Fraudsters are raping the Nigerian fintech space to death

Rape and financial fraud share a common thread: the silence of victims, often due to shame. In Nigeria, banks and fintechs suffer a N12 billion loss to fraud, yet remain silent, fearing the stigma. This silence hampers justice and perpetuates the cycle of crime.

Rape is the absolutely worst thing that could happen to anyone. It’s so horrible that if rapists are caught and sentenced to death, many people won’t even bat an eye and simply believe it’s justified. It’s so horrible that some rape victims commit suicide. 

But if it’s such a terrible offense with severe consequences, why do rapists often get away without consequences? The answer is pretty straightforward, albeit very sad: Most rape victims would rather keep mum than expose these bastards. 

Naturally, the next question could be why are victims so reluctant to step forward to the extent that many accept that they may never get justice but stay silent all the same? 

The answer to this, much like the former, is also quite straightforward. 

Shame. 

Nigerian banks and fintechs have been shamed into a N12 billion silence

It’s no secret that victims are often shamed into silence and even merely the thought of being shamed is enough of a deterrent for those who may want to speak up. Many times, people even forget about the guilty party and focus on grasping at straws to blame the victim and try to convince them that they were complicit in their attack.

Similarly, shame is what makes it difficult for financial providers whose businesses have been defrauded to speak up even when they can get justice from the authorities.

Would you believe that since the start of the year, there has been a systematic rape of banks and fintech? I’ve personally tallied ~N12 billion lost to frauds and hack. Every bank and fintech hit has been groaning in silence but no one is ready to speak up. 

And I’m not just talking about small or new banks, I’m talking about from the big 5 banks all the way down to the smallest ones; fintechs included. Business Day recently mentioned Fidelity, Access Bank, and others who have lost billions to fraud over the last few months

The discussions about fraud are happening behind closed doors, Telegram channels, WhatsApp groups and the groans are growing louder but still, no one is ready to break this costly silence.

And that, fellow Nigeria, is what the fraudsters are banking on.

Why is fraud running so rampant?

A major cause for concern is sloppy APIs and weak security infrastructure that allows bad actors to gain access to financial systems and move money out. However, despite the more sophisticated systems and security measures with the large banks, people are often the weak links in the system. 

Generally, humans will be careless but it also happens that bank staff are bribed to  bring in compromised devices to work, etc. which makes it possible for fraudsters to access the banks’ database externally and use private APIs to perpetuate all sorts of crimes. 

Of course, we can’t leave out the fraud committed using debit/credit cards and POS machines.  Chargeback fraud is so rife you could write an entire book around it. Chargeback destroyed Union54, a once promising African card processor

What happens to the stolen funds? 

Well, the stolen funds take quite the journey. First, the money is sent to another bank,  split and passed through even more banks before it then moves through some certain new generation banks; some of which are foreign-owned.

Nigerian banks protect themselves. When cases of unauthorized transactions are reported, it usually triggers a flurry of emails and calls between the banks and the accounts suspected to be involved are restricted pending further investigation. There’s a legal agreement between banks to do this. Albeit, not sanctioned by CBN. 

Unfortunately, the new generation banks and fintechs don’t comply with this rule and so the stolen funds simply disappear. Poof!

What’s the implication if this continues? 

The reality is that the traditional commercial banks make enough profit to cover getting hacked by APIs so while we should be concerned about them, they’re not the ones most affected by this menace. 

The real problem is with the everyday Nigerian who loses their hard-earned money. If the banks are unable to trace where the money went, there’s nothing they can do and their money is simply gone. 

The ability of the financial sector to play its role effectively is rooted in trust. Even the strongest economy will crumble if end users lose faith in the financial system. This is what’s at stake while fraudsters continue to destroy decades of work that the CBN, banks, and fintechs put in to build the system we currently have. 

For all its many woes, Nigeria is actually ahead of quite  a number of  its counterparts in terms of the capabilities in the financial sector; especially with electronic transactions.

Therefore, if Nigerians lose in electronic transactions, that sets us back significantly and all hopes of growing the economy vanish.

By law and regulations,  banks and fintechs are required to declare to the CBN whenever there is fraud; either hacks or just the everyday “Nigerian Prince” scenarios.  But we have to be pragmatic for a minute here. Remember the shame we spoke about earlier? Well, this is where it comes in. The shame associated with declaring a successful fraud attack to the CBN prevents affected organizations from doing so. 

If you have had the misfortune of CBN having you to explain your mistakes, then you would understand while sometimes when you kids get bullied in school, (or even more dastardly, raped) then you would know why no bank sings to the CBN when they are taken advantage of. 

To make it worse, when customers hear a bank has been hacked, it immediately reflects poorly on the business and suggests incompetence and an inability to meet expectations. 

It’s almost like the fraudsters responsible for these terrible acts don’t even exist at all.

But who is to blame here?

The short answer is everyone!. 

Quality of human resources within the banking and fintech ecosystems have taken the hit as every smart one of them has “japa“. Some of us may claim to “love” Naija but the truth is, the best and brightest have gone leaving us at the mercy of digital night marauders. 

Poor quality has led to poorer platforms. We now have very powerful APIs and other technical capabilities with sub-par resources to monitor and secure them. We are all dead men walking.

Banks and fintechs are sloppy with their Know Your Customer (KYC) and Customer Due Diligence (CDD). Or how do you explain Adedeji with N100k inflow over 24 months suddenly getting N10m and immediately moving that money out?

Super agents aren’t able to explain how sudden cash flies through some agents as cash and there are no ways to hold anyone accountable.

CBN is also not on top of these fraud issues. They don’t need someone to report themselves to know that all isn’t right with the system.

Enough of victim blaming and shaming.

How do we restore the trust that lines the financial system 

We’ve already established that everyone has dropped the ball but irrespective of who’s to blame, this issue must be addressed urgently. If not, once the trust in the system is destroyed, the center wouldn’t hold. Fintechs and digital financial services is one great thing Nigeria does well. It shouldn’t die.

CBN and banks should lead a tougher chargeback regime, similar to what happens with cards, for interbank frauds. This will force every bank to take KYC and CDD seriously.

Any bank on the chain found not to have done proper fraud profiling for transactions should be held responsible for the amount that passed through them. Enough of end-customers holding the bag when everything goes south. Let’s hold banks accountable for a change.

CBN, Banks and NIBSS should make it easier for anyone to report fraud. The current process is broken and doesn’t help anyone. They need to collaborate with the Nigerian Communications Commision (NCC) to make fraud so expensive for fraudsters so they reconsider their career choice. 

For instance, once implicated, a fraudster should be banned from all electronic transaction channels from 1 year to forever. Good luck to this individual.

The issue here is consequence management. When the authorities make the consequence for fraud expensive and damning, fraudsters will begin to borrow some sense. 

Until then, welcome to the league of the onlookers. Because everyday is like Christmas for these fraudsters while the rest of us are wondering when this comic episode will end.