New Telegraph

Unauthorised Debits: Lamentations Over Banks’ Sharp Practices

Ordinarily, banks should be safe places to deposit money. However, with tear-provoking tales of unceasing theft in supposed secure places, Nigerians continue to lament the pains of unauthorized withdrawals. LADESOPE LADELOKUN writes

Tired and famished, Ejoh Modupe Hannah, had not envisaged that an attempt to withdraw money from the nearest Automated Teller Machine (ATM) to her office would later cause pain and frustration. At first, the move to withdraw N5,000 from the first ATM at Access Bank branch yielded no luck. The second attempt at another ATM in the same bank only got her UBA ATM card buried in the cash- dispensing machine. Meanwhile, despite turning to Opay(a Fintech company)for succour by making a transfer of N5,000 from her UBA account to her Opay account before she eventual- ly withdrew through her Opay card at a Point of Sale(POS) machine, she got multiple alerts, indicating that multiple withdrawals had taken place through a POS machine in her UBA account at a time her UBA ATM card was still trapped in Access Bank’s ATM. “I was coming back from work that day with my colleague. Then, I stopped over at one Access Bank around my place of work to withdraw money for transport.

“I tried using one of the ATM machines but it wasn’t dispensing. Then, I tried an- other one and it eventually swallowed my card. “I reported to the security guy I saw on duty and he said I’ll have to go back to my own bank to get another card because my card was a UBA card. He said it was CBN’s policy. “I left there, then did a transfer of N5,000 to my Opay account and collected the money with my Opay card from a POS machine before boarding a bus going to Mile 2. Just 8 minutes after the bus left, I saw debit alert of N10,000 in three batches from my UBA account with a POS, before I could block my account, they withdrew all my money.” She added: “All the money that left my ac- count that day was N35,000. I immediately came down from the bus and ran back to the bank. To my greatest surprise, I didn’t meet the security man I met earlier there again.

“I met another person, who told me the guy wasn’t a security man. So, how did he enter the bank premises or where were you when you were supposed to be at your duty post? I got so angry that day that I almost fought the new security guy. They pleaded and said I should come back to the bank the next day to lodge a complaint since the bank had already closed.” She further explained how the bank allegedly chased her away with security agents, dashing her hope of getting back her money. “When I got to the bank the next day, I went to the customer care unit to com- plain and they directed me to someone they called their manager. But to me, he didn’t seem so because he was stuttering and couldn’t give me a valid reply. He told me my card was not in the ATM room. And that means I didn’t use the ATM machine. I requested for CCTV footage but they denied me the access, asking me to go to my bank and lodge the complaint. “I didn’t listen to them and I started causing chaos in the bank.

They invited two mobile policemen to walk me out. “And that was how I couldn’t get my money back ooo. My bank said they’ll look into the issue when I later went to complain and they said they’ll give me feedback in 10 working days. I didn’t hear anything from Access or UBA. I called them out on Twitter but still nothing happened.” For a number of account holders in Nigerian banks, living with the fear of possibility of a sudden disappearance of their hard-earned money is one reality they find difficult to shake off. Ordinarily, the bank should be a safe place to keep life savings. Perhaps, that is in the past. With evolving technology, stories are told of how monies leave bank customers’ accounts without authorization – and the culprits do not have to lift a gun.

With e-payment channels like computer/ web, mobile, and Point of Sales, lamentations about disappearing funds appear simmering. According to the financial statements of four Nigerian banks- Access Bank, Guaranty Trust Bank, First City Monument Bank and Wema Bank – in 2021, N1.77 billion was lost to fraudulent practices perpetrated by fraudsters. However, the 2020 and 2019 Annual Reports of the Nigeria Deposit Insurance Corporation (NDIC), revealed that the total amount lost to bank fraud and forgeries stood at N120.79 billion and N204.65 billion respectively. Also, the Nigeria Inter-Bank Settlement System (NIBBS) Annual Fraud Landscape revealed that the banking industry lost a total of N14.3 billion to electronic fraud in 2022 but that of 2021 stood at N12.7billion. According to the immediate past Executive Vice Chairman of the NCC, Umar Danbatta, the Central Bank of Nigeria (CBN) rates electronic fraud as the biggest risk in the telecom sector, which has widely incorporated electronic payment solutions such as Automated Teller Machines (ATMs), Nigeria Inter-Bank Settlement System (NIBBS) Instant Payment and mobile banking.

Attackers, he said, now target telecom networks with the intent to disrupt service delivery and infiltrate their data bank for SIM swaps, noting that a lot of people are highly ignorant about how losing their phones to fraudsters can lead to a complete clean-up of their bank accounts. Meanwhile, stakeholders have questioned the capacity of the NDIC to protect depositors. In stating its mandate on its website, the NDIC wrote: “The Corporation supervises banks, so as to protect depositors; foster monetary stability; promote an effective and efficient payment system; and promote competition and innovation in the banking system. “Banking supervision is an essential element of the Nigeria Deposit Insurance Corporation(NDIC) as it seeks to reduce the potential risk of failure and ensures the unsafe and unsound banking practices do not go unchecked.”

