How Fraudsters Use Tech To Steal Billions From Banks

From year 2000 to 2016, at least N216bn has been lost to fraudsters through Nigerian banks with the use of various payment platforms, mostly electronic based.

This figure was derived from data analysis by Easy Solutions Ltd and the Central Bank of Nigeria.

A security assessment of Nigerian bank websites in 2014 carried out by Easy Solutions Ltd, a global e-fraud protection firm, indicated that electronic fraudsters had invaded Nigerian banking environment, deploying over 185 fake mobile applications on the websites of 15 out of 17 deposit money banks with which they were extracting customers’ personal and financial information with intent to steal from bank accounts.

The CBN and Bankers’ Committee- owned Nigeria electronic Fraud Forum (NeFF) said studies also showed that security ranks foremost in the concerns of stakeholders when transiting from cash based system to electronic platform for payments.

Nigerian banks have lost N199bn to e-frauds between 2,000 and 2014, mostly due to inappropriate and reckless management of customers’ data, according to various reports. Analysis of NeFF annual reports showed that the Nigerian banking sector recorded 31,736 fraud cases involving N16.5bn between January 2014 and December 2016.

In a lot of cases, the frauds are not resolved, thus the customers and banks bear the brunt.

The common channels of fraud include ATMs, internet banking, across the counter, POS, mobile banking, eCommerce, web fraud, Kiosk, cheque and other platforms. However, technology is central to these frauds.

A recent report from the Nigerian Electronic Fraud Report by the Systems Payment Department of the CBN suggested that between 2015 and 2016, while the value of financial transactions rose significantly from N48.93tn to N64.18tn, the amount involved during the period dropped from N4.37bn to N4.36bn.

The report stated that in 2014, fraudulent transactions conducted through ATM were 491 cases, Internet banking 287 cases and web channels with 218 cases were the top three.

Mr. Rislanudeen Mohammad, a former MD/CEO of Unity Bank, said, “Electronic fraud in banking is not peculiar to Nigeria. Until recently, it was a big problem in most banks in developed countries and was largely perpetrated through internal connivance. Like in Nigeria and elsewhere, technology fraud typically goes down over time with improved capacity knowledge in information security systems and deployment of detection and protection software.”

On how the frauds are perpetrated, Mr. Terwase Swande, a bank executive, said, “As technology evolves, fraudsters are also evolving. There are several reasons why fraudsters are able to pull through with fraud schemes. In 2006, an Assistant General Manager in a first generation bank lost N2m to fraudsters because he was simply tricked by a phishing website. Phishing is when you are conned to release or make available vital security information that can be used to fraudulently steal money from you online.”

“In the case of the AGM, he was sent a mail from a phishing website (the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers) that advised him to “click” a link to update his ATM card details otherwise it would be blocked. He did without recourse to his bank and N2m was moved out of his account. That is a bit funny because he is an AGM in a commercial bank. The point I am trying to make is first and foremost, ignorance of IT protocols on the part of the customer plays a huge part in the success of fraud schemes.”

According to him, when banks were using ATM card technology called magnetic stripes, it was easy for fraudsters to clone cards with the same technology and hack pins and steal money but with chip and pin technology and security, it is a bit difficult for fraudsters so the second reason is that security verifications and protocols by banks are sometimes too easy for fraudsters. He said fraudsters work in syndicates too, as some even go as far as networking on the internet to share information about possible targets.

Mr. Swande also noted that for every technology, they also try to design a way to beat it.

“You cannot rule out internal collusion. That has also been a scourge in the industry. There have been cases whereby customers were not even on internet or online banking platforms but monies were moved online. How? Through dishonest and fraudulent staff of banks. There was a recent case of a branch manager who connived with outsiders and stole N500m from the bank he works,” he said.

But he said, “Regulators have a huge task to insist on the highest security levels of security and to make sure those security prerequisites are complied with before banks deploy online payment systems.

“Also, the issue of a targeted and specific background screening of IT staff is key. Banks sometimes outsource their IT functions to third party companies and sometimes that’s where complications arise. Sometimes huge responsibility is shouldered by contract IT staff. Remember they are on contract with a pay of 50-70k per month and may not be deemed staff of the bank without much benefits as core staff. There is a whole lot of corporate governance issues that NDIC and CBN will have to look into” he said.

 






Source: DailyTrust

Connect With iTunesNG

Be the first to comment

Leave a Reply

Your email address will not be published.