Amaechi Ogbonna, Omodele Adigun, Uche Usim and Chinwendu Obienyi
In several developing economies, cash is usually the king that underpins most transactions. This is as economic experts have also argued that national development seems faster when there is increased financial penetration. It was in a bid to give teeth to this argument that the Central Bank of Nigeria (CBN), in 2012, adopted the National Financial Inclusion Strategy (NFIS), which focuses among others things on enhancing the adoption of cashless payment channels, ensuring that over 80 per cent of the bankable adults in the country have access to financial services and reduction of the exclusion rate to 20 per cent by 2020.
Since the adoption of the policy, Nigeria’s financial regulators have gone ahead to include the Microfinance banking, agent banking, and Mobile Money Operation (MMO) or Mobile Banking, in the basket of choices to achieve the objective of increased financial inclusion, albeit with very unsatisfactory outcomes.
For instance, the 2018 data by Enhancing Financial Innovation and Access (EFInA) put the nation’s financial inclusion rate at 63.2percent, meaning that as much 36.8 percent or about 40 million adults still lack access to financial services. The expectation of closing the 16.8 per cent shortfall may have even been mired by another elephant in the room: social engineering or electronic frauds, also known as e-fraud for short, which in most cases involve bank staff.
Already, the development is fast eroding the trust customers have in banks and their staff.
According to experts, social engineering is the use of tricks and psychological manipulations by a fraudster to collect sensitive security information from unsuspecting users.
Recent data generated by the Nigeria Deposit Insurance Company (NDIC) in a report, revealed that the amount involved in fraudulent activities in the banking industry increased from the N8.68 billion in 2016 to N12.01 billion in 2017,representing about 38 per cent surge. This was as the CBN also reported a staggering rise in reported cases of such incidences from 16,762 in the first half of the financial year of 2017 to 20,768 in the corresponding period of 2018. In its 2018 Financial Stability Report (FSR), the apex bank disclosed that the payment channels hard-hit include Automated Teller Machines (ATM), Point of Sales (POS) and Mobile Banking.
For instance, a Criminology, Victimology, Electronic Fraud and Cybercrime, researcher at the University of Ibadan, Oludayo Tade, stated in a report, Electronic Banking Fraud in Nigeria: How it’s Done, and What Can be Done to Stop It: “Our research investigated dimensions of electronic fraud in Nigeria. We found three including : internal fraud carried out by banks staff; external fraud carried out by ordinary Nigerians; and collaboration between fraudsters and banking staff. We found that inefficient supervision, non-performance of oversight by regional heads of banks, and poor follow-up on customers’ addresses (Know Your Customer) accounted for the fraud that took place.”
The FSR explains that ATM recorded the highest incidences of fraud in Nigeria with 34.87 per cent fraud interest index. Also, the mobile payment channel ranks the second with 28.21 per cent, while POS recorded 19.55 per cent in 2018.
Fraud incidences recorded across other payment channels include across-the-counter, 8.52 per cent; Cheques, 1.87 per cent; e-commerce, 0.14 per cent and Internet Banking 0.43 per cent.
Cases of fraud and forgeries recorded by the commercial banks rose to 25,029 at the end of December 2018, from 20,774 cases at the end of June 2018. In terms of the amount involved, the sum of N18.94 billion was recorded as cases of fraud and forgeries in 2018 full year, with actual losses estimated at N2.21 billion.
Similarly, the Nigerian Electronic Fraud Forum (NeFF) report for 2018 stated that electronic bank fraud cases rose to N5.571 billion from 2016 to 2018, while the value of fraud perpetrated across-the-counter has been on the decline over the same period, the ones done via ATM and mobile devises have been on the increase.
“In the first half of 2015, the actual loss incurred by banks was N1.9 billion, compared with N4.8 billion and N1.72 billion recorded at the end of the preceding-December and the corresponding period of 2014, respectively. The significant decrease in the actual loss reflected stronger internal control measures adopted by the banks and improved use of technology.”
According to the NeFF Chairman then, Mr Dipo Fatokun, “this goes to show that, increasingly, cyber attacks are becoming common-place and the tactics used are more damaging to individuals and institutions alike.”
Churning out the NeFF statistics at the 3rd NeFF general meeting in Lagos, former Group Managing Director/CEO of Zenith Bank Plc, Mr. Peter Amangbo, stated that “actual loss arising from banks’ fraud fell by 63 per cent, from N6.2 billion recorded in 2014 to about N2.3 billion in 2015, while attempted frauds dropped by 43 percent year-on-year, from N7.8 billion in 2014 to N4.4 billion in 2015.”
In those two years, 12, 204 cases of fraud were attempted with actual loss standing at N8.5billion, while the value of attempted frauds amounted to N12.2 billion.
