Online Banking: How Safe on Facebook? Tue, 11/26/2013 - 11:01 Written by  The Nigerian banking industry is embracing technology that makes transactions easier and more pleasurable but Internet fraudsters are on the loose, making online banking a scary adventure By Tony Manuaka Taiwo Ajayi, a book vendor in Lagos was billed to open a bank account for his flourishing business in March this year but he could not do so with the long queue and cumbersome process that usually confronted him each time he went to the banking hall. “I couldn’t afford to waste about two hours that I could also use to meet more customers,” he lamented. But a glimmer of hope came when several months after, Guaranty Trust Bank, GTBank, launched a social network platform for potential depositors to open accounts without going to the banking hall. After taking the necessary steps to open the account, a delighted Ajayi says, “I can now pay for books supplied and receive proceeds right on my phone.” Tagged Instant GTBank Account Opening, the product is a social banking offering on Facebook. With this, prospective customers of the bank can open accounts and immediately get their account numbers while on Facebook. Unlike the conventional method of opening a bank account, this does not require visiting the banking hall. All a prospective depositor needs to do is to fill the account opening form while on Facebook, upload a passport photograph, a signature mandate and get the account number thereafter. The product according to the bank, allows depositors to make balance enquiry, perform money transfer and purchase airtime on Facebook. The bank has no fewer than 1.46 million followers on Facebook alone. “The banking requirements of today’s customers necessitates a high degree of flexibility, which is why GTBank is instituting value adding channels on social and other platforms that allow people bank 24/7,” said Segun Agbaje, managing director and chief executive officer, CEO, of the bank. From one bank to another, the online opening of account is catching on, even with its many challenges. Gbenga Afolabi, an engineer with one of the telecoms companies is another customer that has opened an account online with First Bank of Nigeria, FBN. The FBN product, called First Instant Account was development to reach out to the unbanked and under-banked who find it difficult to open a generic savings account because of inadequate account opening requirements. To open a First Instant Account, the form is filled online and later printed out. But unlike the Instant GTBank Opening Account procedure, where everything is done online, a prospective customer of this product is required to provide two passport photographs and utility bill. The prospective customer then goes to a branch of the bank and opens a First Instant Account. The physical appearance of the person, the bank says, is aimed at ensuring compliance with the Central Bank of Nigeria, CBN, know your customer, KYC, requirement. “I don’t have time to waste in the banking hall because if any site is down and I am not on ground, lives could be lost. I also need such a platform to send money to my wife and parents without delay. Apart from that, I also use the account to buy things online and they are delivered to my wife as fast as possible,” Afolabi told the magazine. From all indications, the banks are not just excited about online banking. There is also a hot competition to increase deposit base. That is why for instance, the First Instant Account though, open to everybody, is specifically targeted at the lower end of the banking populace as well the low-income earners. Apart from the regular challenges associated with many bank products, especially Internet banking, Babatunde Lasaki, head, external relations, marketing and corporate communication, First Bank said, “the customers need to get used to the operational dynamics and it takes a gestation period,” emphasising that the bank has always been in the forefront of efforts at stemming financial frauds, be it Internet scam or any other financial related frauds. “We are continually putting measures in place to prevent the First Instant Account from being use to perpetuate frauds,” Lasaki told the magazine. But how safe are accounts opened through Facebook? Owners of such accounts and other online banking platforms live in fear of Internet scammers. Virtually all banks have deployed one measure or the other to check the activities of online fraudsters. Not long ago, United Bank for Africa, UBA, commissioned a Security Operations Centre and Forensic Laboratory that provides all-round security monitoring for electronic banking transactions. This, the bank said is aimed at protecting its customers from cyber crime and other forms of electronic banking threats. The technology enables the bank to deliver secured electronic services as well as manage security threats to accounts. “We partnered with top information security organisation that worked with the bank to upgrade our information security infrastructure in Nigeria and 18 African countries where we have presence. The drive towards cashless economy and migration of customers from banking halls to