Guides and Tips, Products

Security in an Unsecure World: Protecting Your Account From Fraudsters

Oscar Michael
Published: September 25, 2023

Share this post 👇🏽

Facebook
Twitter
LinkedIn

Not again was my reaction after I received a call from a friend on how her account was cleared by fraudsters after she lost her phone enroute a popular market. Let us call her Isabel. Isabel deals in foodstuff, she goes to this popular market every Thursday to buy items, on this Thursday, in the course of loading her ware, her phone fell down, but Isabel did not realize until she got home.

Isabel did not contact her bank until she retrieved her line the next day from an outlet of her Telco. All was well, until Isabel started receiving debit transactions alerts from her bank for transactions consummated the previous day, by the time, the alerts stopped, the fraudsters had withdrawn over two million naira from her account leaving her with a balance of five hundred naira only. Paralyzed by the alert, she managed to call her brother, Gabriel advised her to call her bank as it was already late and the weekend was already here.

Isabel did not know any other way of reaching her bank, except when she visits the branch close to her shop. Isabel was finally able to reach her bank via their website and after a very short emotion laden call with the agent, she confirmed her worst fears, – the loan she recently obtained to boost her business plus personal savings amounting to two million naira has been moved from her account via the bank’s mobile app and USSD to a beneficiary in one of the new digital banks.

The Financial Institutions Training Centre (FITC) report on Fraud and Forgeries in Nigerian banks for Q2, 2023 using data from Nigerian banks noted that the number of fraud cases increased in the quarter especially mobile banking and POS fraud. This report is a corollary to the Nigerian Deposit Insurance Corporation (NDIC) report of Q1 on Fraud, which reported that the number of POS and mobile fraud cases increased by 19.51% in the first quarter of 2023.

Available data show that Isabel is not alone, her story is not novel, and the methodology employed by the fraudsters are not new. The objective of this article is not to examine why mobile banking fraud is on the increase but to recommend a fail-safe approach towards protecting your funds in Nigerian banks.

Mobile Apps Authentication Methods

As stated earlier on, the methodology employed by fraudsters are not new but three main issues account for the successes recorded by fraudsters in Nigeria:

Absence of a unified Identical system: Until we have a single source of truth to identify Nigerians and people in Nigeria, impostors will continue to get away with identity theft.  It is trite to further the discussion on the porosity of our borders or how easy it is to obtain or falsify our national identities.

Law Enforcement: As a nation, our security challenges are well-documented. It is expensive to go after fraudsters and bring them to justice, many times, victims of fraudulent practices do not have the resources or time to go after fraudsters or the patience to follow a reported case to its conclusion or the responsible law enforcement agency(ies) is not properly motivated or is swamped with numerous cases.

Authentication Methods: Most of our mobile apps in Nigeria use password authentication or Two-factor authentication(2FA), the challenge is that more often than not in onboarding a customer, these apps rely on knowledge factors. Information that the financial institution has about you, BVN details or Identification details, unfortunately most of these details can be gleaned from the internet, if the information seeker has a unique primary data like BVN or mobile phone.

Other authentication methods rely on biometrics, location (GPS location) and possession of tokens or special device. The challenge with these more secure forms of authentication is that you may be required to be in the banking hall of the bank and most customers are too busy to visit the banking hall until there is a fraud on their account.

The Fraudsters and their methodology

COVID-19 altered our lives in so many ways. From an Information communication technology (ICT) point of view, it blurred the importance of physically being at a place to transact or do business, it also notched our digital maturity in a way that we did not anticipate.  It forced acceptance, redefined our mode of doing business and made the mobile phone part of our daily existence. The restriction on physical movement, moved banking to digital devices with little or no training for most customers. For most product managers, getting the product out there in the market was the primary focus, security was a secondary discussion.

The fraudsters in most cases are not as educated or tech savvy as we imagine them to be as evinced by the quality of their communication or documented interaction with apprehended fraudsters but rather, these are individuals with information or understanding of how applications are developed in Nigeria. These fraudsters understand the gaps created by using knowledge factors for authentication. This is why compromising a customer’s mobile phone is key. Irrespective of whatever security that you must have put in place, or the bank has implemented, it is a trade secret that once they have your SIM card, they can compromise your bank account(s).

The Phone number allows them to retrieve your BVN, with your BVN details they can retrieve other static data. With these data, they can onboard you on apps, request for a password reset, activate USSD as One-time-password (OTP) is usually the 2FA method employed by most apps, since they already have the SIM, the OTP will drop in your phone or in a feature phone, which is already in their possession. In some instances, we make it easy for them by storing sensitive details like account numbers, internet banking usernames, passwords in our phones as plain text.

Protecting your bank account

Permit me to start by saying Safety is of the Lord but then we have a role to play. Drawing from experiential and professional knowledge, you can safeguard your funds through the adoption of proactive and reactive measures to manage your mobile banking risk. For emphasis, do not think that because you do not use the mobile banking apps you are not exposed. What if you misplace your phone? We have seen instances where these fraudsters, when unable to compromise a customer’s bank account, use the details obtained from the BVN to collect loans from numerous digital lenders.

Proactive Measures

The list below is not exhaustive, not arranged in any order and you must adjust it to suit your person and financial muscle.

