Conspiracy and carelessness expose banks and depositors to swindlers, FOLASHADE ADEBAYOwrites
As many residents in Abeokuta, Ogun State, prepare for bed on Wednesday, November 6, a sum of N7,000 was dispensed at an undisclosed Automated Teller Machine location by an anonymous individual. Simultaneously, Guaranty Trust Bank, the issuing bank sent a debit alert to the owner of the account, Miss Esther Oladipo, who happened to be in her home, asleep.
The National Diploma graduate of the Moshood Abiola Polytechnic, Abeokuta, was a bag of nerves when she aroused. According to her, the withdrawn money was the entire amount she had to her name. Six days later, the missing money was back in her account. But, Oladipo said that was only after a trip to her bank where a formal complaint was made.
“I was told that I would be refunded the following day and it happened. The officer I met at the bank said it was done in error. He said their system showed I actually withdrew the money. But it was all baffling to me because there were several people at the bank with the same complaint. The missing amount ranged from N5,000 to about N15,000. We were all asking if a refund would have ever been made if we did not come to complain after so many days.
“The experience is still like a dream to me. I was asleep in the house and my ATM card was in my bag. I was scared that my account could be cleaned out just like that. The alert did not indicate who withdrew the money, neither did it state the location of the transaction. I just sat there staring at the phone, wondering what to do,” she said.
Oladipo might have been lucky to have her money back, but not Ugoji Chinonye, who lives in Bonny Island, Bayelsa State. More than a month after a dispensing error wrongly debited his account, Chinonye has yet to recover his money. According to him, he was trying to withdraw N15,000 from an Access Bank ATM point at the Nnamdi Azikiwe Teaching Hospital, Nnewi, Anambra State, but, the transaction was not successful. Yet, the businessman insisted he was already debited.
Chinonye claimed he had filled his bank’s complaint form two times and waited 20 days each time without a headway.
“I went to my bank and they gave me a form to fill. I was told to come back after. I went back after 10 days only for me to be given the same form to fill and was given another 10 working days. I complied again, yet my money was not refunded. I went back to the bank, only for an official of the bank to ask for my details again. He also asked me to come back again after 10 days. Before the expiration of the given days, I got a message that my complaint had been resolved and that I could call their customer care line if I was not satisfied. I did and was told that the reply they got from Access Bank was that the machine paid me. What do we call this?” he asked.
Deductions and dispensing errors, as it happened to Oladipo and Chinonye, are just two different ways customers fall victim of what experts have termed cyber bank fraud in the banking industry. According to them, billions are lost every year to malware attacks and other gaps which range from technicalities, outright deduction and account manipulations in the banking system.
While some of these experts might not necessarily know where the shoe pinches, findings by our correspondent showed that many Nigerians have fallen victims of different shades and hues of account fraud.
Onome Adeleye, a media practitioner, is one of them.
Narrating her experience to our correspondent in an email interview, Adeleye said she had no inkling of what was in store for her when she drove into a filling station close to the National Youth Service Corps centre in the Agege area of Lagos State.
“There was an artificial fuel scarcity at the time and I was on the way to my office. I decided to fill my tank with N6, 000 and I did not have cash with me. So, I opted to use the Point of Sale machine which the attendant dangled conspicuously. I got an alert for the transaction on my phone almost immediately and drove out of the station. But, about 30 minutes later, I got another alert on my phone saying that I just used my credit card on another POS machine at a supermarket. I was alarmed because I never did. I was driving at the time. The message indicated that I was debited N3, 000 for the transaction,” she said.
Adeleye said she was back at the filling station the following day, but this time, the attendant said the POS machine was not available.
“There was no hard fact and pattern to confront the attendant with. So, I just let it be. However, I am determined to see this matter to the end. My conclusion is that the POS machine was compromised and what the criminals do is to tap a few thousands naira which an average busy Nigerian may find too stressful to pursue. At the end of the day, they would have fraudulently made a small fortune. You just imagine what this translates to every day,” she said.
