According to Aristotle, “Excellence is never an accident. It is always the result of high intention, sincere effort, and intelligent execution.” The methodology to be used to curb fraud and fight against fraudulent activities “popularly known as 419” in the bank must be intentional. One must determine to look at so many parameters, such as domain names, IP addresses, currency or phone numbers. This data will then be anonymized by researchers to perform a statistical analysis of their findings.
As of the third quarter of 2023, the Nigeria banking sector has lost over N9.5 billion to electronic fraud underscoring the pressing need for proactive measures in the face of escalating cyber threats. Some cybercrime experts have suggested many ways of reducing the upsurge in e-banking fraud in Nigeria.
The experts said the National Assembly should propose relevant bills such as Cyber Security and Information Protection Bill and Electronic Transactions Protection Bill that could eliminate or reduce electronic fraud to the barest minimum.
They advised the Central Bank of Nigeria (CBN) should issue operative guidelines to the banks and to be reviewed to regulate e-banking services in such a way that suspicious transactions could be reported seamlessly to its financial intelligence. The banks should be mandated to deploy advanced tools and technology, which could adequately protect customers against falling prey to fraudsters, considering the overreliance on telecoms service providers for basic services. There should be provision of automated analysis tools that could identify and report fraud attempts in a timely manner.
The experts called for deployment of deep learning by management of banks. The expert said “Deep Learning is a new approach to machine learning and artificial intelligence which are good at identifying complex patterns and characteristics of cybercrimes and online fraud.”
“There is an urgent need to review the internal audit functions of banks to include fraud risk analysis and management, while the internal control mechanism should be strengthened through adequate investment in training of staff in cyber security, online audit fraud detection and management.
“There should be regular rotation of bank employees to frustrate collaborative fraud. The regulatory institutions and banks should organize workshops, seminars and public lectures for bank customers on how to escape various e-banking frauds. The banking industry should review the existing Bank Verification Number (BVN) framework with the introduction of BVN watch list.”
Also, there should be frequent review of customer KYC (Know Your Customer) information. The customer BVN should be link to the National Identification Number (NIN). This will help the bank to track the customer in case his/her account is used to perpetuate fraud in the bank.
In the new age of digital services such as online banking and digital payments, the frequent reoccurrence of fraud looms larger over the Nigerian banking sector. Cyber criminals continuously evolve their strategies to exploit various financial services, posing substantial risks to both financial institutions and their clientele. Protecting against fraud is paramount to forestall financial losses, safeguard reputations, and maintain operational efficiency.
“Fraud detection involves the protection of customer and corporate data, assets, accounts, and transactions. It hinges on the real-time analysis of user activities. This sophisticated fraud detection mechanism operates through server-based processes that meticulously examine user actions and behavioural patterns or transactions. The goal is to compare these actions with predefined profiles of expected behaviour,” the expert said.
To pre-empt electronic fraud in the financial institutions in Nigeria, attention should be given by the financial institutions to institute regular training programmes aimed at enhancing fraud awareness among their staff. Cyber criminals often target bank employees through insidious techniques such as phishing and social engineering.
“It’s paramount to educate the workforce on the art of recognising potential fraudsters and impart the knowledge of what steps to take in the event of suspecting a compromise,” he added.
Furthermore, institutions must maintain a vigilant eye on employees with account access, being watchful for irregular activities such as unauthorised access, transactions outside regular working hours, and anomalous fund transfers.
The banks must pay attention to internal fraud, reminiscent of insider threats. To mitigate this risk, stringent policies governing individuals, processes, and practices must be put in place, adding “For effective execution, the Chief Information Security Officer (CISO)/Chief Information Security Manager must be well-versed in their roles, wielding both knowledge and practical experiences and benchmarking against industry best practices during policy implementation.”
As a financial institution, establishing and maintaining a comprehensive database containing information about known and emerging threats is highly paramount to help facilitate service hardening, noting that “Gathering data on fraud from both internal and external sources allows banks to garner a profound understanding of the ever-shifting fraud landscape.” Moreover, such a database can serve as a valuable resource for employee training, enhancing their ability to identify potential fraud or threats.
The emergence of new scams doesn’t mean the old ones are gone. Some people will still try to use the tried-and-true methods of stealing from banks. If you haven’t already done so, implement fraud prevention for empty-envelope deposit scams, forged and fraudulent documents, forged checks, fraudulent loan applications, and wire transfer fraud.
The bank should form the habit of ATM scans, checks and cash deposited. You can also require a waiting period after an ATM deposit before the customer can withdraw cash from a deposit.
Although it’s not new, wire transfer fraud is increasing. Training and education prevented most of these fraud attempts from succeeding.
Preventing wire transfer fraud can be done by training your employees on how to verify the authenticity of wire requests. One way is to make a phone call to the number listed on the account to verify that the account owner made the wire transfer request. For large amounts, it’s especially important to use more than one method of verification.
While phishing and social engineering schemes have been around for a few years, they’re still a huge problem. In fact, fraud management states that as much as “75% of fraudulent online banking payments activity originates from trusted accounts on trusted devices,” which means that customers have been duped into making these payments.
“The best way to prevent phishing attacks from hooking victims is to teach people what to look for and to always be wary before clicking on a link in an email or a text.” After the initial training, follow up with frequent reminders. People are often in a hurry when replying to email and need to be warned all the time. You may also want to include a warning like this one with emails sent from all external email addresses: “CAUTION: This email originated from outside our organization. Think before you click!”
Social engineering scammers use fear and other emotional tactics to trick people. Again, “education is one key to preventing this kind of fraud. Make sure your employees and customers know they should never give any personal information to a stranger, no matter how they present themselves and no matter how urgent it seems.” Legitimate companies won’t ask for such information over the phone or by email.
Another way to prevent fraud is to use sophisticated software that monitors transactions such as AI and machine learning to detect unusual activity on accounts and thus possible fraud. Make sure your online and mobile banking provider has such third parties incorporated into their system.
Also, someone at your institution should also be monitoring reports manually, looking for suspicious activity, such as the number of failed attempts when trying to log into the account. The fraud monitoring systems mentioned above only monitor the fraudsters’ activity, once they’ve gotten into the user’s account, so manually reviewing reports is a way to stop fraudsters from getting into the account to begin with.
Alert customers when there is suspicious activity involving your customers in fraud prevention by alerting them whenever unusual activity occurs on their account. You can ask them to opt-in or just automatically alert them when, for example, a charge on their credit card originates in a location far from their home. Because electronic fraud is so pervasive now, you may even want to offer an alert for customers any time their card is charged.
Also develop a multi-layered security system that is effective. An effective strategy to prevent and detect bank fraud requires a multi-faceted approach, involving administrative, physical, and technical controls: At the administrative level, financial institutions should devise policies, procedures, and guidelines to minimize risk. These may encompass security education and awareness programs and robust password management policies.
According to Bernard Shaw, “progress is impossible without change; and those who cannot change their minds cannot change anything.” A well-structured fraud detection strategy should not unduly disrupt a user’s experience unless their activities raise legitimate suspicions. The banks need to strengthen their cyber security, educate their employees and customers, and invest in the right technology. These will help them to stay ahead in the race against financial fraud.
____________________________________
Iluobe is Head, ICT, The Nigerian Observer, can be reached via [email protected].
