The first half (H1) of 2024 saw a 589.6% increase in fraud losses in Nigerian deposit money banks, despite significant investments in information technology (IT). The Financial Institutions Training Centre (FITC) report states that bank clients lost N43 billion in H1 compared to N6.25 billion in the same time the previous year, underscoring the escalating cyber threats to the Nigerian financial sector.
Five Nigerian banks revealed in their financial statements that they had invested over N84 billion in IT in the first half of 2024. Financial institutions, including GTCO, Stanbic IBTC Holdings Plc, Zenith Bank, FCMB Group, and Wema Bank, are finding it difficult to keep up with the wave of cyberattacks.
Lendsqr’s Founder and CEO, Adedeji Olowe, who previously held positions at UBA, Access Bank, Fidelity, and FCMB, stated that banks invest a substantial sum of money in cybersecurity.
Olowe, however, questioned the efficacy of this expenditure, saying: “There is a difference between spending enough and making good use of what you have. Banks spend a good deal of money on cybersecurity. Many use Israeli-based platforms like Imperva. So, they spend a lot of money, but is it enough?
He emphasised that many competent experts have left the nation, which has limited the battle against fraud, and that the expanding fraud was caused by gaps in competence and responsibility within the financial industry.
Out of the 80 fraud and forgery reports from 28 deposit money institutions, 26 were filed in April, and 27 each in May and June, according to FITC’s newly published Q2 report.
The report reads: “In the second quarter of 2024, the total amount involved in fraud cases from Q1 to Q2 2024 rose from N2.9 billion to approximately N56.3 billion while the total amount lost due to fraud surged by 8.9 percent, rising from N468.49 million in Q1 to N42.6 billion in Q2, 2024.”
As a result, there were 11,532 reported fraudulent cases in Q2, 2024, up 0.52 percent from the 11,472 cases that were reported in Q1. According to the Nigeria Banks Q2 Report accessed by BrandSpur banking and finance news desk, fraudsters used a variety of channels to carry out their fraudulent activities, including ATMs, online and mobile banking platforms, bank branches, and point-of-sale (POS) terminals. Similarly, despite their increased investment in security, banks could lose $442 billion in 2023 according to the 2024 Global Financial Crimes Report.
“The scale of this global financial crime epidemic is immense,” the report partly reads, and estimated that $3.1 trillion worth of illicit funds went through the global financial system in 2023.
Pwapo of Resilience Technologies revealed in a previous investigation that fraud is made easier in the banking industry by overlapping jobs.
“Cybercriminals almost always beat the system because they are more prepared. We need to be more prepared. We also need to invest in improving cyber knowledge, which is a lot,” revealed Pwapo.
“With every development comes an equal or greater threat. In the next few years, we are talking about deep fakes and AI, which means that hackers or cybercriminals will put in more effort because they can now automate more. We are doing well, but we can do better,” stated Pwapo, cautioning that threats also evolve with technology.
The banking and investment services industry spent over $652.1 billion on IT in 2023, up 8.1% from 2022, according to Gartner, Inc. With a 13.5 percent increase, software spending saw the biggest increase.
According to reports, banks have been increasing their IT spending annually since 2013, with increases of 33% in Europe and 48% in the US by 2022.
Continuing, prior Techcabal reports revealed that a First Bank employee embezzled N40 billion, or roughly $29 million, into several accounts, including his wife’s. Additionally, in April 2024, fintech companies such as Flutterwave encountered a security incident that led to the illegal movement of N11 billion ($7 million) to several accounts.
However, experts also note the increase in insider threats, in which workers with access to private data either carry out the crimes themselves or work with outside fraudsters to commit them. According to FITC, 49 workers of deposit money institutions have been dismissed as a result of their involvement in fraudulent operations. Compared to the previous quarter, when 35 bank employees were let go for comparable reasons, this represents a 40% rise.
The central bank added that it was mandatory for Tiers 2 & 3 accounts and wallets for Individual accounts to have BVN and NIN. The Central Bank of Nigeria (CBN) issued new guidelines to address cybersecurity within the banking sector in response to the growing threat. These guidelines include a mandatory regulation for Tier-1 bank accounts and wallets for individuals to have BVN and/or NIN.
According to CBN: “The process for account opening shall commence by electronically retrieving BVN or NIN related information from the NIBSS’ BVN or NIMC’s NIN databases and for same to become the primary information for onboarding of new customers, and all existing customer accounts/wallets for individuals with validated BVN shall be profiled in the NIBSS’’ ICAD immediately and within 24hrs of opening accounts/wallets.
“Effective immediately, no new Tier 1 accounts and wallets should be opened without BVN or NIN. For ALL existing Tier 1 accounts/wallets without BVN or NIN: any unfunded account/wallet shall be placed on “Post No Debit or Credit” until the new process is satisfied,” the CBN added.
Furthering, a Cybersecurity Specialist, Patrick Amadi, revealed: “The situation is dire, but not hopeless. Nigerian banks need to shift focus towards not just technological solutions but also improving security awareness among their staff and customers. Cybercrime is evolving, and so should our defence.”