More Nigerians lament

Tolulope Adetola had planned to buy foodstuffs that would be enough for his family till the end of January, including all his family needed for a jolly Christmas celebration, just a week before Christmas. But that remained in the realm of wishes after his Wema Bank account was emptied a day to when his wife had planned to buy all that his family needed. “All I can remember is; I went to with- draw money from a POS agent near my house. The POS machine was that of FairMoney(a microfinance bank). That was the last transaction I carried out be- fore the incident. In the evening, I started getting alerts. I had about N300,000 in my account. It was as if the criminals knew my plan to buy things the following day. I have a baby that would also need to be fed. That incident turned me to a beggar. I had nothing on me and my family must feed. I did what I had never done. I started calling the people I never called for financial assistance. I had to get an emergency loan to make me stabilise.

When I went to my bank, I was told my ATM card was compromised. That was where the matter ended,” he told Sunday Telegraph. Unlike Tolulope Adetola and Ejoh, Deputy Provost of Nigerian Institute of Journalism, Dr Dele Omojuyigbe, was lucky to have the money withdrawn from his ac- count without authorization back. But it wasn’t without a drama in the banking hall. In an interview with Sunday Telegraph, he said: “It was on two occasions. I think I was to blame for the first one. I let down my guard. Then, I was conned. When it happened, I went to the bank to complain and they blamed me for what happened. Well, I said no problem. Let me close the account. They told me I shouldn’t. I told them I was no longer comfortable with the account. But they assured me that there was no problem. They said they would put security and rectify the problem. They also told me to change my ATM card. I did. So, the following morning, I transferred N100,000 from one of my accounts in another bank to the account. I did that in Agege when I was coming from home.

Before I got to school, I had received an alert that the N100,000 had been withdrawn by an unknown person. I went straight to the bank, reminding them of their assurance. They had to be begging. The managers and everyone were calling. I stopped transactions in the bank that day because I was furious. I stopped everyone from working. I eventually got my money back. They said the lady that handled the case was new on the table. They said she didn’t do what she ought to have done.” Shedding light on his first sad experience with cyber fraudsters that made money leave his account, Omojuyigbe explained: “I was conned. They were asking me questions. But because of all the information they gave me, I believed them. No one could have such information except people working in the bank. So, I let down my guard. They told me many things no one could have known except people working in the bank. The information I was given were the things I filled in my form. Confidential report, “he added.

Bank staff as culprits?

In its ‘Reports of Fraud and Forgeries in Nigerian Banks’’ between the second quarter of 2021 and Q2 2023, the Financial Institutions Training Centre(FITC), expressed worries about the involvement of bank workers in fraud cases in Nigeria. According to the report, 19 employees of banks were sacked between April and June 2022, due to their involvement in fraudulent activities. This figure, FITC said, represents a 90 per cent increase when compared to the 10 employees sacked in the first quarter of 2022. On why banks should err on the side of caution when employing staff, FITC stated: “Banks should exercise extra caution when employing new staff or contracting an outsourcing firm for employment.

As a measure to curb the involvement of staff in fraudulent activities, staff who have also acted with high integrity in circumstances in which they would have acted otherwise should be duly commended and rewarded for their actions; this sends a positive message to other staff and they too would want to be recognised and rewarded as well.” It added:“Evaluating the total amount lost to frauds in Q2 2022 reveals that Mo- bile Fraud accounts for 38.18 per cent at N449 million loss, followed by Miscellaneous & other types of fraud accounting for 32.19 per cent (N379 million) and Suppression of Entries at 11.02 per cent (N129.64million). “A closer look at the unusual amount recorded under the Miscellaneous fraud revealed that the fraud was carried out via E-naira for which the banks were liable.”

Speaking on his experience as a former employee of a new generation bank, John Wahab, alleged that some tellers and employees in the customer care unit abuse the privilege of their access to customers’ ac- counts to collude with fraudsters. “I was once a direct sales executive when I was in the banking system. I can tell you that some tellers and some people in the customer care unit of the bank engage in sharp practices. The fact that they have direct access to customers’ accounts makes it a lot easier. In most cases, the monies diverted from customers’ accounts are those of the people living abroad. When they see that the owners have abandoned the account for a long time, they just divert. Even among the staff in the bank, a lot of shady things go on.

