Top Five Fraud Trends in Nigeria’s Commercial Banks in 2016 (1)
“The complexity and reliance on technology by modern enterprises as well as the increasing ease of access to the internet by all and sundry, have created more opportunities for fraud and other forms of exploitation, especially on the internet and other electronic platforms. Hence, the increase in cybercrime / e-fraud.”
Drivers for Fraud
With the current global economic slowdown occasioned by the declining and fluctuating crude oil price, security issues, as well as continued convergence in technology (e.g. mobile, social media, cloud, etc.) organisations are expectedly improving their optimisation efforts by continually seeking to build efficiency and effectiveness into their businesses and reduce wastage and losses, as a result of fraud. These efforts involve optimising the following, among others: Workforce, Vendors/Suppliers Technology, Other key expenditure lines.
However, these optimisation efforts by organisations have been perceived by a considerable number of employees and vendors as a threat to their jobs/contracts. Inherently, these efforts increase exposure to risk of fraud, bribery and misconduct by employees and vendors and consequently prompt them to seek fraudulent means to secure their jobs or fraudulently acquire companies’ assets, before the perceived imminent loss of their jobs. It is therefore expected that occupational fraud and misconduct will continue to increase in 2016.
Historically, the drivers for fraud and misconduct have been Opportunity, Pressure/Incentive, Rationalisation, and embedded in the Opportunity, is the Capability. This fraud triangle or diamond (as sometimes referred to), will continue to drive fraud and misconduct in 2016, and contribute to the top five (5) fraud trends (as listed below), that will shape 2016 and beyond.
- Cyber-crime / e-fraud
- Mobile Platform
- Social Media and Social Engineering
- Big Data
- Regulations and Compliance Issues
The Top five (5) trends
Cybercrime / e-fraud
Cybercrime and e-fraud refer to any criminal activity performed using computers, computer networks and the internet. It may also be referred to as any fraudulent behaviour connected with the use of computers and/or electronic platforms. The complexity and reliance on technology by modern enterprises as well as the increasing ease of access to the internet by all and sundry, have created more opportunities for fraud and other forms of exploitation, especially on the internet and other electronic platforms. Hence, the increase in cybercrime / e-fraud.
Analysis of sample cases and investigations carried out by KPMG Forensic Services, Nigeria between 2013 and 2015 shows a rapid increase in cases of cybercrime/e-fraud, which can be attributed to the increasing adoption of technology and alternate electronic delivery channels. See figure 1 below:
Source: KPMG Forensic Services, Nigeria (Figure 1)
The statistics show that fraud cannot be overlooked in the modern business environment. More importantly, cyber-crime / e-fraud, which is the side to which the scale is tipping and a critical focus area for 2016 and beyond. This is evident by the surge in the number of cyber-crime / e-fraud cases escalating from 3 to 17 between 2014 and 2015.
The statistics by Nigeria Inter-bank Settlement System (NIBSS) also supports the steady rise in volume, value and sophistication of fraud between 2013 and 2014 as depicted in table 1 below:
Erroneously, some organisations perceive cyber-crime / e-fraud as a technology issue only, and therefore look only at technology to reduce the menace of cyber criminals. Rather, curbing the activities of cyber criminals, e-fraudsters as well as traditional fraudsters involve dealing with People, Process and Technology issues as explained below: Although, the Central Bank of Nigeria (CBN) claims a massive drop in fraud rate in Nigeria’s commercial banks from the N6.2 billion (in 2014) in the table above to about N2.3 billion in 2015, however, the banks have reportedly (according to CBN) lost about N199 billion to cyber-crime / e-fraud alone between 2000 and 2014.
- People – Board and senior management tone and ownership of all anti-fraud programs including appreciable understanding of cyber-crime / e-fraud, continuous awareness for employees, vendors, customers and business partners, appropriate training for employees on fraud identification, prevention and detection techniques, commensurate due diligence for employees, vendors, customers (KYC), and business partners, etc.
- Process – Develop, implement and monitor information security policy and procedures, incident response plan, security-focused disposal process, etc.
- Technology – Deploy appropriate technology such as network segmentation, up-to-date anti-virus and patches, multi-layered authentication, layered security approach comprising both intrusion prevention and intrusion detection systems, transaction monitoring and data analytics tools, etc.
In line with the above, the author noted that CBN has implemented a number of initiatives in tackling the issue of cybercrime / e-fraud specifically, and fraud in general. The initiatives include:
- Implementation of a two-factor authentication for internal banking processes which started in January 2014.
- Review of operations of the NIBSS’ Instant Payment (NIP) System and other e-Payment options with similar features
- Establishment of industry fraud desk
- Introduction of the Bank Verification (BVN)
- Deployment of the Central Anti-Fraud Solution
Further to the above, it is imperative to mention that fraudsters and cybercriminals are raising their game in the cloud and Internet of Things (IoT). This, is in response to the pace at which businesses and consumers are moving to the cloud, because of its cost effectiveness, as well as “almost stress-free” lives enjoyed by consumers as a result of IoT, gaining mileage.
To securely prevent prevalence of fraud on cloud infrastructure and hacks into consumer devices in 2016 and beyond, organisations need to demand adequate security from the cloud infrastructure and service providers as well as demand that manufacturers of IoT devices improve security on central servers, rather than individual devices.
Mobile Payment Platforms
As the channels available to customers and consumers are becoming more portable, so are the fraudsters. Essentially, fraudsters follow the money first, while the Anti-Fraud Specialists (when responding to fraud) also follow the money, but after the money has been fraudulently drained-off. Be that as it may, mobile payment platforms will continue to provide opportunities for personal and business transactions “anywhere” and remain an economical means of achieving financial inclusion strategy.
However, fraud in the mobile payment space is not expected to abate in 2016 as more and more consumers and operators subscribe to the platform, which invariably increases the volume and value of transactions processed. For instance, the Thought Leadership material published by KPMG i.e. “Payment Developments in Africa – Volume 1 / 2015”, quoted a CBN source, which shows that value of transactions processed via mobile platforms continue to increase. See figure below:
Mobile payments recorded significant growth in transaction values between 2010 and 2014, increasing from N335 billion in 2012 to N3.3 trillion in 2014.
With this increase in the value of mobile payment transactions and other electronic platforms, it has been reported that e-fraudsters had deployed a number of fake mobile applications on the websites of the banks. The fake mobile applications are used to extract customers’ personal and financial information, with ultimate aim of defrauding the customers.
As mobile payment platform literarily appears to be an extension of internet platform, the vulnerabilities associated with internet platform are also applicable to mobile payment platform, which include, Malware, Phishing, SMiShing, Account takeover, etc. Therefore, fighting mobile fraud involves the counter-measures as in internet fraud. In addition, the users of mobile payment platform need to also consider the potential risks involved in any of the following actions:
- Downloading banking or payment apps
- Misplacement or loss of mobile device
- Accessing account on multiple devices
- Resetting account passwords
Furthermore, success in fighting fraud on the mobile platform will depend the investments in innovation such as the use of biometric capabilities (e.g. fingerprint sensors in mobile devices) for authentication and other financial transactions.