Reports of Nigerians, who lost their money to hackers in their trusted banks have raised doubts about the safety of funds kept in supposed safe places. While sorrow and gnashing of teeth have become their lot, concerns mount over how this trend would affect Nigeria’s cashless policy. LADESOPE LADELOKUN, writes on the frustration of victims of electronic banking fraud and how to escape being a victim
In less than a year, Temitope Sessinou has changed bank accounts three times after her entire life savings got emptied in her trusted banks. Only in August last year, she had planned to import goods worth N2.5million after receiving joint donations in the sum of N1.5million from friends and business associates.
She, however, passed out on discovering that her bank account balance read Zero. Hear her: “For quite some time now, I’ve been importing goods into the country and I don’t do this alone because I get donations from business partners.
Some contribute as little as N20,000. Someone gave N500,000. I can go on and on. I didn’t know what happened. It’s still like a dream to me. Suddenly, everything vanished from my account and my bank told me they could not do anything about it. I waited! As I speak to you, I still pay back what was stolen from contributors.
Do you know after that sad experience, N150,000 was stolen from the same account. This time, someone just bought items worth that amount online and nothing was left for me again. I closed the account, just like I closed the first one.
But, after opening another account, like the second account I closed, someone bought recharge card worth N20,000 from my account. I closed the account again. What I do now is to give the account information of trusted friends and my siblings whenever I’m expecting any money I consider huge. But that is even risky,” she told Sunday Telegraph
For Chief Innocent Ogbonna, it was just like a dream when he got multiple alerts of transactions he never made. His entire savings had been cleared by fraudsters in Benin, Edo State, even while he was in Mowe, Ogun State.
“I was in my bedroom when I started getting notifications of withdrawals from my account. I had about N175,000 in my account. They only left N1,000. I reported to my bank but they told me that there was nothing they could do about it. But it was discovered that my money was withdrawn in Benin. The bank, where he withdrew the money was also revealed. I got to know that the man who stole the money had no address and the bank allowed that. A first tier bank for that matter!
I wanted to arrest the man but my lawyer advised against such because I would end up spending more money to lodge him in a hotel for a week and engage the services of policemen. I had to let go.”
Distraught defined her visage. Chiamaka Agim could not hold back her frustration and tears in a video uploaded on her Twitter page on January 10, 2023. She narrated how she received three debit alerts of unauthorised transactions from her bank that amounted to N4.039 million on January 9, 2023, leaving N12.900 only as her account balance.
Meanwhile, in a document seen by Sunday Telegraph, Agim was told by the said bank that only N800,500 could be salvaged out of the N4.039 withdrawn from her account without her consent.
Banks are ordinarily seen as secure places to deposit money. But with reports pointing to spiralling cases of fraud in banks, a dampener for many is put on the faith of Nigerians in the banking system.
With tales of how life savings disappeared from supposed safe places, a number of bank customers have been condemned to the chasm of destitution and frustration, owing to the activities of fraudsters.
According to the financial statements of four Nigerian banks -Access Bank, Guaranty Trust Bank, First City Monument Bank and Wema Bank – in 2021, N1.77 billion was lost to fraudulent practices perpetrated by fraudsters. However, the 2020 and 2019 Annual Reports of the Nigeria Deposit Insurance Corporation (NDIC), revealed that the total amount lost to bank fraud and forgeries stood at N120.79 billion and N204.65 billion respectively.
Meanwhile, stakeholders have questioned the capacity of the NDIC to protect depositors. In stating its mandate on its website, the NDIC wrote: “The Corporation supervises banks, so as to protect depositors; foster monetary stability; promote an effective and efficient payment system; and promote competition and innovation in the banking system.
“Banking supervision is an essential element of the Nigeria Deposit Insurance Corporation as it seeks to reduce the potential risk of failure and ensures the unsafe and unsound banking practices do not go unchecked.”
Unlike bank robbers, who need an AK-47 to loot the vault of a bank, some of the weapons for electronic banking fraud are a computer, a software and hardware. According to experts, the failure of banks and regulators to invest in procedures and controls has fuelled virulent attacks by fraudsters on the Nigerian banking system.
Earlier, the Spokesperson for the Police Special Fraud Unit in Ikoyi, Lagos State, SP Eyitayo Johnson, had disclosed how suspected fraudsters transferred N523,337,100 from a customer’s account domiciled in an old generation bank to 18 different accounts in the same bank.
Johnson further stated that the suspects subsequently transferred the money from the 18 accounts into 225 other accounts domiciled in 22 other banks and financial institutions.
