Fraudsters count on banks and FinTechs not talking. It’s killing digital payments!

Fraud plagues Nigerian online transactions. Nigeria lacks centralized fraud prevention services, with the recent CBN watchlist being limited. A global fraud repository could aid but requires robust risk management and quality assurance. Collaboration is vital to combat fraud and ensure a safer digital environment.

Electronic fraud is a significant reason why many Africans especially Nigerians, including highly educated middle-class, don’t want to do transactions online or use digital products. While a lot is being done with efforts such as Two Factor Authentication, customer opt-ins, etc., frauds still go on because banks and payment providers don’t share information with each other.

Fraudsters are still having a field day because of one thing – evil thrives in darkness.

Recently one of my friends running a payment company called to find out what we could do to some people who did fraud on his platform. As a matter of practicality, I told him nothing.

Think about it, what if he went to the police? Unless the fraudsters were so brazenly sloppy, the Police probably can’t investigate to catch them. He will spend the next few months going back and forth like a poorly installed pendulum, some random arrests could be made, but in the end, just like others, nothing would happen.

So, he did what every payment company or bank has been doing since – improved his systems, licked his wounds clean and moved on with life. I’m dead sure he’s silently cursing them under his breath.

But my gut feelings told me these bad guys didn’t just start with him – they have been on this less than illusory career for long. And that is the crux of the matter.

In South Africa, the banks, payment providers, and just everyone came around to form the SAFPS (Southern African Fraud Prevention Service). If you did a bad thing and your name strolls into their list, trust me, your transactions will continue to fail, but you will know why.

International internet service providers also use large crowd-sourced databases of spammers (SPAMHAUS) where source IP addresses and domain names of spammers are logged. If you spam and your name goes there, your emails will never be delivered again (to those who use the database for filtering spams). Major companies in Nigeria, including almost all banks, use SPAMHAUS to protect their email infrastructure.

So why don’t we have the same thing in Nigeria? I am very sure if my friend had a service, he could check transactions against, the boys who scalped him may have been stopped from getting their loot. And let’s say he was their first port of call, if he reports them, they won’t be able to hurt anyone again.

The Central Bank of Nigeria (CBN) and Nigeria Electronic Fraud Forum (NEFF) did the right thing recently when the CBN watchlist was inaugurated. My banks have been sending me warning messages not to misbehave because if my name should enter that list, my own don do.

This list is limited to only banks and BVNs alone. However, we know that fraud surface area covers extend to emails, phones (those spammy BVN update alerts), IP addresses, etc. Another challenge is that many frauds happen on platforms beyond banks. For example, fraudsters routinely log into wallet systems to defraud hapless customers.

A centralized global repository of fraud information, accessible and non-partisan would go a long way to instill confidence, and just allow everyone to snore longer at night. The cost of transaction also goes down as cost attributable to fraud losses would not be overlaid on transaction fees anymore. However, without this repository and other means of squelching fraud, innovations from smart Fintechs may never reach that critical level as payers will always be frightened to go online.

If they could pull this off in South Africa, why not Nigeria? It would be to everyone’s benefit to collaborate and crowdsource information.

Nevertheless, crowdsourced fraud information comes with risks as well. What do I do if a payment provider maliciously put my name on that list and my transactions get flagged? What if someone takes them to court and asks for $1B damages for failed transactions?

A shared repository of fraud information doesn’t remove the requirements for proper risk management – which much FinTechs lack. I mean, risk management is as boring as hell, no place in the awesome sexiness of a startup. True? False! Adhering to regulations, PCI-DSS, ensuring that changes follow maker/checker processes, logging everything that moves, encryption, hashing before and after changes, etc. guarantees your neurons are used for product development, not recovery efforts.

You can’t underestimate the need for testing. Quality assurance is another major area of lack for Fintechs and this is probably responsible for 70% of the holes that the fraud lizards crawl through. Beyond normal happy path, regression, a double-blind ethical hacking can pinpoint gaps that need plugging.

Beyond all these, collaboration and information sharing will go a long way to keep the bad boys at bay; Christmas is around the corner, and everyone wants to hammer.