  1. You must enable SIM-lock on your phone.
  2. You must treat your phone as a security device, it is not to be shared or dropped carelessly or charged in remote places.
  3. You must password-protect your phone and if biometric lock is available, please adopt it.
  4. You must not save account numbers or usernames in plain English-if you must save such details, you must find a way to codify these details.
  5. You must protect your debit or credit cards thus where you use it, when you use it and how you use it must be pre-determined. You cannot be using your cards everywhere, anyhow all the time.
  6. You must not use your related data as passwords or usernames where possible.
  7. You must learn how not to leave millions of naira/huge amount of money as idle funds in your accounts- you can invest them and terminate the investment when you need it.
  8. You must know or be able to retrieve the contact center number of your bank.
  9. You must know the USSD code to block account/restrict account in your bank.
  10. You should make effort to know the website address of your bank.
  11. If you know that you are used to having millions/huge amount of money, you must visit your bank and set a transactional limit on your account – be wary of bank apps that allow you to easily modify transaction limits.
  12. If your phone has the find-phone app, activate it.
  13. Depending on the volume and velocity of your financial transactions, deepen your relationship with your account officer/relationship manager.

Reactive Measures

The first 10-15 minutes after your phone is compromised is very essential, how you react is largely a function of the proactive measures you have adopted:

  1. Calling the bank to block your card (the assumption is you know how to reach your bank)
  2. Blocking/deactivating your phone from a computer.

You would have observed that there isn’t much you can do after your phone has been compromised, this is because fraud prevention is an intentional act – you must have established proactive measures before the incident.

Stay safe, secure your funds, no one will do it for you.

Share this post 👇🏽

Facebook
Twitter
LinkedIn
5 3 votes
Article Rating
Subscribe
Notify of
guest
4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ayobami Ajiboye
Ayobami Ajiboye
11 months ago

Thanks Oscar, very insightful article.

Adebayo
Adebayo
11 months ago

Plenty to learn from this write up. Big thanks to the author.

Sunday Felicity Amarachi
11 months ago

Thank you sir. This is highly informative…..

Ayodeji Ehindero
Ayodeji Ehindero
11 months ago

Thank you so much. These was quite impactful

Subscribe to Updates

Be the first to know when we publish new content! Join the Newsletter today.

Tell us your story

Select your OS

Find the perfect app version for your device by choosing your OS below. You will be redirected to your app store.

Abubakar Muhammad Musa

Summary

Abubakar Muhammad Musa is currently a Sharia Advisor and Consultant for SHAPE Knowledge Services a consulting firm based in Kuwait. He has been involved in product development, Sharia research and approval of Islamic banking products for different clients. His work covers retail banking, corporate banking and project finance deals.

Formerly, Abubakar worked as a Researcher in different units at International Shariah Research Academy for Islamic Finance (ISRA) in Kuala Lumpur, Malaysia. Besides his primary assignments in ISRA, he taught Shariah Rules in Financial Transactions to Chartered Islamic Finance Professional (CIFP) Masters online Students of International Centre for Education in Islamic Finance (INCEIF), Malaysia. He also taught MBA and BBA Students different Islamic Banking and Finance Subjects at University College of Bahrain.

Abubakar holds two Diplomas with distinction, one in Islamic Law and the other in Arabic Language from Al-Imam University Riyadh. He also holds LLB (Hons) degree in Shariah from the same University. He successfully completed his (CIFP) Professional Masters Degree Programme at (INCEIF), Malaysia. He had his internship program on Islamic Banking & Finance at Fajr Capital in Kuala Lumpur. During the programme, Abubakar conducted research relating to product structuring and market development.

Abdurraheem Ahmad Sayi

Summary

Abdurraheem Ahmad Sayi is a legal practitioner and Consultant of over 16 years of active legal practice. He is currently the principal partner, A.A. Sayi & Co. (Qist Chambers) and Qadi, Independent Shari’ah Panel of Lagos State – a platform, through which he has delivered several judgments of in-depth analysis, widely applauded by leading legal and intellectual icons, including learned Judges, professors of law and Islamic Studies.

He is the Executive Director/C.E.O., ClearPath Islamic Centre (Incorporated), Lekki-Lagos and Chief Imam, SilverPoint Central Mosque, Badore, Ajah-Lagos. Fondly called Imam Sayi, Abdurraheem is the designate Chairman, Shari’ah Advisory Committee, Mutual Benefit Takaaful.

Imam Sayi has also authored a few works, some of which include: The Financial Obligations: a compendium of essays on monetary or material obligations under Islamic Law and Waqf (Charity Endowment): The Governing Principles.

He holds a Certificate on Improving Personal Effectiveness from the Lagos Business School (Pan African University) and he is a recipient of numerous awards and certificates of merits.

Abdulkader Thomas

Education:

Master of Arts Law and Diplomacy, The Fletcher School of Law & Diplomacy.

Bachelor of Arts Arabic & Islamic Studies, The University of Chicago.

Shariah Board Experience:

Bank Muscat Meethaq (2013 – 2017)

Sterling Bank Nigeria (Since 2013)

University Bank, USA (Since 2006)

Summary

Abdulkader Thomas has over 35 years of diversified financial services experience in major markets. With a Master of Arts Law and Diplomacy from The Fletcher School of Law & Diplomacy and a BA in Arabic & Islamic Studies from The University of Chicago. His areas of activity have included trade finance, real estate finance, securities and alternative finance.

As the general manager of a foreign bank branch in New York, he secured the first US regulatory approvals of Islamic mortgage and instalment credit/sale as banking instruments. Later, he secured US regulatory approval for profit sharing deposits. Abdulkader has been involved in the successful implementation of these products in the US market. With more than 17years Shariah Board Experience in Bank Muscat Meethaq, Sterling Bank Nigeria and University Bank USA, Abdulkader has worked on IFTA projects in Europe, Africa, Southeast Asia, and an authority on Islamic deal structures and securities.

He also serves as a director of Alkhabeer Capital in Jeddah and Chairman of Alkhabeer (DIFC). He is a member of the international advisory board of the Securities Commission of Malaysia, a published author, and an active speaker on Islamic finance.