Top Five (5) Fraud Trends in Nigeria’s Commercial Banks in 2016 – Part II
Social Media and Social Engineering
Social Engineering is one of the most common means of identity theft. The objective of the perpetrators include theft, fraud or espionage. Reviewing “The 2014 Nigerian Cyber threat Barometer Report”, Social Engineering, which involves phishing emails, 419 scams, abuse of social media, etc., was the second most form of cyber-attack as summarised in Figure below:
It is evident that social engineering attacks that trick people into revealing sensitive and confidential information will increase in 2016 and beyond, as social media platforms (such as Facebook, Twitter, YouTube, Google+, Blogger, Myspace, LinkedIn, Tumblr, among others) will continue to be a veritable means of achieving this. The social media platforms are also becoming more easily searchable, which means fraudsters can now more easily and anonymously search photos, videos, friends, likes, status, location data, etc. of innocent users of social media, to build profiles of their potential victims and then attack.
However, addressing this growing menace require simple prevention tips, which include following good and common password disciplines such as the use of strong passwords (combination of letters, numbers and special characters, increase frequency of password changes, avoid a pattern in password formation), be sure you really know who you accept as your friends and make your profiles visible to confirmed friends and families only, do not open attachments from unsolicited emails, manage your curiosity in opening “inviting” links, etc. We have all been inundated with the words such as Malware, Spyware, Phishing, Pharming, Smishing, among others, it is high time individuals prevented themselves and their organisations from falling victims of these common attack methods.
Various research outputs have shown that about 90% of current world data was generated between 2013 and 2015. While this presents a huge opportunity for organisations, especially banks and business owners to perform extensive data analytics to gather intelligence, uncover hidden patterns and correlations, analyse market patterns and trends, customer preferences, among others, it also presents a significant opportunity for fraudsters. This is because big data contains a lot of unstructured data, which organisations are yet to definitely figure out, how to sort, analyse and protect its hidden but valuable information, due to its volume, velocity and variety.
In today’s market, there are several basic and advanced tools developed to mine structured data (e.g. Relational Database Management Systems) and unstructured data (e.g. SMS, WhatsApp, Facebook, etc.). It is expected that there will be more breakthroughs in deployment of these tools, particularly, advancing through to the use of visual analytics. However, as developers are fine-tuning these tools (which can easily become obsolete in no time), fraudsters are also continually sieving through these voluminous data to harvest information useful to profile their target victims.
Hence, the urgent need for the private enterprises, financial institutions in custody of big data (structured and unstructured), as well as government regulators to determine security protocols for the storage, use, transfer and disposal of big data. Fraud on the account of big data will continue and it will take conscious and focused investments in analytics, not just to prevent and detect fraud but to also unlock the value in the data.
A recent (2015) survey by KPMG revealed that 58% of organisations are still doubting their data i.e. having difficulties evaluating data quality and reliability, even though 97% say they are already using data analytics in some areas of their businesses.
The consequence of this survey finding is that more than half of the organisations surveyed are yet to leverage data analytics to prevent and detect fraud and therefore may not yet realize the intrinsic value in the data in their custody.
Regulations and Compliance Issues
Financial institutions are facing increasing (and sometimes shifting) regulations that may impact their ability to effectively grow their top line, if not properly managed. For example, in the last 3 – 4 years, the CBN has flooded the financial institutions with a number of circulars / guidelines including:
- 1 April 2013, phased elimination of Commission on Turnover (COT) charges, under this guideline, a zero COT was to come into effect from January 2016. Specifically, the COT was negotiable subject to a maximum of N3 per mille in 2013; N2 per mille in 2014; N1 per mille in 2015; and COT-free (i.e. zero) from 2016.
- Effective 1 September 2014, re-introduction of “Remote-on-us” ATM charge of N65 on ATM cash withdrawals to cover the remuneration of the switches, ATM monitoring and fit-notes processing by Acquiring banks. The new charge shall apply as from 4th “Remote-on-us” withdrawal in a month by a card holder.
- 11 June 2015, CBN directed all Deposit Money Banks, Money Market Operators, Switches and all Payment Service Providers to a dedicated Fraud Desk in their respective organisations.
- 5 August 2015, CBN prohibited the acceptance of foreign currency cash deposits by Deposit Money Banks
- 11 January 2016, CBN allowed holders of ordinary domiciliary to deposit foreign currency cash into their accounts.
- 20 January 2016, CBN introduced Negotiable Current Account Maintenance Fee not exceeding N00 per mille on all customer induced debit transactions.
Based on the above and other regulations, banks are seeking alternative ways to improve their revenue stream or significantly reduce their cost-to-income ratios. Consequently, there is a subtle transferred pressure on the employees and vendors, which may further increase the fraudulent acts by the employees and/or vendors.
Therefore, regulations and the ability of the financial institutions to comply and respond to these barrage of regulations, will continue to shape the fraud landscape in Nigeria.