Stakeholders chart path to digital security, financial fraud reduction

Experts have called on financial technology companies (fintech) and related industry players to pay more attention to digital security and enhance the same to protect not just their businesses but also customers’ funds from rising fraud.

Speaking at the Vanguard/Economic Forum Series’ Fintech: Cybersecurity and Fraud Summit, a panel which had the Chief Technology Officer (CTO) of PalmPay, Mayowa Adeosun; ICT Security expert and government policy affairs advocate, Dr. Chukwuemeka Ujam; Chief Risk Officer, eTranzact International Plc., Edward Onyenweaku and moderated by the CEO, Billsbox, Dr. Monday Ashibogwu, x-rayed the future of financial fraud and digital security.

Harping on the importance of cybersecurity, particularly in areas of fintech, Ujam said human beings remain the weakest link in every chain and for every single fraud that happens, there is a high percentage of social engineering.

“Somebody has gained access to something that you know about, and is trying to convince you that he or she is genuine and because we are humans, I do not believe that we should be blamed. If someone’s phone is taken and money withdrawn within minutes, it is not that person’s fault .

“Now, many institutions just want to hit back and lay blame on the customer and that’s not fair. There are laws, but how many of these laws have been adequately tested in the law courts? Judges are slightly a weak link in the chain because they don’t understand technology. What we should realise, is that there’s always a willing participant in the fraud ecosystem. When you receive a call from a number you don’t know, asking you to send a number that just came into your WhatsApp, we may laugh about this, but they still find so many victims, and that is why they’re still successful. There are still so many gullible individuals out there,” he said.

Applauding the youth for driving technology, he said it however comes with attendant consequences.

“Fintech firms are usually startups and don’t have the kind of money and infrastructure to match well-established financial institutions. Who regulates the Fintech industry? The Central Bank of Nigeria? NITDA? Everyone is coming up with their policies, no synergy whatsoever. Operators are being hit everywhere and sadly, the government just thinks, ‘let us just make money off these people’.

They see technology as thriving and instead of helping, they find a way of taxing everyone and making sure they do not succeed. I think we are getting it wrong with this approach; we should develop places where people can come and test their technology or anti-fraud project and so on; because what happens is, we are by and large, more reactionary.

The thief has come into the premises, and then we start crying. Why don’t we prevent the thief from coming in? Thieves are always a step ahead of all of us. Abroad, if you’re caught as a hacker, the security services take you in and utilise your skills; we should do the same here. We should harness that skill-set; keep them in places where they can churn out ideas and technology to be ahead of hackers and fraudsters.”

Lamenting about the rising cost of security, he said without collaboration, duplication of ideas would abound.

Chief Risk Officer of eTranzact said with technology, there is always increased potential for breaches but as professionals, must strive on detecting potential loopholes quickly and address them.

Speaking further, he said looking at the Fraud Management ecosystem, from fraud detection, fraud identification, prevention and recovery, he said the traditional fraud system focuses more on recovery. He said, however, with artificial intelligence, data could be analysed beforehand.

“Artificial Intelligence, machine learning and data analytics offer us the privilege to analyse potential entry points, from the point of identification. We don’t wait until fraud is detected before taking measures. Fear intelligence is fantastic because it helps us to identify from the onset, and we can begin to apply measures to be able to prevent fraud.”

Adeosun, on his part, commended artificial intelligence (AI), calling it an automatic methodology to identify and manage risk. He said with transaction monitoring and verification tools, which all ride on AI; they can access patterns, monitor fraud and transactions and get data.

Ujam went on to add that with AI, the originator is still a human who is prone to error.

“AI can flag irregular transactions but the issue is, what did you feed into the system to address that irregularity? When we are all jumping on the AI bandwagon, we need to be sure that the information fed into the repository is accurate. We need to be sure that the phenomenon of garbage-in garbage-out does not occur within the AI ecosystem. To what length have we gone to make sure that the machine that we’re relying on is being fed with accurate data?” he asked.

CEO of Billsbox, Dr. Monday Ashibogwu, who moderated the panel, pointed out that the main challenge with Fintech startup is that with most of them, they don’t have the resources to hire multiple hands. He added that the fintech ecosystem is being funded by billions of dollars and it would be a shame for it to be weighed down by fraud or cyber security lapses.

On providing risk management services for startups and fintech, Onyenweaku said fraud has different source points with people being number one. He said after addressing the ‘people’ component, the process must also be looked at.

“If processes fail, things are bound to go wrong, Things like technology, AI, machine learning and so on must be put in place. Every fintech must holistically and individually address their fraud loopholes, from people, to processes and technology.”

Speaking on if a central hub can help startups address the problem of skilled workers, Ujam said the Nigerian startup bill could help address some of these problems startups face. “Collaboration is paramount. Some firms offer services that are not necessarily bespoke, but blanket for startups. For instance, my firm also does lobbying for people and I’m not tied to a particular industry, firm or sector.

I would advise people to go to the National Assembly and educate them or make them change laws that will suit them. Even with this problem lies a business opportunity. People can create organizations that lend support to helping startups. No law says one person can’t work for five, six companies and still get the kind of money he/she may not get by being a permanent staff in one organisation.”

Speaking on checkmating insider abuse, Ujam said when carrying out research, one of the most difficult items to model is a human being, as they’re prone to external influences. “Modeling a human being is almost impossible. One can only ensure that total value does not reside in one individual so that there is a form of check and balance. With startups, the founder is usually the account holder and sole signatory. Some countries have zero tolerance for crime but here, it is not like that. There is no antidote to prevent someone who wants to steal from stealing.”

Giving kudos to the fintech/tech ecosystem, he said Nigerian players are miles ahead of many advanced countries. “Within the telecoms sector, gone are the days where telecom company A would build a mast, telecom company B would build theirs and so on. Now there is collocation and using this same analogy, it should exist within this ecosystem where there is a collocation of ideas, testing and so on.
Stakeholders chart path to digital security, financial fraud reduction

There should be a platform where anonymously, people can report fraud activities. This is the surest way people can propagate the knowledge that this kind of thing happens. People can shield their company names, detailing their experiences so that others can learn from them. We need to encourage this and this is the surest way to move forward.”

He added that financial services usually operate under a regulator, which is appointed by the government. Advising Nigerians and industry players on how to parley with the incoming government, he said they would have their team and ideas, but “when we know their plans and the people that would be occupying certain positions, ideas can be suggested to them.”

Fielding a question on how to secure communication between two devices, Ujam said during communication between two devices, e-mail phishing or man-in-the-middle attack can happen but if one is observant and hovers around an email address, one would see that it is not what it presents to be.

“There are always telltale signs to look out for. When an image or address is created, it is ‘easy’ to tell if it is fake. Also remember that if it is good to be true, it is false. There usually is an encryption channel when dealing with financial services like tokenization and so on, to secure conversations and transactions. When making a payment, ensure it is an https address, hover around email addresses to ensure it is what you should be expecting. It can present as me but behind, you would see it is something else, so check that everything matches to prevent being a victim.”

Offering solutions to internal and external fraud, Onyenweaku suggested measures like job rotation, watching out for relationships and people that could be easily compromised as well as better oversight from external regulators.