If what happened to Adeleye unfolded like a horror movie, the scenes were no less haunting for Mrs. Muinat Fashogbon, a housewife living in the Isolo area of Lagos. Interestingly the POS also featured prominently when the mother of two and her husband were recently attacked by armed robbers. Also intriguing was how they were alerted that they used their ATM cards to shop at a supermarket in the dead of the night.
“We were attacked by armed robbers in August in our house around 2am. After threatening to shoot my husband if he refused to cooperate, they asked for our ATM cards and the Personal Identification Numbers. We thought they were going to withdraw the money from the nearest ATM point but what happened a few minutes after they left showed otherwise. They were still in the neighbourhood when we got an alert on our phones that we used our credit cards to pay for goods on a POS deployed in a shopping mall around 2am.
“When my husband went to the bank to complain the day after, he was given a form to fill, while the bank officials assured him that he would be contacted. Of course, he wasn’t. The entire amount in our accounts was less than N30,000. The surprising aspect was the link between the robbery and the POS at the said mall. We were sure that the bank would be able to trace the shopping mall and its owner but we never got the money. Our bank later directed us to the bank which deployed the POS. My husband had to abandon the whole thing after several visits to the bank and letters which yielded nothing,” she said.
Skimming, phishing, social engineering and other fraud gibberish
According to a Certified Ethical Hacker, Mr. Adedotun Adewusi, Adeleye and Fashogbon were victims of skimming, a type of infraction within the banking system. Adewusi, who is also a computer forensic investigator, described skimming as a method of cloning and harvesting the bank details of a depositor from his or her ATM card.
“Skimming accounts for 80 per cent of this fraud. This type of fraud known as card skimming involves swiping your debit or credit card through a card reader that has been illegitimately set up to record information from your card’s magnetic stripe or chip. After your information has been recorded, it is usually then sold to other scammers in the black market or converted into a counterfeit card and used to make fraudulent purchases. Because it is difficult to know when your card has been skimmed, you may not find out unless you review your financial statements.
“Another way through which malicious hackers work is through open wireless access points, which individuals connect to for free, and start browsing the Internet, not knowing it was specially configured by hackers with the purpose to harvest all their confidential information,” he said.
Adewusi also described another attack, known as social engineering, as a situation where people are asked to click on links and they unknowingly download malwares and other viruses. He added that when the victims clicked on such links and put in their account and card details, “their accounts become completely owned.”
Electronic bank fraud on the rise
Specialists maintain that cyber frauds are on the rise around the world. Independent sources have put the global market for stolen credit card data at $114bn, an amount bigger than the global market for cocaine, which the 2014 United Nations World Drug Report put at $85bn. But, more staggering is a report by Kaspersky Lab, a Russian cyber security firm, which claimed that a total of $1bn was stolen from more than 100 banks through cyber attacks across 30 countries in 2014.
According to the Nigeria Deposit Insurance Corporation, Nigerian banks are no exception to the hacking market. The agency recently said that 3,736 cases of fraud and forgeries were reported by depositors in 2013. The figure, according to the NDIC Managing Director/Chief Executive, Alhaji Umaru Ibrahim, jumped to 10,612 in 2014. Ibrahim, who spoke at a recent forum, disclosed that the amount involved peaked at N25.6bn in 2014 as against N21.8bn in 2013.
Confirming that many fraudulent activities in the banking sector are web-based, Ibrahim said cyber attacks and fraudulent acts in the country were mostly committed through illegal transfer/withdrawal of deposit funds while others were POS and ATM cards-related. The NDIC’s position was recently supported by a submission by Easy Solutions Limited, an international e-fraud protection firm, which said Nigerian banks lost N199bn to e-fraud between 2000 and 2014. The firm also asserted that over 185 fake mobile applications had been deployed by hackers and fraudsters on the website of 15 out of 17 deposit money banks to extract customers’ data.
