How banks are grappling to safeguard customers’ funds against e-fraud
Over six years ago, a cashless policy became totally operational in Nigeria. The aim was to encourage electronic transactions and reduce the amount of physical cash in the economy. The logic was that this would minimise the risk of cash-related crimes in society.
But the major downside of the policy has been pervasive electronic banking fraud (e-fraud). Although the cashless banking system was designed to foster transparency, curb corruption and drive financial inclusion, it’s threatened by the growing perpetration of fraud.
About N15.5 billion was lost to bank fraud in 2018. And about 60 per cent of the fraud was perpetrated online owing to available internet-based and tech-rated banking services. Thus, the banking sector has been grappling with efforts to tackle this menace headlong lately.
Speaking on the development about a year ago, the Director, Payment System Management at the Central Bank of Nigeria (CBN), Sam Okojere, said the apex bank was coming out with clear guidelines for the operation of financial technology (FinTech) companies and Payment Service Banks (PSBs) in order to prevent fraud and make the financial system safer for all.
Okojere, who spoke at the Access Bank Anti-Fraud Week forum, held in Lagos, said: “A new BVN guideline should be coming out any moment from now. When the exposure draft is released, I will encourage you to make a suggestion regarding the area of concern.”
He hinted at a meeting where key stakeholders in the financial ecosystem would come together to brainstorm on ways to improve the payment system in Nigeria.
“The risk-based supervision framework that would actually take care of Fintechs and PSBs is in the offing; very soon there will be a very clear guideline on that,” Okojere added.
The Group Managing Director/Chief Executive Officer, Access Bank Plc, Herbert Wigwe, while welcoming participants, said the workshop was the bank’s avenue of reaching out to members of the community on issues around fraud, risk, and cybersecurity through close engagement.
Quoting from a report by Nigeria Inter-Bank Settlement System (NIBSS), Wigwe said in 2018, about 89 per cent of all financial services fraud in Nigeria happened through digital channels while only 11 per cent were non-electronic. He further quoted PwC’s Global Economic Crime and Fraud Survey 2020, stating that the total cost of cybercrimes was worth an eye-watering $42 billion.
In Nigeria, he said customers were culturally not attuned to security issues around digital transactions, adding that even well-educated people run the risk of falling victim to social engineering and identity theft traps.
“We must go beyond educating customers on the protection of crucial information to actual data protection and integrity amongst operators and stakeholders. I am a great believer in collaboration to solve problems. Our collaborative efforts in data protection and customer education are required in countering security threats in digital payments,” he said further.
In April this year, the CBN also issued a fraud alert about the activities of cyber-criminals who are taking advantage of the current coronavirus pandemic to defraud citizens.
CBN’s Director of Corporate Communications, Isaac Okoroafor, said that cyber-criminals were taking advantage of the COVID-19 pandemic to defraud citizens, steal sensitive information or gain unauthorised access to computers or mobile devices using different techniques.
The apex bank admitted that the trend was not peculiar to Nigeria, as there has been a rise in COVID-19 related cyber-criminal activities all over the world. He, however, noted that it was the priority of the apex bank to ensure that Nigerian bank customers were made aware of the current trend to prevent them from falling victims.
Against this backdrop, a leading retail bank in the country, Access Bank Plc., has been proactive in ensuring that its customers are safe from fraudulent activities, as it has continued to task customers to be on the lookout for fraudsters who use new scam methods to rip people off by preying on the distress that comes with the pandemic.
The bank revealed that fraudsters contact their potential victims either via mail, phone call or text messages to request sensitive banking details with the promise of crediting their account, after which they proceed to withdraw the money in the victim’s bank account.
It added that they often come under the guise of government officials, social advocates and false NGOs allocated to share the relief fund that was promised by the government. The bank warned that this was an easy scam to fall for.
The Executive Director, Retail Banking, Access Bank Plc., Victor Etuokwu, said: “Access Bank is imploring its customers to be wary of any message demanding their personal or bank details. Customers must remember that the bank will never ask for their BVN, full card PAN, PIN, mobile app activation code, OTP or password as most of this information is readily available to the bank via its database.”
Any call, email and text message, claiming to be from Access Bank and demanding any of these details is certainly a scam.
“Also, customers are advised to refrain from sharing user-generated codes when migrating from the old mobile applications to the Access More app. With knowledge of this pin, these fraudsters can gain entry to your bank app, and from there have access to the money in your account.”
Because of the peculiar nature of the pandemic, people are exposed to all sorts of threats, including financial ones that may sometimes come in different and unusual formats. As a result, Etuokwu noted that bank customers should remain vigilant at all times and report all suspicious activities to the appropriate authorities.
He expressed concern about the growing number of reported fraud cases, imploring customers to take more responsibility in safeguarding their funds. He restated the bank’s commitment to providing information relevant to identifying and fending off fraudsters.
“Over the last few months, the number of reported fraud cases has spiked considerably. This is not unexpected as the current economic hardship experienced due to COVID-19 has caused many to be vulnerable.
“However, this trend has become very disturbing, while we urge customers to become more aware of the tactics employed by fraudsters. Access Bank will continue to educate customers on how to avoid falling victims as well as deploy resources to ensure the security of customers’ funds.
“The bank has identified smishing, phishing, social engineering and identity theft as the most common methods used by fraudsters. To aid the fight against this common enemy, we have put more power in the hands of our customers, through the *901*911# USSD code. We have provided a platform through which customers can immediately deactivate their USSD profile by dialing *901*911# from any phone in the event their mobile devices get lost or stolen,” he said.
On customers who say that fraudsters approach them disguising as the bank’s staff, Etuokwu added that, “customers should be on alert as the bank will never ask for personal information such as PIN, BVN, 16-digit card number, CVV, Password, OTP or Authentication Code for the mobile banking app. We urge our customers to ignore such calls, text messages or emails”.
He explained that no matter how talented a fraudster is, his/her real power is the access that customers give him/her, adding that unknown to many, no fraudster can withdraw money from an individual’s account using only the BVN or account number.
He advised bank customers never to enter their card details in an unsecured website, reply an email or text requesting for their card details and to protect their PIN and check their bank statements often, amongst others.
Financial analysts and security experts believe that banks and security agencies like the anti-fraud department of the Nigerian Police, the Economic and Financial Crime Commission (EFCC) should work together to tame fraud monsters.
Stephen Iloba, a Lagos based financial expert, said that all hands must be on deck before fraud and fraudulent activities in banks could be tamed.
He said: “Banks alone cannot fight this battle. The battle can only be won if all stakeholders like the CBN, the Police, and EFCC work together with banks. The FinTech space should also be involved.”
Jimmy Ojalaka, a seasoned security expert, also stated that banks should ensure that the right personnel are put in charge of their sensitive online departments to ensure that no foreign body has access to it.
“Security against fraud in banks is a holistic battle. Banks should not only ensure that competent people are employed to man their IT department but they should also continue to ensure that those employed are dutiful and sincere,” he added.