NeFF warns against threat of ‘Deep Web’

The Nigeria electronic Fraud Forum (NeFF), has warned financial institutions against a cyber-security threat called ‘Deep Weep,’ even as it launched its 2015 annual report themed: ‘Improving and securing the Cyber-Environment.’

While declaring the forum’s  meeting open on Friday in Lagos, Director, banking and payment system department of the CBN, Mr Dipo Fatokun said NeFF wants stakeholders and the public to know that what happens in the ‘Deep Web’ can also affect financial services providers in Nigeria.

The ‘Deep Web,’ invisible web, or hidden web is a part of the World Wide Web whose contents are not indexed by standard search engines for any reason, but facilitates a lot of underground transactions. The deep web is opposite to thesurface web.

According to Fatokun, the forum presented its first annual report in 2012, which was a compendium of papers shared at the Forum and after an interval it presented the second report titled e-fraud: ‘Fighting the battle, winning the war in 2015.’

“As we unveil another literary contribution to the annals of e-fraud fighting in Nigeria, we thank all our stakeholders who found time to contribute to the scholarly papers that make up the report being unveiled today,” he stated.

Fatokun said the forum has been very busy between March, 2016 when it had its last meeting and now, adding that a lot of items deliberated during the 2015 retreat have occupied activities “and we are glad to report back to you the outcomes.”

At NeFF’s last meeting it was announced that a Sub-Committee of NeFF had commenced the compilation of a draft Policy Framework for the proposed dedicated e-Payment and Card Crime Unit (DePCCU). This draft framework has now been completed and approval from the Committee of Governors received for the following: The Operational Framework for the Unit; Provision of temporary office accommodation for the Unit in a location in Lagos for two years.

“Our topic today is centered to answer the questions posed above as can be seen from the theme of our July meeting; ‘The Deep Web and Its Impact on the Global Financial Industry.”

The success of the forum to date he said, has been as a result of the hard work, dedication and commitment of all our stakeholders.

The Managing Director, Fidelity Bank, Mr Nnamdi Okonkwo, represented  by an Executive Director of the bank, C. Ugochukwu who described another term, DUMPs as a term used to indicate raw data stored on the magnetic strip of a smart card also said financial institutions should be awake to the threat of deep web.

Okonkwo said DUMPS are usually obtained by physical skimming the card or by using a point-of-sale malware that is able to scrape the memory of the payment systems to siphon card data. The DUMPs he said are used by criminal crews to clone legitimate credit cards; their prices depend  on multiple factors, including the nation of the cardholder and the card expiration date.

FULLZ is a term that refers to the full financial information of the victim, including name, address, credit card information, social security number, date of birth, and more. The information could be used by crooks to commit more complex frauds. The availability of FULLZ allows hackers to steal the identity of cardholders. This means that they could open temporary bank accounts to use in the cash-out phase. A common abuse of FULLZ data consists in performing bank  transactions that request users to provide 3nancial information as an authentication mechanism.