Getting them high: Challenges of onboarding customers to digital services

Digital services, which include cards, online banking, mobile apps for finances, USSD for transferring money you don’t have, etc., are essential services. In fact, financial inclusion has been elevated to the level of fundamental human rights. However, unlike things we derive joy from using – Whatsapp, Tinder, Facebook, to mention a few, digital services are like toothpaste; nobody gets too emotional about them – you just want them to be affordable, available, easy to use and then get them out of the way before you lose your mind. That is if you have a mind to start with.
Challenges facing purveyors
But then, the horror eating at digital bankers, the unloved purveyors of FinTech (Ok, I want to stop using this buzzword, it’s no longer cool) products and other financial thingamajigs, is the low onboarding or usage rate despite a captive market. When I say captive market, I’m talking about banks with large customer bases but whose customers just don’t sign up for electronic services. You would think customers love going to those crowded and nightmarish banking halls. Hell, freaking no! They continue to complain about having to visit branches to get things done. To make matters worse, even the tellers in the branches aren’t smiling or friendly, so what’s the point?
What customers want
I know quite a bit about what customers want with digital services because I’m one of them. As crazy as it sounds, I’m a customer, so I’m speaking for the hordes of ill-served and hapless customers.
The average user isn’t a techie, but yet products and services are designed such that you need to be a professor to figure things out. How to get the products is never clear; the screen flow is more complicated than flying a space shuttle, and the error messages leave you scratching your head. I can imagine how hard that is going to be for bald customers. For example, the password instructions about using special characters, upper, middle and lower cases, etc. can drive even the most patient Moses impersonator to tears. Why can’t I choose a password I’m more comfortable with? After all, if I use a complicated password and my money gets stolen, the bank still won’t be doing a refund.
By the way, using passwords such as Password123, for example, is like painting a big fat red ‘X’ on your back and then taking an evening stroll through a war zone.
Customers want convenience so asking me to visit a branch to request internet and mobile access is just, pardon my language, insane. Until someone explains why Facebook and Whatsapp never set up offices to sign up users, but my bank has to force me to endure the unfriendly Customer Service Officer, I won’t ever understand this. The pseudo-professionals talk of security and risk management, I only see mental laziness. While the risks have not disappeared, banks have launched USSD services, virtually all via self-enrollment, and the world is yet to end. Why the same approach can’t be used for all other electronic services baffles me.
My accounts have simple ten digit numbers, but the various digital banking services require different profiles and credentials. The multiple systems don’t talk to each other or even know my preferences. Does it make sense to have a different username and password for the internet and mobile services? Why can’t I manage my cards within these applications?
And the most annoying thing ever? – Even after I have taken Keke Marwa to visit the branch, endured the overzealous security guard, prayed through 10 chapters of Psalms that the branch doesn’t get hit by robbers on the day I visit, complete a form that stretches over a thousand pages, made to fill all my information over and over again, sign in 10 different places and then, oh, the customer service officer says “you have to come back to get your token as we have to make a request to head office.” Darn it!
Why digital initiatives and products have failed
Of course, customers aren’t idiots, so they rebelled against the products, come to the branches to cause trouble and continue to add to the blood pressure of digital bankers when they have to explain their weak numbers at monthly performance meetings.
My opinions on why things failed are few:
It starts from the top. Senior management and executives don’t understand the retail customers. In their rarefied offices, they practically get everything done for them. If you don’t walk in your customers’ shoes, you can’t get things done for them. In fact, let’s take a bet; if you work in a bank and 50% of your senior management use digital products regularly, I’ll give up my salary for next month.
Many products are developed by techies, who obviously have orgasms making complex products than serving dumb customers like me. The world has moved beyond digital products being hobbyist items; experts in customer experience and human computer interaction need to work on the flows and processes that are simple and a joy to use. Banks and FinTech (oops, I used the word again!) have to start doing product management and not product delivery.
Risk management is essential but isn’t everything. Every business has an element of risk; if you don’t want to get bruised, don’t play games. Many of the processes and product requirements are designed by sadists who think risk avoidance is the same as risk management. Not to be hard on them, if you have ever seen a massive fraud once in your career, you could be worse than them. Trust me, EFCC cells don’t have air conditioners.
Data practice is poor, and customer information is scattered everywhere in database silos. The silo data means the customer’s phone number on the card management system is different from the one on that of internet banking; the address filed on the mobile app request form was never updated into the core banking application; the madness goes on and on.
Making life easy for everyone
It’s not all doom and gloom. The strides made by some banks, especially those leading the USSD trail (GTBank, Fidelity, Access, Zenith, etc.) have shown that when the right mindset is applied, magic can happen. The simple workflow and self-service options for USSD banking have been so successful that it has led to over 200% growth for interbank transactions in 2016 alone.
Banks should develop integrated products or make efforts to integrate what they already have. Let the ATM know that I have the mobile app; let the mobile app be able to change my card PIN (yes!), set limits and allow me to make requests from my phone.
Processes that involve branch visits should be streamlined; Forms should be designed by humans (not sadists) and for humans; requirements should be clear and reasonable.  For instance, setting up a company online banking profile, with various mandate instructions remotely, will always be difficult but not impossible. At least, that process shouldn’t be an attempt at mental genocide.
Banks should clean up their data and also implement a single-source of truth. It’s never going to be done in a flash, but the process can start now.
FinTech and banks should understand what risk management is. Instead of making things too loose (FinTech) or too hard (Banks), elements of quantitative and qualitative risk assessments should be applied, and banks should learn to set a portion of income aside for fraud and loss compensations.
Things can change
The frenetic pace of changes over the last few years is an indication of things to come. I honestly believe that many of the issues outlined above can be resolved. After all, we didn’t get here in one weekend.  Additionally, the regulatory demands of Cashless would drive the banks, financial service providers and the average Nigerian towards more robust digital services.