Speaking at an anti-fraud programme organised for bank officials recently, the International Director, Easy Solutions Limited, Mr. Jeremy Boorer, said, “We looked at 17 Nigerian banks 10 days ago for signs of fake mobile apps. In 15 of them, we found the following: the first to 10th banks checked were found with between 11 and 20 fake mobile applications each.”
The organisation’s claims cannot be far from truth. A 2015 E-payment Fraud Landscape report by the Nigerian Interbank Settlement System said there were 85 per cent success in fraud attempts on funds in deposit money banks. The report further fingered ATMs as the channel with the most fraudulent transactions.
But, experts say collusion by bank workers also account for most of the infractions in the system. Between 1994 and 1996 alone, an NDIC report stated, 1,914 bank officials were involved in frauds. The agency added that 64 per cent of fraud cases in banks were traceable to members of staff.
Trend to continue – experts
Despite threats of instability and the alarming amounts of money lost to hackers, experts have said that cases of cyber attacks and fraud within the system would not abate soon. The best that banks and regulators can do, according to them, is for banks to deploy the best technology available and constantly update their cyber security architecture. They also advised depositors to handle their ATM cards and banking identities with tact.
But, aside from collusion with bank workers, Adewusi said, many depositors had compromised their banking details unwittingly. He added that many ATM cards had been cloned through the carelessness of their owners.
“A lot of people do not know the significance of the numbers on their credit cards. There are a number of factors that can lead to electronic fraud. Some are Internet fraud done in connivance with bank officials, but there are some which happen through carelessness. It is easy to take the details of a credit card which is left lying around and use it to shop online by another person. The first six digits of every credit card is very unique because it determines the vendor. All a hacker needs is the first six digits and he can tell which vendor produced the card and determine other details. What they do next is to take it to a gambling site which does not require a second-factor of authentication,” he said.
According to the President, Forensic Science Academy, Dr. Abiodun Osiyemi, fraud can be perpetuated by players in the banking system either deliberately or by omission. Osiyemi advised the government to involve forensic experts in the adoption of electronic payment solutions. He also urged individuals to `never conduct transactions on the website of a bank unless they are sure it is the authentic site.
“It means that crime can result from error from any of the stakeholders. Errors of omission or deliberate actions can cause electronic fraud. A service provider may buy a substandard solution or cyber security system. When hackers try it and see that it is a weak system, they can penetrate. Banks should deploy the best technology available to get the best value. The problem is with the technology being used and the attitude to depositors’ funds. The banks have protected themselves because they are insured. They also need to improve how they protect their depositors,” he said.
Adewusi equally advised individuals not to “click on links sent to their emails which they are not sure about. Malicious people use such means to download malwares, trojans and viruses to unsuspecting victims systems or hack their emails as a result. Once the victims’ systems/emails are compromised through this means, such systems are completely owned and the malicious hackers can do whatever they likes with such systems/emails. Education and awareness is are key in this area.”
Speaking to our correspondent, the Public Relations Officer, Firstbank Plc., Mr. Babatunde Lasaki, said bank fraud was a global phenomenon not peculiar to a country or bank. He submitted that the way many bank customers transact business also exposed them to risk.
Lasaki said, “It is either that the accounts of such customers have been compromised due to their own actions. There was an instance where a lman came to complain that money was withdrawn from her father’s account and we played back the Closed Circuit Television. It was actually him, that carried out the transaction but he had forgotten about it because he was an elderly man. In another case, a woman came to complain but we discovered that it was her son who withdrew from her account. She disclosed her personal banking details to her son.
“E-payment system is a network and the industry as a whole is on top of the situation. You will see a scam alert at the bottom of most bank adverts and we all routinely send scam alert messages telling customers not to provide their personal banking details online. Most of our ATM cards are now on chips and pins which are more secured,” he said.
Source: PunchNewsPaper
The post Banks, depositors lose billions to hacking, internal fraud appeared first on Welcome to 9jalegal - Nigeria's Leading Legal Information and Services Portal.
No related posts.