According to him, the coordinated cyber-attack was carried out on between April 23, 2022, and April 25, 2022.
“The legal section of the Police Special Fraud Unit in Ikoyi-Lagos, headed by CSP E. A. Jackson, has successfully obtained an order of the Federal High Court sitting in Lagos, for the preservation/forfeiture/attachment of a net sum of N523,337,100 fraudulently transferred by Internet fraudsters, who hacked a customer’s account domiciled in one of the old-generation banks and posted the funds into 18 different accounts in the same bank before transmitting same to 225 other accounts in 22 banks/financial institutions.”
“In the course of the investigation, the sum of N160,287,071.47 was recovered from different banks; with two suspects arrested, while operatives are following other leads in order to apprehend the remaining members of the syndicate. The suspects will be charged to court as soon as investigations are concluded,” Johnson said in a statement.
The Central Bank of Nigeria(CBN) had in 2016, reasoned that the world over had shifted security policy stances to a more cybercentric position, noting that the warfare of banking security had changed from what was conventional to a constantly changing strategy in response to the rapid developments in payment technology.
“The story behind the figures clearly showed that as we move further down the digital path in payments, fraud attempts are bound to increase and the test of our strength as an Industry will be how effec tive the collaboration among all stakeholders in warding off this imminent threat to the payments system is, not only domestically but also internationally,” it added.
But concerns continue to mount over how the spate of electronic fraud could affect the Central Bank of Nigeria’s cashless policy, which is an initiative to reduce the amount of physical cash in circulation in order to encourage use of electronic platforms for payment for goods and services, something experts say would help check the flow of black money.
In its 2022 Global Economic Crime and Fraud survey,
PricewaterhouseCoopers(PwC) found that the proportion of organisations experiencing fraud remained relatively steady since 2018. However, the survey of 1,296 executives across 53 countries and regions found a rising threat from external perpetrators—bad actors that are quickly growing in strength and effectiveness.
The survey further revealed that nearly 70 per cent of organisations experiencing fraud reported that the most disruptive incident came via an external attack or collusion between external and internal sources. Hackers and organised crime rings are among the most common external perpetrators. Their activities rose substantially in the last two years: 31 per cent of external perpetrator cases were the result of hackers, and 28 per cent by organised crime. Both numbers reflect increases from the 2020 survey.
Top ten scamming countries in the world
In a bid to make quick money, people often resort to unlawful means to acquire wealth. As technology advances, they adopt new techniques to operate fraudulent scams. Scamming, according to Analytics Insight, has become a global problem in recent years, noting that it has become a billion-dollar sector as the E-Commerce industry has grown.
In a report titled, “Top 10 Scamming Countries in the World in 2021”, Analytics Insight listed Nigeria among the top 10 countries notorious for scamming.
According to Analytics Insight, Nigeria employs a single strategy to deceive the
unwary. It further stated that, “everyone has likely seen this someplace, whether in email or social media messages, where they will likely tell you an extravagant fake story about large sums of money in the banking system or a large inheritance that is challenging for them to access due to government limitations or taxes in their nation, and in the procedure. They will ask for your bank account details, so that they can transfer the funds to you.”
Justifying it’s decision to list India among countries where the scam industry thrives, it said it was difficult to visit India without coming across a scam or someone attempting to swindle an unsuspecting visitor.
Other countries are China, Brazil, Pakistan, Indonesia, Venezuela, South Africa, Philippines and Romania respectively.
Security as joint responsibility
Speaking with Sunday Telegraph, the Regional Head of Equity Research, West Africa, at Stanbic IBTC Bank Plc, Muyiwa Oni, dismissed the claim in some quarters that the widely reported brain drain in the banking sector has exposed bank customers to risks.
“I don’t think it has to do with brain drain. I think it has more to do with customers not being conscious enough and giving information that makes their account vulnerable. Banks will tell you don’t give your personal information out. And banks don’t also. Ideally, I don’t think customers will lose their money if they don’t reveal vital information about their account to people. The banks will always keep your money safe. I don’t think it’s the fault of the bank. As long as you don’t reveal your password to anyone, you should not have an issue.”
Another banker, Seun Oye, harped on the need for bank customers to be security-conscious, saying it would be uncharitable to blame banks when hackers steal their savings.