Fixing the PTA Palaver with Technology

There was a collective sigh of relief when the Central Bank of Nigeria recently decided to clear the backlog of travel allowances pending with banks. Nevertheless, a lot of well-meaning Nigerians could also see the opportunities for arbitrage and abuse. Of course, bad boys being bad boys, it quickly turned into a bazaar.

The Personal Travel Allowance, PTA, is a carryover of the ancient Nigerian command and control FX policies where the government, acting as the national nanny via the CBN, hands over FX at a subsidized rate of $4K per quarter. Never enough to build a mansion, yet the margins are sufficiently fat enough for anyone to do a quick deal. For example, the difference between the CBN rates and the alternative markets is about N120; that’s about N480K per quarter and N1.9M per year. Even the angels would be tempted.

Meanwhile, that’s nine times the annual minimum wage specified by the Federal Government.

Instead of looking a gift horse in the mouth by blaming the CBN, who could have turned the other way and let everyone roast with the BDCs of this world, some friends and I thought we could come up with ideas on how this can be managed with technology. Our sole object is to help those who need the FX to get them easily while ensuring the opportunity for abuse was minimized. After all, why blame the government for a poor policy if we don’t have clear alternatives.

After bashing our heads against the wall for some hours, we came up with the following:

FX Nanny Online 😊

The interesting thing with the Nigerian traveler is virtually every one of them has a bank account, and with that comes the dreaded Bank Verification Number, BVN. The BVN is probably the best invention to tame financial recklessness in Nigeria, but we are not utilizing up to 5% of its capabilities. That’s a story for another day.

To get FX for travel, the intending traveler would apply online at some random web app to be put up by the CBN. Let’s say it will be at www.fxnanny.cbn.gov.ng.

Travelers will specify the usual details: travel dates, airline ticket reference, travel document details (scanned copy of their passport), bank details, BVN, etc.

At application time, the web app will indicate the likely rate at which the FX will be sold.

The processing team can then review the application and if approved, make FX available by debiting the traveler’s account using the cardholders’ bank process. The processing must be automated, if not, it creates an opportunity for tingodism.

To ensure that abuse is kept to the minimum, travelers’ passports will be automatically validated with the immigration system, tickets checked against airline APIs, and when the traveler returns to the country, the travel records will be automatically checked against the immigrations airport database (does that even exist?).

And here comes the kicker. The FX will be available to a specific prepaid card which can only be used in the countries the travelers have specified and verified via their airline tickets. Additionally, the card or FX will only be active from the date of travel and cannot be used in Nigeria at all.

Travelers will need to buy the prepaid card from any bank, or their bank, and automatically, those cards will be tied to their BVN and be available for automatic loading. They won’t need to visit any bank branch.

Anyone found to have abused the system should be banned for half of eternity and made to spend two weeks with EFCC, washing plates, and detention cells.

Service could cost about 1% shared between banks, the platform provider, and the CBN. Someone has to keep the lights on!

Benefits to the Central Bank

  • It can finally have peace of mind and stop chasing banks around, hustling them to provide data about FX usage. That sucks a great deal.
  • The majority of PTA abuse can now be curbed. Of course, someone will always find a loophole, but that can be addressed when CBN gets to that bridge. Hopefully, not River Niger Second Bridge.
  • CBN will be able to have a real-time overview of the PTA market. It will be easy to ferret out insights into which countries people love to traipse to, which airlines love PTA users, which banks are playing games, etc. without issues.

Benefits to Travelers

  • With the assurance of a level playing field and the demystification of the man-know-man Nigerian problem, the regular traveler can have hopes of a decent PTA without sucking up to a raggedy teller in a bank branch.

Benefits to Banks

  • Earn commissions from processing the debit of travelers’ accounts and crediting the travel card. Should 0.65% be a good incentive?
  • The only source of temptation which has killed many budding careers would be taken away. Trust me; bankers regularly get steamrolled for FX infraction. In fact, it’s an existential risk for branch managers.