channels, demands that we put in place systems and processes that would protect our customers and the bank hence the establishment of this centre,” said Phillips Oduoza, group managing director and CEO, UBA. According to him, the management of the bank decided to invest in a robust information security infrastructure, process and skilled personnel as an effective way of managing information security threats. He emphasised that any serious banking institution that wants to succeed in the digital age cannot afford to ignore information security as any major compromise of bank’s system and network has potential for colossal damage. In addition to that, the bank implemented an enhanced customer authentication system using physical and virtual token to protect customers against identity theft through password compromise that could lead to fraud in their accounts. The physical token generates a one-time password for the customer each time a customer wants to carryout Internet banking transaction and the password expires within few minutes if not used. Once the password is used, it cannot be reused by fraudsters if captured or compromised. “E-banking transactions are monitored and customers are contacted when suspicious activity is detected on their accounts,” said Sam Okenye, divisional head, IT risk management of the bank. Despite all the efforts being made by banks to put cyber crime in check, there are clear indications that online banking is under threat even at the global level. Information technology, IT, experts admit that in today’s connected world, convenience, speed, technology adoption, and payment options allows people and businesses to conduct online financial activities in easier and more efficient way. Consequently, fraudsters are taking advantage of this increased use of smartphones to access the Internet, malicious malware, socially engineered account takeovers, and other means. “In a bid to outshine others or pass off a trendy facade, financial institutions must not sacrifice security/safety and due diligence in the altar of trendiness,” said Don Okereke, a security analyst. The latest report of Nigerian Deposit Insurance Corporation, NDIC, indicates that Nigerian banks lost about N17.9 billion in 2012 through fraudulent transactions. That represents an increase of 43.7 per cent from the figure of the previous year. To lend credence to this, the Nigeria Police Special Fraud Unit, SFU, is said to have declared over 50 bankers wanted for bank fraud in the last one year. In January this year, Union Bank of Nigeria petitioned the Economic and Financial Crimes Commission, EFCC, over a criminal attack launched on its database known as Flexcube by unknown persons. The fraudsters falsified the banks records and accounts and created suspicious opening balances in different accounts across branches. They then transferred funds from those accounts to other banks. Through those electronic transfers, Union Bank lost N2.05 billion to the scammers though they were later apprehended by the EFCC. That is just one out of the many cases of Internet fraud in recent times. Statistics show that automated teller machines, ATM, card is one of the instruments commonly used by online scammers to defraud depositors. Perhaps, more pathetic is the story of a retiree who received his terminal benefits in his bank account but took ill shortly after. But by the time he recovered and got to his bank to make withdrawal, he discovered that virtually everything he had in the account had gone with the wind. For this reason some people who are in the know advocate that one safety measure an account holder can take is to subscribe to transaction alert when they open accounts with banks. Yet, that does not seem to be full proof. “There is a global surge in financial electronic fraud and this ugly phenomenon is increasingly becoming very sophisticated. In their bid to swindle unsuspecting victims, criminals are upping their ante, in many occasions, deploying a mix of social engineering and reverse-engineering to circumvent security and safety measures deployed by financial institutions. Interestingly, insiders, especially cashiers, IT staff, security officers are sometimes complicit in growing electronic frauds,” Okereke told the magazine. With the growing cases of online fraud there are also indications that ATM challenge is far from being over especially as it affects security. The difference between what happens in the Nigerian banking system and the practice in some developed economies is that if a depositor is alerted of illegal transaction on an account, the bank blocks the account once it is notified; It then goes ahead to investigate the claim of the depositor and pays back where necessary. Okereke warns, therefore, that in view if the fact that debit and credit cards can be cloned, bank customers should be careful about the type of retail outlets or website they swipe or enter their card details. There are reported cases of criminals installing fake ATM’s in and around shopping centres, public locations and also cases of criminals using WiFi scanners and cracking programmes to download transaction data. The expert opinion is