“It is partly the responsibility of bank customers to ensure that they protect their account. If you protect your card very well, such that no one can sign in to your account online, it’s difficult for anyone to steal your money. This is why it’s important to block your account when your phone is stolen. Fraudsters access bank accounts through two major ways: phones and ATM cards. Once a fraudster gets the number on your card, they don’t need your PIN. There are some websites that don’t require your PIN, especially sports betting sites. They only require the number on both sides of your card. Whenever a card’s information is supplied, money goes into the bet account and the fraudster could decide to transfer it to their account. So, when the owner of the card gets alerted of multiple withdrawals, they wonder what’s going on. People also have to be careful about how they hold their ATM cards. Someone came to withdraw money from our branch here. He was holding his card carelessly. Someone behind got the number on his card through the camera on his phone. When the young man entered the banking hall, he discovered that while still on the long queue, his entire savings disappeared.”
Banks make billions but won’t spend thousands to trace fraud – Interpol
Speaking at a webinar reported by a national newspaper (not Sunday Telegraph)on what he deemed the failure of banks to take responsibility for failing customers, Usman Ahmad, a Deputy Commissioner with the International Police Organisation,(INTERPOL), said there was need for banks to vote huge funds for investigation and tracing fraud. Usman was quoted as saying: “Nigerian banks just want to make money. They don’t want to spend money.
“How many institutions are ready to spend money? Nigerian banks just want to make money; they don’t want to spend
money. That is my experience of almost two decades with them, having also served in the EFCC.
“They like making money without spending money, and if a fraud happens, they almost always want to send the liability of the fraud back to the customers in most cases. Unless you stand firm, the banks hardly want to take responsibility. They make billions but don’t want to spend millions or thousands.”
What banks, customers, others should do – Cybersecurity experts
In a chat with Sunday Telegraph, a cyber- security expert, Olubusayo Lade
10lokun, said there was need for banks to keep themselves updated with latest cyber-security trends and keep updating their patches.
“Banks should upgrade their hardware and software. They should also be updated with latest cyber security trends, ensure customers use multi-factor authentication, ensure complex passwords. They should train customers and employees on Phishing schemes and how they can escape Phishing emails. Phishing email is the tactic of luring someone to click a malicious link that can lead to a malicious website with the goal of extracting their personal information. It is also important for bank customers to use Multi Factor Authentication( 2 MFA), consistently reset their passwords.”
“These are tactics that are also used in the United States. Companies should implement SIEM(Security Information and Event Management), IDS/IPS(Intrusion Detection System/ Intrusion Prevention System), configure firewall rules, block and open necessary ports,” he stated
For his part, another cyber-security expert, Chris Agwu, cautioned against using public WiFi, stating that fraudsters could hack easily into their bank account. According to him, data sent to the bank and other companies while using these networks can easily be intercepted by criminals to forge identity or steal money from their unsuspecting victims’ account.
Speaking at the 51st Inaugural Lecture of Ladoke Akintola University of Technology (LAUTECH), Ogbomoso, Oyo State on the theme: “Digital Revolution and E-banking Fraud in Nigeria: Perspectives and Contours of Management Control Function.”, a Professor of Business Management at the Ladoke Akintola University of Technology, Abiola Idowu, reasoned that there should be regular rotation of bank employees to frustrate collaborative fraud and the regulatory institutions and banks should organise workshops, seminars and public lectures for bank customers on how to escape various e-banking frauds, noting that the banking industry should review the existing Bank Verification Number (BVN) framework with the introduction of BVN watch list.
“There is an urgent need to review the internal audit functions of banks to include fraud risk analysis and management, while the internal control mechanism should be strengthened through adequate investment in training of staff in cyber security, online audit fraud detection and management,” she added.
Commenting, a senior lawyer, Mike Ahamba(SAN), told Sunday Telegraph that securing funds kept in the bank was a collective duty, noting that beyond the roles played by the bank to ensure the safety of depositors’ funds, bank customers also need to assist the banks by adhering strictly to instructions by the bank.
His words: “It’s a question of people being careful about the particulars of their account. It’s fraud definitely. Some individuals, who have perfected playing games with people’s accounts are at work. If your particulars get into the hands of other people and the bank has not done anything untoward towards that account, you can’t blame the bank. The banks have been warning, “don’t give information based on the demands of individuals”.
On how to get justice when a bank fails in its responsibilities, Ahamba said: “It’s unfortunate that it’s happening to a lot of people. I’m lucky. I have not had one. Maybe, they look for the big accounts. Mine is not big enough. If you sue a bank, you must have established negligence on the part of the bank. Is there anything they ought to do to protect you that they failed to do?”
According to Ahamba, it is a very deadly situation and any victim of fraud must be able to establish that their bank is blameworthy to win in court.