Apparently, our solution has glossed over many key issues. For example, who is going to build the application and maintain it? Is the CBN going to be allowed by card associations to issue cards? Will it issue MasterCard and Visa cards only? What will it say to Verve, Freedom, and Genesis cards? If the site crashes or slows down, who is going to be held responsible? What happens when a card is lost, stolen, or blocked? What happens when a traveler needs to change his travel plans?

I don’t have answers to these questions, but hey, the world is full of smarties. Anyone can contribute opinions below.

mCash would change the future of payments in Nigeria

mCash, leveraging USSD, revolutionizes payments in Nigeria. Available to 28 million users, it bypasses POS challenges with instant settlements and broad accessibility, potentially transforming electronic payments nationwide.

The Nigeria Inter-Bank Settlement System (NIBSS), along with numerous banks, have launched mCash as an alternative payment system in the populous country in Africa.
mCash rides on USSD and anyone can easily use the code to make payments at large stores, corner shops, etc. The mCash payment system, which is automatically available to over 28 million account holders in Nigeria, can be used with any smart or feature phone.
The Central Bank of Nigeria has been pushing electronic payments in Nigeria for years. The elaborate program, dubbed Cash-less Nigeria, was driven massively in partnership with banks, switches, schemes and other stakeholders. The results have been fantastic as electronic payments in Nigeria is on a tear.

Despite the massive success of the Cash-less Nigeria program, merchant payments using Point of Sales (POS) terminals have not been as successful. Payments at POS terminals have been bedeviled with a lot of issues: High cost of terminals, which has been exacerbated by the devalued Naira. Poor telco data/GPRS infrastructure. Overregulation of participation and fees, which has made the business to be highly unprofitable. The list of issues goes on.
It was no surprise that banks started pulling back. Many at times, merchants desirous of having terminals are not given because they may not have enough transactions to allow the banks breakeven.
Not deterred by these, NIBSS and some banks rallied around to design a new payment system which would latch on to the recent success of the USSD banking in Nigeria.

Rising from the ashes of mobile money in Nigeria, another failed experiment in the quest for a cashless society, banks quickly repurposed their USSD codes to connect directly to bank accounts instead of mobile wallets. As the average Nigerian is already used to using USSD codes to load airtime or select call back tunes, there was an immediate affinity. USSD banking in Nigeria now has more users than all other channels apart from payment cards.

The mCash payment system allows account holders to dial their bank codes or a special general purpose code and then pay any merchant. The paying customers and merchants do not need to be with the same bank. The transactions ride on the existing NIBSS Instant Payment infrastructure. Merchants get settled instantly instead of waiting until the next day as it would be for POS transactions. Banks do not need to create additional back office processes as the payment transactions are treated like regular NIP transfer payments.

Even the merchants love the new system as they would not need to pay interchange or MSC.
This is a new payment system and the jury is still out on how transformational it could be. It has all the potentials of a successful platform: reach, ease of use and cost to merchants.

Is Nigeria ready for digital banks?

Digital banks operate entirely online without physical branches, targeting tech-savvy customers. They face challenges in regulation, trust, customer support, transaction costs, and technology in Nigeria. However, with efficient execution, digital banks can revolutionize banking by offering simple, modern services.

There is so much confusion out there about what digital banks are. Bring a thousand self-proclaimed experts and you will probably get two thousand different definitions.
I am confused too, but for today, let’s pretend that I know what I want to say.
A digital bank, sometimes called a direct bank or online-only bank, is a type of bank where there are no branches and interactions with customers are through the internet, and of recent, mobile apps.
There is a distinction between mobile money and digital banks. Mobile money is usually a wallet accessible from mobile phones using SIM Tool Kits (M-Pesa by Safaricom in Kenya) or USSD (M-Pesa by Vodacom in Tanzania). Mobile money is primarily driven towards financial inclusion and the most successful examples are mobile telco led.

Mobile money is limited in features, have less than required interoperability with existing financial payment systems and for these reasons have failed in countries with a sizable chunk of middle-class population. MTN and Vodacom just shuttered their mobile money services in South Africa.
Digital banking is also different from mobile banking in the sense that mobile banking is banking on the mobile phone for accounts which are already opened in a traditional bank. So if you decide to smash your phone in the latest craze of clapping while taking a selfie, you can visit your nearest bank branch to wink at the new teller while taking cash over the counter.
Is Nigeria ready for a digital bank? Let’s analyze this from a simple point of view – what would it take to have a digital bank in Nigeria.

