Rising bank fraud raises fresh cyber security concerns

Increasing rate of incidences of bank fraud is sending a frightening signal of unguaranteed safety of depositors’ money, with experts calling for drastic steps by both the lenders and industry regulators to reverse the ugly trend.

It is no longer news that the adoption of electronic payment platforms as a convenient means of payment has increased the rate of e-fraud and cyber-attacks in Nigerian banks.

But the customers are getting even more apprehensive with recent developments suggesting that significant number of these illicit practices taking place in the banks are perpetrated or facilitated by insiders.

The Financial Institutions Training Centre (FITC), in its Q2 2024 Fraud and Forgeries report released on Saturday, highlighted a surge in fraudulent activities across banking platforms.

The report revealed that Nigerian commercial banks have lost a total sum of N42.6bn to fraud and forgeries over a three-month period from April to June this year.

The amount lost in the second quarter of 2024 alone exceeded the total amount lost to fraud by the banks throughout the entire year of 2023. In 2023, the banks lost a total of N9.4bn. The FITC report is based on returns on fraud and forgery cases received from 28 deposit money institutions in the country.

According to FITC, 80 of such returns were received in the quarter under review. It said that 26 reports were submitted in April, while twenty-seven 27 reports were received in both May and June.

A breakdown of FITC’s data showed that the Q2 loss shows an 8,993 per cent increase in loss when compared with the N468.4m lost in Q1 2024. This also represents a 637 per cent increase when compared with the N5.7bn loss recorded in Q2 2023.

FITC said ‘miscellaneous and other fraud’ types constituted the largest loss, representing 96.46 per cent of the total amount lost, with a value of N41.14bn.

This was followed by losses from fraudulent withdrawals and computer/web fraud, amounting to approximately N781.2m and N400.7m, respectively.

According to the report, there was a staggering 1,784 per cent increase in the total amount involved in fraud cases from Q1 to Q2 2024, with the sum escalating from N2.9bn to approximately N56.3bn in Q2.

During the second quarter of 2024, fraudulent activities were carried out through various channels, including ATMs, online platforms like web and mobile banking, bank branches, and point-of-sale terminals.

Last year, similar report by FITC revealed that there was an increase in cases of fraud committed by bank staff, from 38 cases in Q4, 2022 to 72 cases in Q1, 2023.

The report stated, “Staff involvement increased to 72 cases in Q1 2023 from 38 cases in Q4, 2022 representing an 89.47 per cent increase. Additionally, there were 124 cases that were not specified and six cases of collusion.”

It was also noted that deposit money institutions reported that 15 employees were sacked due to their involvement in fraudulent activities in Q1, 2023, representing a 25 per cent decrease from the value reported in Q4, 2022, where 12 bank staff were disengaged for similar reasons.

In May this year, the Osun State Police Command said it had arrested a manager in one of the branches of a first-generation bank in Osogbo, Mr Adeniyi Talabi, for allegedly stealing a sum of N650m belonging to 35 customers of the bank.

A statement by the spokesperson of the command, Yemisi Opalola, claimed that the suspect perpetrated the fraud by obtaining the amount under false pretence from the victims and stealing the amount through an illegal transaction called proof of funds.

The statement partly read, “The Osun State Police Command in its efforts to rid off criminal elements from the state has arrested a serial fraudster, one Adeniyi Sunday Talabi, ‘m’ 47 years, a resident of Army Barracks Area, Kelebe, Iragbiji Road, Osogbo, a manager in one of the First Bank PLC branches in Osogbo for an offence of fraud, Obtaining money under false pretence (OBT), Conversion and Stealing amounting to the sum of N650, 850,000 in an illegal product called PROOF of FUNDS which involved a total number of 35 victims (people).

“It is worthy to note that the said suspect has been suspended by the First Bank Nigeria Plc, his former employer. Investigation into the case has since commenced and the suspect and his accomplices will be charged to court upon completion of the investigation.”

Going forward

With the staggering increase in losses to fraud, the FITC advised the banks to enhance their monitoring and auditing procedures. According to the Centre, deposit money institutions can utilize AI-driven tools that flag unusual entries or patterns to implement continuous and automated monitoring systems that can detect anomalies or discrepancies in settlement files.

Besides, regular unannounced internal audits focusing specifically on settlement processes can be conducted to identify and address any irregularities promptly.

“Access controls should also be strengthened by limiting access to settlement files to only a small, vetted group of authorized personnel given the appropriate clearance and are regularly trained on the latest security protocols.

“The implementation of multi-factor authentication and role-based access controls can aid the reduction of the risk of unauthorised changes to settlement files,” FITC stated.

Playing safe

A cyber security expert, Olalekan Oladehinde, argued that while attention has been paid to sophisticated ways of defrauding customers through the internet, some elderly and not-too-lettered individuals are being defrauded in simple ways such as imposters posing as bank staff, phone theft among others.

He said it is always important for customers to deactivate abandoned phone numbers linked to accounts by visiting the closest branch of their banks to deactivate such numbers or by removing abandoned phone numbers linked to accounts.

For ICT expert and Senior Partner of e86 Limited, Olugbenga Odeyemi, several fraud cases could not have happened without the help of insiders in some of the banks.

He said, “Some of the hacking and fraud cases that we have seen happened not because of the lack of security on the banks’ electronic platforms, but because of poverty, greed, and sometimes the lack of education on the part of the customers.

“Other than asking banks to invest more in the security of their platforms, it is equally important that banks spend more resources on educating their customers.

“I think Nigerian banks should spend more money on the welfare of their staff members while making appropriate changes to their internal processes, starting from their hiring processes”.

Findings have revealed that a user’s name, initials, date of birth or even phone numbers are commonly used as passwords in Nigeria nowadays. But with modern technologies at their disposal, hackers can easily exploit weak passwords and obtain unauthorised access to user accounts.

Experts have warned that in order to protect themselves, people should use difficult password combinations that are different from their recognisable initials, date of birth, or even phone numbers.

Speaking at the annual capacity-building workshop for law-enforcement agents in Lagos recently, the Managing Director/Chief Executive of the Nigeria Deposit Insurance Corporation (NDIC), Bello Hassan, called on law enforcement agencies to strengthen their collaboration to curb banking fraud in the country.

Hassan, represented by the NDIC Director of Communication & Public Affairs, Bashir Nuhu, said, “We are not unaware of the challenges of investigating and prosecuting financial malpractices and bank fraud cases but wish to urge you not to relent on your efforts and be rest assured of our unflinching support at all times.

“The banking system is rapidly evolving with innovations, it is clear that a new phase of the financial technology-driven economy is currently reshaping the global financial services space. With this development, the criminally minded users of the banking system, including the notorious ‘cyber criminals’, are busy perfecting their misplaced skills.

‘’This is why workshops like this are necessary to enable law enforcement officers to understand the dynamic operating environment. The law enforcement officers must acquaint themselves with basic knowledge of the types of fraud prevalent in our banks.”