In his keynote address entitled “Tackling the Risk of Social Engineering Attacks: the Nigerian Perspective” Amangbo, who was represented by Mr Sola Oladipo, said “social engineering is getting more sophisticated, requiring sophisticated actions and response”.
Defining social engineering as “the use of tricks and psychological manipulations by a fraudster to collect sensitive security information from unsuspecting users,” he warned that “the advent of social engineering is an indication that technology alone is not enough to keep” people “and the system secured.”
Sharing his bank’s experience, Amangbo explained that, like other industry players, Zenith Bank also experienced social engineering attacks but that the bank has continued to upgrade its IT infrastructure to curb cybercrimes. If you have very good system and very good people, their (e-fraudsrers’) job will be very difficult. But if your system is lousy and you have very lousy people, of course, it will be very difficult preventing them
“Preventing social engineering attacks and other e- frauds, entails that we should educate our customers and employees regularly on what they (fraudsters) do. Because when they don’t know what they do, that is why, when the unsuspecting people receive their messages, they respond. And when they respond, they lose huge sums of money.
Fatokun, who was then the Director, Banks and Payment Systems Department of the CBN, said since e-fraud has become rife in cybercrime attacks in the country. He explained that, almost on a daily basis, “a plethora of messages are sent by these criminals with the express intent to con the unsuspecting recipient, using techniques that appeal to vanity, greed or authority.” As a result of this, he opined that the Forum should deem it important to look critically at measures that would protect the industry from the menace of the social engineering attacks. The NeFF is an industry platform for collaborating on payments security.
He added: “It is often said that people, processes and technology are the tripod on which cyber-security lies, with discussion ever hovering on which is the weakest link. I must, however, submit that like what is required in building any chain, we must prepare to forge each link with the same degree of heat. In other words, no link must be too important or less significant in the pursuit of payments security.
Fatokun then advocated ”a workshop on the Cybercrime Prohibition and Prevention Act, which will expand understanding of the impact, implications and responsibilities of all stakeholders, particularly those operating within the financial services sector; Consistent publishing of literature that will benefit the entire payments industry and customers alike,
Mr Johnson Chukwu, CEO, Cowry Assets Management Limited, opined that to address electronic payment fraud, one needs to have multiple layers of security built into your electronic financial transactions.
His words: “I think financial inclusion does not have any issue addressing financial crimes because for one to address electronic payment fraud, you need to have multiple layers of security built into your electronic financial transactions. Secondly, the account holders must be discreet with revealing their password. Thirdly, there is also greed on the part of individuals where they are enticed by fraudsters with rewards that are not realistic and they fall for it and these are not things you can legislate against as it can only be moderated by awareness which i know the CBN, Bankers Committee and other financial agencies have been trying to do. The key thing is for financial inclusion to build layers of validation process or securities in the their financial transactions so that before anyone can breach the multiple layers, it will be difficult but in many cases of fraud, individuals allow themselves to be compromised as regards their password and so financial inclusion is not constrained to criminal activity, rather, it is constrained by access from rural dwellers to financial service platforms which is why the CBN licensed payment service providers and then agent banking as well as microfinance banks.
Meanwhile, the Bankers Committee and CBN have flagged off a cyber-security and fraud awareness campaign, called ‘Moni Sense,’ as part of their efforts to enlighten customers on the benefits of protecting their bank and other related transaction details from criminals.
Through the initiative, the CBN and the Bankers’ Committee aim to ensure Nigerians are empowered with critical information and knowledge necessary to make important financial decisions, enhance economic prosperity and continue to drive poverty reduction across the country.
A statement on the campaign indicated that the apex bank and the Bankers’ Committee would work to ensure Nigerians are empowered with critical information and knowledge necessary to make important financial decisions, enhance economic prosperity and continue to drive poverty reduction across the country.
It noted that the incidents of cyber-crime and other financial frauds usually heightens as the year gradually inches to an end, the partners stated that fraud and cyber security awareness was important in ensuring members of the public are informed on their role in protecting their banking information from fraudulent activities.
Chairman, Financial Literacy and Public Enlightenment Sub-Committee (FLPE), Mr. Emeka Emuwa said: “Fraudsters and scammers continually devise new ways to deceive the unsuspecting public, usually with the aim of luring them to inadvertently disclose confidential bank information.
“We encourage Nigerians to always be cautious and ignore any text message, phone call, or Email asking to update your bank information, provide sensitive bank details, disclose online banking details, debit card numbers or PIN to anyone”, the banker added
Financial literacy and public enlightenment are key components of the Bankers’ Committee mandate and the pursuit is considered crucial in the financial inclusion drive of the apex bank and deposit money banks and others in the country.