How Fraudsters Use Tech To Steal Billions From Banks

From year 2000 to 2016, at least N216bn has been lost to fraudsters through Nigerian banks with the use of various payment platforms, mostly electronic based.

This figure was derived from data analysis by Easy Solutions Ltd and the Central Bank of Nigeria.

A security assessment of Nigerian bank websites in 2014 carried out by Easy Solutions Ltd, a global e-fraud protection firm, indicated that electronic fraudsters had invaded Nigerian banking environment, deploying over 185 fake mobile applications on the websites of 15 out of 17 deposit money banks with which they were extracting customers’ personal and financial information with intent to steal from bank accounts.

The CBN and Bankers’ Committee- owned Nigeria electronic Fraud Forum (NeFF) said studies also showed that security ranks foremost in the concerns of stakeholders when transiting from cash based system to electronic platform for payments.

Nigerian banks have lost N199bn to e-frauds between 2,000 and 2014, mostly due to inappropriate and reckless management of customers’ data, according to various reports. Analysis of NeFF annual reports showed that the Nigerian banking sector recorded 31,736 fraud cases involving N16.5bn between January 2014 and December 2016.

In a lot of cases, the frauds are not resolved, thus the customers and banks bear the brunt.

The common channels of fraud include ATMs, internet banking, across the counter, POS, mobile banking, eCommerce, web fraud, Kiosk, cheque and other platforms. However, technology is central to these frauds.

A recent report from the Nigerian Electronic Fraud Report by the Systems Payment Department of the CBN suggested that between 2015 and 2016, while the value of financial transactions rose significantly from N48.93tn to N64.18tn, the amount involved during the period dropped from N4.37bn to N4.36bn.

The report stated that in 2014, fraudulent transactions conducted through ATM were 491 cases, Internet banking 287 cases and web channels with 218 cases were the top three.

Mr. Rislanudeen Mohammad, a former MD/CEO of Unity Bank, said, “Electronic fraud in banking is not peculiar to Nigeria. Until recently, it was a big problem in most banks in developed countries and was largely perpetrated through internal connivance. Like in Nigeria and elsewhere, technology fraud typically goes down over time with improved capacity knowledge in information security systems and deployment of detection and protection software.”

On how the frauds are perpetrated, Mr. Terwase Swande, a bank executive, said, “As technology evolves, fraudsters are also evolving. There are several reasons why fraudsters are able to pull through with fraud schemes. In 2006, an Assistant General Manager in a first generation bank lost N2m to fraudsters because he was simply tricked by a phishing website. Phishing is when you are conned to release or make available vital security information that can be used to fraudulently steal money from you online.”

“In the case of the AGM, he was sent a mail from a phishing website (the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers) that advised him to “click” a link to update his ATM card details otherwise it would be blocked. He did without recourse to his bank and N2m was moved out of his account. That is a bit funny because he is an AGM in a commercial bank. The point I am trying to make is first and foremost, ignorance of IT protocols on the part of the customer plays a huge part in the success of fraud schemes.”

According to him, when banks were using ATM card technology called magnetic stripes, it was easy for fraudsters to clone cards with the same technology and hack pins and steal money but with chip and pin technology and security, it is a bit difficult for fraudsters so the second reason is that security verifications and protocols by banks are sometimes too easy for fraudsters. He said fraudsters work in syndicates too, as some even go as far as networking on the internet to share information about possible targets.

Mr. Swande also noted that for every technology, they also try to design a way to beat it.

SEE ALSO... Download Wema Bank ALAT App

“You cannot rule out internal collusion. That has also been a scourge in the industry. There have been cases whereby customers were not even on internet or online banking platforms but monies were moved online. How? Through dishonest and fraudulent staff of banks. There was a recent case of a branch manager who connived with outsiders and stole N500m from the bank he works,” he said.

But he said, “Regulators have a huge task to insist on the highest security levels of security and to make sure those security prerequisites are complied with before banks deploy online payment systems.

“Also, the issue of a targeted and specific background screening of IT staff is key. Banks sometimes outsource their IT functions to third party companies and sometimes that’s where complications arise. Sometimes huge responsibility is shouldered by contract IT staff. Remember they are on contract with a pay of 50-70k per month and may not be deemed staff of the bank without much benefits as core staff. There is a whole lot of corporate governance issues that NDIC and CBN will have to look into” he said.

This article was written by Chris Agab of dailytrust

11 comments:

  1. Thanks for Your lovely update

    ReplyDelete
  2. thanks for your lovely update.

    ReplyDelete
  3. Wow that's great I love it continue 9ja hard

    ReplyDelete
  4. Thanks for sharing this @wizy👍
    Keep up the good work!

    ReplyDelete
  5. There was a certain time that we went for a workshop and the guest speaker said can an analog teacher be competent enough to teach a digital student?

    The world is evolving and its mandatory that we should also move according to the trend of events.

    ReplyDelete
  6. This is not a problem that is limited to Nigeria alone, the only way to minimize this is constant improvement by banks on ict use, orientation of their customers, strict regulations and monitoring by CBN and other financial regulatory institutions and competent investigation by law enforcement agencies, if we have all this then we get to minimize the impact but to say you want to stop it is a big fat lie.

    ReplyDelete
    Replies
    1. agreeded.. 100% on point bro.. thumbs up

      boiz are not smiling en believe me some have gone so digital that d are working 24/7 inoda to do d undo-able.. dat reminds me d case of ponzi scheme which made alot of people rich by having dia own ponzi site en extracting money from people, now tel me what wil make dem not to go further in finding any means of getting more richer..
      is well shaa.

      Delete
    2. nice update en very educative..

      for me fighting cybercrime requires not just IT knowledge but IT intelligence on the part of the security agencies. In this clime, there is an IT security divide - a serious shortage of skills to deal with the threats associated with IT. Shouting and moaning about cybercrime isn't enough. All the talk is meaningless unless the gap is closed. Security agencies need to be equipped with the skills, the know-how and the insight necessary to fight cybercrime effectively.

      Delete
    3. Points well articulated and straight to the issue at hand.

      The issue of cyber crime is like a monster that has eaten deep into our system and for us to reduce it drastically, all regulatory bodies saddled with the responsibility of fighting cyber crimes must work together as a team so that they can achieve the much desired goal.

      Delete
  7. Now that these figures have been released by CBN and Easy Solutions Ltd, what measures have been put in place to avert any reoccurrence?

    As at when these fraudulent acts were perpetrated, what were these bodies doing?

    ReplyDelete