that an ATM inside or within bank premises is safer than a typical one on the street. Bank customers are advised to desist from storing personal and banking details in their mobile phones as these devices can easily get missing or stolen; and to avoid accessing personal online accounts especially banking transactions from public computers or through public WiFi spots or cyber cafes. They are also expected to shred all unwanted bank and credit card statements and never give out bank account details to people even to friends under the guise of using the account to receive money from another party. In the event of fraud, experts say “it will take a very brilliant solicitor and favorable forensic evidence to exonerate the account holder if the bank account is unwittingly enmeshed in a fraudulent transaction.” For example criminals are said to have perfected the art of sending customised bank transaction SMS alerts purporting to emanate from a depositors bank. Cyber crime and in particular, ATM is a global phenomenon. In October this year, the European ATM Security Team, EAST, reported a significant rise in both low technology fraud and ATM explosive attacks. The total reported loss through ATM fraud in 2009 was €157 million. The figure declined to €112 million in 2011, rose to €131 million in 2012 and declined again to €124 million in 2013. Within the countries, there were also 1,196 reported cases of physical attacks on ATM in 2009, the figure declined marginally to1,087 cases in the following year and later declined to 1,007 last year. EAST also reports that banks in 22 European countries lost €485 million in 2008 due to fraudulent ATM transactions. In the same year, fraudsters stole $9 million within minutes from the Royal Bank of Scotland. Way back in 2004, hackers came very close to pulling off a $440 million deal at the Sumitomo Mitsui Bank in London. They were said to have used hi-tech equipment including USB memory sticks to install key logger software’s on various workstations in the bank. The Japanese National Police Agency asserts that ¥48 million (approximately $518,000) was transmitted electronically from the accounts of 63 Internet banking users between June and December 2012. ICT experts believe that many of today’s teller facilities are vulnerable to fraud as a lot of them utilise operating systems like Microsoft Windows and use Internet Protocol networks as their communication mechanism. This exposes their systems to high risks due to the inherent vulnerabilities of these platforms to malwares, viruses, worms, Trojan horses. There are inherent risks associated with the proliferation of mobile devices in the work place. In todays cyber world therefore, banks are not immune from what the experts call an increasing trend in “distributed-denial-of-service, DDoS attacks”. These are attacks engineered by fraudsters or hackers to temporarily or permanently make a server or computer network unavailable to prospective users. As part of measures to combat fraud in banks, especially as the cashless policy of the CBN gains ground, the apex bank early this month, signed a $50 million agreement with Dermalog Identification System, a German company for the deployment of biometric data capturing machine for all banks customers in the country. The system, when it comes into being will lead to a situation where thumb printing becomes a major means of identification in banks and ATMs. Although Lamido Sanusi, CBN governor, assured that the exercise will not be in conflict with the national identity card project. Under the new policy, each bank will have a 4-4-2 scanner, facial recognition device, single verification scanner, receipt printer, electronic signature pad, flatbed scanner and a mobile capture device. The system will, according to Sanusi, “boost our image internationally, deal with money laundering, help us deal with fraud, help us extend credit to people without worrying about where to find them and who they are. It would also help those who are not educated to use biometrics to be part of the payment system.” But promising as this idea may sound, it is instructive to note that the country may just be on the verge of biometric and identity management crisis. Not a few people have questioned the rationale behind a biometric exercise by banks when several other government agencies are also capturing biometrics that should have been done by the National Identity Management Commission. The other agencies include Federal Road Safety Commission, Nigeria Police, and Nigerian Communications Commission in collaboration with telecoms companies. Only recently, the Lagos State government began a residents’ registration exercise under which the biometrics of residents will also be capture. Many stakeholders in the financial system will recall that one of the projects embarked upon the Sanusi regime at the CBN a few year ago was the credit registry policy; till date that exercise is yet to be completed. For bank customer, the only thing that works for now is caution. Additional reports by Chikodi Okereocha and Abiola Odutola
Posted on: Wed, 27 Nov 2013 21:14:20 +0000
Trending Topics
Recently Viewed Topics
© 2015