Can Nigeria's financial community stand up to cybercrime?
Can Nigeria's financial community stand up to cybercrime?
Last year, Nigerian Inter-Bank Settlements Systems (NIBSS) revealed that local banks lost approximately US$1bn to cybercrime targeted at financial institutions between 2000 and 2013.
The company, focused on infrastructure placement to facilitate inter-bank payments, noted that even with the introduction of new technologies (such as the switch from magnetic stripe to secure chips for ATM cards), banks continue to record losses running into billions of naira.
Early this year, the Nigeria Electronic Fraud Forum (NeFF) noted that the spate of cybercrimes in Nigeria, if left unchecked, could completely wipe out the profits of banks and slow down the country's push towards a cashless economy.
The NIBSS as well as the Economic Financial and other Crimes Commission (EFCC) have agreed that the high value of daily financial transactions in Nigeria has made the sector a prime target for cybercrime.
"With an average of NGN80 billion worth of daily transactions, it would be very remiss of Nigerian banks and authorities not to anticipate and adequately prepare for the huge risks that accompany electronic transactions. As technology advances, more and more financial institutions are utilising technological platforms in a bid to remain competitive and enhance flexibility; this however also makes them highly vulnerable to fraudulent activities," the EFCC stated recently.
The organisation added that the availability of new technologies, coupled with the relative ease with which they can be acquired online, makes it even more difficult for the financial industry to protect itself against attacks.
"Everyone is using electronic banking now and more than ever, our banks are relying on various forms of technologies for their operations unlike before when banking was paper-based," said Wale Olatowoju, a retired bank manager.
According to Olatowoju, it is impossible for Nigeria's finance regulators and operators to keep abreast – and ahead of developments in financial technology.
"There are still ATM machines in Nigeria using operating systems that Microsoft is no longer making security updates for. It is still not very easy for security decisions to be quickly reached and implemented across the sector as new threats are emerging. Our banks are just playing catch up and struggling to deal with the bad outcomes," he told ITWeb Africa.
Fraudsters within the system
While much attention is being given to cybercriminals attempting to steal vital information from banks, stakeholders have noted an increase in fraud perpetrated by employees within financial institutions.
According to Uduak Udoh, Chief Internal Auditor for First Bank of Nigeria, these kind of crimes are the most difficult to detect.
"The fraud committed by an insider is always harder to detect than those by outsiders, as the impact is usually higher when an insider is involved. Though, at a particular period, investigations showed that outsider fraud volume was 5,173, representing 99.79 percent, worth N786 million, the insider related fraud volume was 11 (0.21 per cent) but valued at N114 million. Outsiders and insiders remain the greatest challenge as they are both vectors and actors in e-fraud space," he said.
Everyone is affected
Even though the released figures showed that the banks are the worst hit, increasing cases of individual bank customers falling victim to cyber fraud suggest that local citizens are also bearing the brunt – as Alawode Sola can attest to.
Recounting a recent experience, Sola said she lost her wallet and her mobile phone on a Friday evening, and because she couldn't immediately follow up with the bank or telecoms company, she decided to go on the Monday instead.
However, when she managed to get to the bank, she was told someone withdrew a total of NGN300,000 over the weekend. While with the customer care officer, her account was also debited NGN100,000 and a NGN75,000 PoS purchase was also made at Shoprite. Before the ATM card was eventually blocked, the victim had lost about NGN500,000.
"I was told the criminal stole the PIN from my mobile phone. They even said I was lucky since some victims had lost millions of naira to such criminals," she told ITWeb Africa.
Even though PIN codes are required to make withdrawals from the ATM machine, transactions could be done without them online - especially with cards issued by MasterCard and VISA using the CCV which is boldly printed at the back of cards in Nigeria.
"Many people don't know that the code is more dangerous than their PIN codes since it can be used to make transactions on foreign sites. The criminal could be difficult to catch because of the complexity of jurisdiction and reluctance of some foreign companies to reveal their shoppers' personal information," said Funmilayo Olumuyiwa, a lawyer by profession who affirmed that she is still reluctant to actively embrace electronic payment in Nigeria.
Banks are not opening up
Ironically, it is the banks themselves that either knowingly or unintentionally provide a safe haven for cybercriminals.
Stakeholders in the finance industry who spoke to ITWeb Africa said the various banks hit by cybercriminals usually strive to ensure that no one knows about the incidents.
Former bank manager Olatowoju explained that the banks want to avoid creating concern among customers as to the security of their savings and deposits. "They think when news emerges that they had lost millions or billions to cybercriminals their customers could begin to panic and decide to close their accounts. Instead, they choose to deal with the fraud quietly," he said.
Fighting on all sides
Even though the fight against cybercrime is nowhere near over, stakeholders are making concerted efforts to tackle the issue, as per recommendations by the Global Head of Cyber security, KPMG, UK, Malcolm Marshall.
He said: "Two things that strike me that need to happen in Nigeria more and as well as other countries are around capability and collaboration. In many other countries there are university courses on cyber security which organisations are able to recruit from and build a skill base that needs to happening in Nigeria. Cyber attackers collaborate a great deal to finds ways to attack banks and other organisations and individuals, which translates into money for them. The good guys need to work harder at collaborating so that when an organisation is attacked, they quickly pass on the information as quickly as possible."
Nigeria's National Security Adviser, Major Babagana Monguno said, "The cyberspace virtual global domain while dismantling barriers to commerce, is increasingly transforming our economy and security posture, creating opportunities for innovations and the means to improve general welfare of the citizens."
However, it remains to be seen whether or not the country's approach to IT security and services will help to stem the tide of cyber fraud and other online crime aimed at the broader financial space.