Regulation
Forget about the story of enabling technologies and a shift in demographics: Banking is a highly regulated business which the government has 150% interest in. There is a financial and documentary barrier to having a bank. N25B anyone? That aside, the Central Bank of Nigeria has different classes of banking licenses for which a digital bank type is conspicuously absent. Not to be deterred, some brave individuals are bootstrapping digital with minimal microfinance bank licenses. But having MFB as part of your brand is so meh.

Prospective Customers
Digital banking isn’t financial inclusion. One is driven by capitalism and the other by altruism. Digital banking is narrowly focused on middle-class customers who are tech savvy or comfortable enough to do their transactions away from the banking halls. Trust me, I’m one of them and our Nigerian local association is large enough.
Going to a bank branch in Nigeria is an exercise in self-flagellation. Sending someone else to a branch on your behalf is worse than water boarding. You endure endless traffic, you could get robbed coming back, the tellers don’t smile anymore (they were never smiling), you could age literarily standing in the queues for hours and when you get to the front of the queue, the system is down.
While mobile banking hasn’t been successful in Nigeria, it has been more of the poor back-end of the different banks. In fact, banks have been more inclined to open new branches and chase around for deposits than providing an awesome mobile or web experience.
Trust me, many of us would not miss going to a bank branch!

Trust
At no time in my life has my salary been good enough, so I don’t play with it at all. To hand over my hard-earned money to a digital bank without a branch where I can go make a scene or head-office where I can join others to picket is asking for too much.
I’m not so sure if the average Nigerian trusts an average Nigerian. Trust comes from ubiquity and longevity; a digital bank would need to be in the face of Nigerians for a while before it can be trusted. That would cost a lot of money in marketing – radio jingles, TV adverts, billboards, social media, tie-ins, etc.
During this love session, the digital bank must never ever, ever, ever, ever, make any mistake, if not the trust will deflate like a pricked balloon.

Customer Support
Things would go wrong, not once, not twice but as many times as it could go wrong. When this happens who will provide support? The contact centers of Nigerian companies are notorious for adding to problems and not solving them. Complaining about an emergency is an exercise in futility and even floor managers are impotent and wouldn’t help you.
A digital bank must build customer service into its core. It would be difficult but not impossible. Floor managers must also be able to make decisions.

Cost of transactions
Banking in Nigeria is very regulated much more than a C Compiler (if you get the joke). As Nigeria is still a cash-based economy, a digital bank with no debit card offering is DOD (Dead on Departure). However, giving cards would also be a DOA (Dead on Arrival) as the Central Bank mandates that the first 3 transactions are free for the customers (not the banks). A digital bank can probably never have its own ATM network. How would it fund it when it would cost at least N20M per ATM gallery?
I’m not a pessimist but I can’t figure out how it could be done at this time. Maybe an alliance with large banks? I don’t know any philanthropic bank in Nigeria who is ready for free ATM withdrawals for customers of digital banks.

Technology
Traditional banks are a mishmash of disparate systems held together by badly implemented integrations: Nothing works. Data are held in silos and never talk to each other. It’s a technological hell-fire where badly behaved bits and bytes are sent by the god of science.
These technologies are also insanely expensive and with USD beyond the reach of everyone, building a digital bank on available technologies is a business suicide.
The good news is that digital banks are mostly building their own technology stack (Atom, Starling, Simple, Monzo, Fidor, N26, etc.) and Nigerians have the intellectual chops to build better platforms than even these guys.
Established networks, especially MasterCard, are also lending their weight behind these initiatives to allow digital banks enter into mainstream interoperability.

Features
Traditional Nigerian banks offer everything and probably nothing. However, the average Joe like you and me just want a simple current or savings account, a debit card to go with it. You can throw us some overdraft or personal loan when we go broke. Let’s be able to send and receive money to/from other banks. Let’s be able to take cash from the ATM and when the dollar is available, let’s use our cards abroad.
We want an awesome mobile app. USSD banking is a must else don’t even bother talking to us. The internet app must be great and we don’t want to click until our fingers break just to do anything.
SMS and email alerts are compulsory and should get to us instantly. Don’t also lose our money to fraudsters. When we have transactions to dispute, don’t try to mock our intelligence or stretch our patience beyond limits. Let someone answer our calls and proffer intelligent analysis/solutions to our issues when we dial the Contact Center number.
These are not too much to ask for and I believe any digital bank worth its salt should be able to deliver them.

Conclusion
It has been a rambling long post but barring cost of transactions and technologies, digital banks can dip their toes into the storming river of Nigerian banking.
I think the country is ready now – there would be many casualties at first but over time, these digital natives could become behemoths, and you never know, appear in the top 10 of largest Nigeria banks.