Your customers could also be diverted. You could have 10 customers but your colleague could divert two of your customers because they have access to the computer. This was once discovered at the regional branch, where we hold regional meetings and this usually comes up once in a month. The matter was resolved internally by our managers by instructing the employee that cheated to replace the customers of the cheated. But that was when there were new customers. The most painful part is that the customers stolen could be your biggest customers.” In his reaction, a banker, Kola Tiamiyu, harped on the need for bank customers to be security-conscious, saying it would be uncharitable to blame banks when hackers steal their savings.

He said it was partly the responsibility of bank customers to ensure that they protected their account. “Fraudsters access bank accounts through two major ways: phones and ATM cards. Once a fraudster gets the number on your card, they don’t need your PIN. There are some websites that don’t require your PIN, especially sports betting sites. They only require the number on both sides of your card. Whenever a card’s information is supplied, money goes into the bet account and the fraudster could decide to transfer it to their account. So, when the owner of the card gets alerted of multiple withdrawals, they wonder what’s going on. “People also have to be careful about how they hold their ATM cards. Someone came to withdraw money from our branch here.

He was holding his card carelessly. Some- one behind got the number on his card through the camera on his phone. When the young man entered the banking hall, he discovered that while still on the long queue, his entire savings disappeared.”

We prevent cyber attacks -ALTON

Commenting on the efforts of telecommunications companies to protect subscribers from electronic fraudsters,the Chairman of Association of Licensed Telecommunications Operators of Nigeria, Engr. Gbenga Adebayo, said each mobile network opera- tor provides a firewall to secure its infra- structure against cyber attacks, noting that the, “integrity of protection is very high on various networks. What is not in the control of the operators are people whose information is compromised, not traceable to the operator. Compromised due to their own way of life. If, for example, you lose your PIN, or you are careless with your SIM card or data identity and someone perpetrated a fraud with that, that’s not in control of the service provider.

“So, what we say to each subscriber is to exercise caution in the use of electronic access, to regard it as confidential as bank account number, not to expose it to elements that can use it against them. As for the operators, on a regular basis, networks are protected by different levels of firewalls to prevent cyber attacks. That’s why we have not recorded any major incident of an attack on network operators because the integrity of protection is quite high. Where subscriber data is compromised and it’s used to perpetrate fraud,that is not in the control of mobile network providers. It’s on the individual to protect themselves. ” On cloning of data, he said: ” I wouldn’t know how that works and none of that has been brought to our attention. Know also that when that happens, that is stealing.

That means someone has stolen somebody’s data and there are procedures in law that deals with stealing. Either stealing of physical or electronic data. So, that is a case of stealing. It’s like someone breaking into your house. It’s like someone cloning your photograph and calling himself your name. That’s actually stealing. That is fraud. The law provides for how such should be dealt with. Again, that is not in the control of network operators.” Adebayo said telecom operators recognize the need for collaboration with security agencies, noting that they will continue to work for the public good. He said: ” As best as we can, on matters of national security, we are collaborating, we are cooperating. But that is not something for public media.

But the assurance is that we are working and collaborating with all security agencies for national security and for protection of all citizens, particularly those to whom we provide services. It is an ongoing thing. We need to continue to fine-tune and retune. It is an ongoing collaboration and it will continue like that till the end of time for public good.”

NCC responds

For the Director of Publicity of the Nigerian Communication Commission,(NCC) Reuben Muokar, the NCC is doing all it can to provide necessary support to relevant agencies of government to fight crime. He, however, noted that security and financial issues were not its responsibilities. He said: “We regulate the industry. Security and financial issues are not within our purview. Initially, there was no registration of SIM by individuals when we started way back. It was discovered that a lot of crimes were committed with phones; the NCC was approached to regulate SIMs. So, people’s identity would be unveiled and a face can be put to the user of every phone. “Obviously, the idea is to help security agencies to tackle crime.

It was on the basis of that that the commission directed the registration of SIM cards. The other one is more of a regulation; that is the directive that all users of phones should link their NIN to SIM. It’s not our responsibility to fight crime but a collaboration with security agencies is already implied in the provision of a regulation.”

Need for training, awareness

Speaking with Sunday Telegraph on how to curb cyber fraud, Seyi Akindeinde, founder of Hyperspace Technology and cyber security expert, harped on the need for banks to create awareness, particularly among unsophisticated people. “Most hackers cannot break into a bank’s database from outside because all the banks have implemented security control. You know the CBN has given guidelines on security specifications. To a large extent, most banks are compliant. These are international standards. No matter how strict the controls are, at the end of the day, they are still operated by people. Insiders collude with hackers to move money.

“How do they know the account with huge money?What we have found out is that some of these fraudsters create fake bank apps in the app store and a normal person will download. Most of these fraudsters target the consumers. Banks need to do more awareness officially for the sake of people that are unsophisticated.” Akindeinde also added that most fraud cases are victim-assisted.

Read Previous

Threatening Your Spouse Whether You Mean It or Not

Read Next

Countdown to Games of the Future –E-Sport