, writes EHIME ALEX
To fight banking fraud at Point of Sale terminals and Automated Teller Machines across payment ecosystems in Nigeria, Interswitch, a digital payments solution provider, recently announced plans to roll out a new solution designed with advanced biometric features. This comes as many Nigerian banks are faced with increasing fraud cases year-on-year.
Findings by Financial Street shows that fraud cases reported by four Nigerian banks to the Central Bank of Nigeria rose by 166.12 per cent to N7.199tn in December 2021 from N2.71tn in December 2020.
This is according to the 2021 audited financial statements of Access Holdings Plc, Guaranty Trust Holding Company Plc, Fidelity Bank Plc and Sterling Bank Plc.
Sterling Bank reported the highest figure rising by 1613.77 per cent to N3.35tn in 2021 from N195.34m in 2020. Access Bank followed with N1.99tn in 2021 from N1.02tn in 2020. While the value reported by GTCO rose slightly by 10.75 per cent to N1.21tn, Fidelity’s rose by 381.498 per cent to N650.88m.
The latest report by Check Point Research Threat Intelligence on Nigeria puts the number of attacks experienced per business each week, collectively, at 2,308 across all industry sectors, adding that the figure is higher still for businesses in the financial sector.
Thus, considering the reliance of banks on Information and Communications Technology to operate their business and the rising incidence of cyber threats and attacks targeted at financial institutions, banks should be driving their credit risk management processes using appropriate scalable technology to achieve global best practices.
Cybercrime techniques
A number of techniques are being used by scammers to defraud unsuspecting banks’ customers, including phishing, hacking, malware, identity theft and ATM spoofing. Not to mention social engineering, which involves manipulating people to give out sensitive information, fraudsters use several other techniques, from card theft to Personal Identification Number compromise, in carrying out their acts.
In 2019, the CBN confirmed that transaction valued at N6.5tn was stolen from commercial banks in Nigeria by hackers. Between 2014 and 2017, the banking industry lost N12.30bn to various frauds. Between January and September 2020, more than N5.04bn was lost to fraud in the banking sector, and increased by 34 per cent to N7bn in the same period of 2021, the Nigeria Inter-Bank Settlement System Plc disclosed in its report on ‘Fraud in the Nigerian Financial Services’.
Use of biometrics
As far back as 2018, the CBN had planned to ditch ATM pin codes and replace them with biometrics to streamline and add more security to the process. That thought, as logical as it was as a solution for preventing fraudsters from stealing data from customers of the bank, especially among the illiterate and older customers, who may require help to use the ATM or PoS, the move has hardly been widespread, existing just in silos.
Huge investment
Artificial Intelligence is a potential solution, but it comes with challenges ranging from cost, limited resources, talent shortage and lack of systems. As a result, only 25 per cent of the institutions surveyed by PricewaterhouseCoopers, a multinational professional services network of firms, are using AI.
While banks strive towards enhancing cybersecurity resilience in digital financial services, continuous and regular cybersecurity awareness for consumers should be prioritised. This is even as developers said that the benefits of making effective use of biometrics outweigh the operational cost.
According to a report released in March 2022 by the Carnegie Endowment for International Peace, “It will require the financial institutions to invest significantly in, and have a robust capacity development plan for, their information technology and cybersecurity teams and top executives, as the financial sector is highly susceptible to cyber attacks, and new kinds of attacks are launched regularly, so capacity building must be frequent and consistent.”
Leveraging digital offerings
The Nigerian digital financial ecosystem has witnessed remarkable growth in the past few years, according to McKinsey & Company, a management consulting firm. The country is home to over 200 fintech organisations, not counting fintech solutions provided by banks and mobile network operators.
New service providers range from mobile money operators and payment service providers to fintech firms and other financial services providers, a trend that is increasing the need to ensure consumer security and trust.
These services come with numerous important digital components, including mobile applications, digital tokens, Unstructured Supplementary Service Data, and digital ledgers, all of which comw with potential vulnerabilities, according to a report by the Carnegie Endowment for International Peace released in March. “It is increasingly important for the country’s financial industry to prioritise cyber security, as it is the most targeted sector for cyber attacks.
“Over the last six months, the number of attacks against banks and other institutions in Nigeria was 3,682 per week, while globally, this figure is far lower at 774, Check Point Software Technology Regional Director for Africa, Pankaj Bhula, stated recently. “To protect this booming industry, more must be done to drive awareness around cybersecurity.”
Keeping with regulation
The CBN, in line with its regulatory powers and oversight functions under the CBN Act and the Banks and Other Financial Institutions Act, has taken salient steps towards regulating this space by striving to strengthen the cybersecurity defences of banks and non-financial institutions.
The instruments for doing so include documents like the Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers, the Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions, the Regulatory Framework for Mobile Money Services in Nigeria, and the Nigerian Payments System Risk and Information Security Management Framework.
The CBN also collaborates with relevant stakeholders such as the Securities and Exchange Commission to develop market regulations for cryptocurrencies and the Nigerian Communications Commission — the telecommunications sector’s regulator — to regulate mobile money operations.
Cybersecurity remains a crucial pillar in Nigeria’s National Digital Economy Policy and Strategy, which outlines a vision for diversifying the country’s economy. The 2021 Nigerian National Cybersecurity Policy and Strategy identifies the banking, finance and insurance sector as one of its 13 critical information infrastructure sectors.
Last line
The effect of cyber crime on commercial banks are huge financial losses, despite the assumption losses declared by banks yearly. It is unfortunate that this incident is hidden from the public in order to protect investors and customers from being alarmed and to protect their reputation. However, commercial banks are continually faced with huge losses and how they recover from these losses is still a misery.
