Pervasive electronic banking fraud is affecting Nigeria's banking system and costing the Nigerian economy dearly. It is also holding back the adoption of cashless technologies and has become an obstacle to financial inclusion in Africa's second largest economy.
Recent data shows that last year electronic fraud in the banking sector accounts for about 16% of total fraud in the industry.
The implications of rampant e-fraud are enormous. People who already have a bank account are reluctant to adopt e-banking. And it's an obstacle to drawing those who don't have bank accounts into the formal financial system. In Nigeria only 53% of the population is in the banking system.
This has broader economic implications because e-banking is known to play a developmental role and because it allows poor people to have access to formal financial services.
Our research shows that pervasive e-fraud is also hampering Nigeria's drive to encourage electronic transactions in a bid to reduce physical cash in the economy. The logic behind it is that less cash in the system will reduce the risk of cash related crimes, foster transparency, curb corruption and leakages and drive financial inclusion. But Nigeria's high levels of electronic fraud is threatening the creation of a cashless ecosystem.
In a climate of mounting complaints from e-banking customers and subscribers, we investigated the dimensions of e-fraud in Nigeria. We collected data in three states - Oyo, Ogun and Lagos - and did in-depth interviews with fraud victims, bank officials and fraud investigators at the Economic and Financial Crimes Commission, an agency that investigates fraud and prosecutes offenders.
Wide ranging fraudulent schemes
In its 2015 report the Nigeria Deposit Insurance Corporation sets out a long list of the different types of e-fraud Nigerians are subjected to. It identified 14 major fraud channels.
The leading source of fraud is automated teller machines (ATMs) where cards are compromised or swapped. Cards are swapped mostly at ATM galleries where illiterate account holders ask for help when trying to make withdrawals. The "helper" may have an expired ATM card and, in the process of offering assistance, swaps the victim's card with a non-functional card.
Then there is the fake job scam. Here job adverts are posted and applicants are told they must open a bank account and submit their ATM card. The cards are then used in mass fund transfer and withdrawal. Account holders are almost always oblivious of the transactions taking place and face arrest for fraudulent transactions on their account.
The list also includes fund transfer fraud and phishing where fake e-mails and websites are used to prompt bank clients to divulge their account security information.
Outsiders and insiders
Our research found that there are three main strategies of electronic fraud in Nigeria:
Outsider fraud committed by fraudsters external to the banking system that have internet dexterity and sometimes an understanding of the victims' routine and identity.
Insider fraud that is executed exclusively by staff members in the banking system. This is determined by the jobs they do and an understanding of the system. Here the banking institution is the victim.
Collaborative fraud that involves bank staff and fraudsters outside the banking system. Here both the bank and individual account holders are victims.
Outside fraudsters recruit people who have access and occupy sensitive positions within the bank such as cleaners and those in the information communication and technology unit. Not all participants are fully aware of their role or final purpose of their assignment.
A fraud investigator unpacked one case of fraud which involved moving about Naira 400 million (approximately US$1,268,000) from a bank account. It involved some bank staff in the technology unit and those in the regular banking hall. A woman who cleaned the office of the branch manager was given the means to extract the necessary security information and data from the branch manager's computer. The fraudsters were then able to access accounts and moved money into about 40 different accounts.
Another way bank staff commit fraud is when a cashier collects a cash deposit, deliberately fails to credit the customer's account and later diverts the money to their personal account.
This strategy only works if account holders don't get alerts about transactions on their account. Fraudsters prey on the fact that not all account holders subscribe to account transaction alerts because they often don't want to pay the subscription fee for the service.
We also found that weak governance structures are responsible for electronic fraud. This is at the level of both banking institutions and regulating agencies. Our data indicated that there was poor supervision at the branch, regional and zonal levels of some banks where fraud took place.
The situation is made worse by bank managers trying to cover inefficient supervision rather than reporting the crime. And the fact that the majority of bank staff are not full time also plays a significant role. We found that 64% of fraud was carried out by contract or casual staff.
What can be done
The results of this study point to the need for financial literacy education in Nigeria and improvements in the security infrastructure with a view to building confidence in the formal banking sector as well as e-banking. In addition, banking products and services should be designed with security features that take into consideration the peculiar characteristics and vulnerabilities of their customers.