CEM OPINION, FINANCE | Rising cases of cybercrime in the banking industry is becoming a big headache to bankers, customers and law enforcement agencies in the country. With so many people highly skilled in hacking techniques desperate for quick wealth, cybercrime may soon be the biggest danger to banks and their customers. As we all know, cybercrime is a criminal activity that either targets or uses a computer or a computer network. In recent years, cybercriminals have been relentlessly attacking banks’ computer networks in order to steal money from customers’ accounts. As more and more Nigerians are taking to e-transactions – now estimated to be worth N30.2 trillion daily – cybercriminals are working hard to devise new ways to steal from them; and they have been successful.
Many banks and their customers have fallen victim. In June 2022, these hackers stole N1.755 billion from various customers’ account in Globus Bank and fraudulently transferred the money into various accounts in other banks. The bank was quick to recover N817.99 million, but is still fighting to recover N962 million from the fraudsters’ accounts. As a last resort, Globus has filed an action in a Lagos High Court against those banks holding the stolen funds. Resorting to court action is very expensive and underscores the difficulties lenders and their customers face in seeking to recover stolen funds. Why should it be so difficult to retrieve stolen monies from fraudsters’ accounts? Why is it even difficult to apprehend the thieves when all their details are available in the records of their banks? Globus officials are unwilling to speak about this experience. Its Executive Director, Nixon Iwedi, declined to comment when this writer contacted him, understandably so since the fraud was a very embarrassing experience for the young lender.
GT Bank is also in court with some of its big corporate customers from whose accounts hackers stole over N1 billion in foreign currencies. Again, the bank’s officials were tightlipped when I called. Heritage Bank is luckier. A viral story which turned out to be fake news had claimed that N49 billion was stolen from its customers’ accounts. It caused a considerable anxiety on the executive floor and unease among customers, prompting the bank to quickly issue a rebuttal, which described the story as ‘’wrong’’ and ‘’fictitious’’. Part of the statement reads: ‘’Heritage Bank began implementation of its long-term sustainability plans premised on restructuring the bank, ensuring cost efficiency, management of its assets and resources towards restoring the financial institution’’. Obviously, no bank the size of Heritage would lose this much from its balance sheet and still be standing. The bank deserve commendation for stoutly pushing back against the fake news.
Frauds do not only lead to loss of money and erosion of trust in the industry, they also constitute serious PR nightmares for the banks, with many affected institutions feeling too embarrassed to talk about it openly. I often have advised many banks that resorting to stonewalling and gaslighting when faced with crises is a bad strategy. It could exacerbate the problems. When an organization is dealing with uncomfortable situations and ensuing press inquiries, it is advisable for it to promptly issue a statement stating its own side of the story, including efforts being taken to minimize loss, protects its customers and forestall future occurrences.
Hackers are unrelenting in seeking various ways to attack banks. In addition to corporate customers, individual customers are constantly being bombarded with spurious phone calls from fraudsters who claim to be customer care officials of their banks. All they want is to trick unsuspecting individuals into revealing their confidential account details with which they can hack into their accounts. I was amused when I received such a call recently from a hacker on the Eid public holiday. The caller asked if I am a customer of a certain bank, and that he was calling from the bank. Perhaps, it didn’t occur to him that it was a holiday. I told him that all my money is at the World Bank. He couldn’t help laughing.
Although banks’ customers are understandably alarmed by the increasing risks of cybercrime in the industry, their chief executives are less worried. ‘’The problem is not as intense as the noise suggests’’, says the chief executive of one of the biggest banks. He noted that although hackers breach banks’ database often, ‘’it is nothing significant to give anyone significant concern’’. He continues: ‘’The risk is real and it happens quite frequently. Usually, breaches occur when there is internal collusion so internal control and monitoring certainly helps to keep the incidents down’’. The chief executive reveals that the CBN is working through the Bankers’ Committee to create an industry Security Operations Centre (SOC) to manage cyber risks. That’s quite assuring.
Apart from the SOC of the Bankers’ Committee, the CBN had in June last year rolled out risk-based cybersecurity framework and guidelines to other financial institutions (OFI). OFIs are made up of micro finance banks, insurance and others, apart from deposit money banks. The guidelines are very comprehensive and cover such areas as: Cybersecurity Governance and Oversight; Cybersecurity Risks management System; Cybersecurity Operational Resilience and Metrics, monitoring & Reporting, in addition to Compliance with Statutory and Regulatory Requirements.
All over the world, financial institutions are among the most targeted for cybercrime. With millions of customers and their sensitive data, our banks continue to face serious and persistent threats of cyberattacks every day. Each institution should invest heavily in robust guardrails and defense system while monetary authorities, regulators and the managers in the industry should stay ahead of the criminals. CBN’s recent requirements for customers to provide their social media handle as part of KYC is part of the initiatives to curb cybercrime. The Bankers’ Committee should develop simpler ways for individual customers to recover funds lost to hackers. I am often moved to tears by heartrending stories of small savers being asked to go from police stations to the courts to make reports and swear affidavits. The bank CEO I interviewed for this article had confirmed that internal collusion is also part of the problems. The banks should do more to scrutinize and supervise their staff, especially the outsourced ones, who are more likely to collude with fraudsters.