No fewer than 8,920 fraud attempts worth N597 million were successfully carried out by fraudsters in the banking sector via various transaction platforms as at third quarter of 2019, according to Nigeria Inter-Bank Settlement System Plc (NIBSS) report.
The information was contained in the Memorandum presented by First Bank Plc, to the Ad-hoc Committee investigating ‘Incidents of SIM Swap fraud’, chaired by Hon. Abubakar Fulata, which put the actual loss value at N562 million (94% of reported attempted fraud).
Breakdown of the channels shows that: N79.497 million was lost in 80.499 million fraud attempts accords the counter; N136.542 million lost via 142.278 million attempted frauds through ATM; N144.440 million lost in 158.087 million attempted fraud through mobile banking; N142.723 million lost through 150.344 million fraud attempts in 190.344 million attempted fraud through Web and N40.964 million lost in 40.988 million fraud attempts through POS, during the period under review.
In the document presented to the Ad-hoc Committee, First Bank affirmed that the new banking system “brought its own headaches as bank customers cam now lose lost of their savings kept in their bank accounts due to theft of their phones, SIM Swap or recycling of their SIM cards.
“Though, different banks have implemented different solutions and practices to decimate such fraudulent occurrence. The inventions have helped abate the fraudulent instances but the fraudsters still manage to compromise the customers and transactions with their details.”
The Bank also noted that SIM registration is a function of telecommunication companies, affirmed that only NCC and the telecommunications companies can provide the required and reliable information on SIM swap.
Details provided by NCC to the Ad-hoc Committee revealed that the total number of 1,515,832 SIMs swaps were carried out by four major Mobile Network Operators (MNOs) between 18th September and 4th October 2019, with 86.59% compliance with guidelines on SIM replacement 2017.
It, however, stated that: “the Commission has already issued pre-enforcement notices to all MNOs to explain the circumstances leading to SIM replacements without full supporting documents as specified in paragraph 6 of the Commission’s guidelines on SIM replacement, 2017.
As stipulated in paragraph 11.2 of the guideline, “A network service provider shall be liable for any SIM replacement carried out in violation of these regulations or done fraudulently by its agents or dealer.
On the other hand, paragraph 11.3 of the guideline provides that: “The Subscriber can pursue any other remedies against a Network Service Provider for any SIM replacement done fraudulently by such network service provider or its agent or dealer.”
According to the Commission, some of the measures initiated to reduce the incident rate include: blocking and blacklisting of accounts used in fraudulent activities by Central Bank of Nigeria (CBN) and end-to-end encryption of USSD messages from MNOs to financial processing systems.
The Commission also stressed the need for Banks to strengthen protection frameworks around customers’ account to minimize financial losses arising from e-fraud.
The document submitted by MTN Nigeria Communications Plc noted that teledensity has increased from. 500,000 telephone lines to 179,176,930,601 subscribers in September 2019, according to Nigerian Communications Commission.
“Unfortunately, the reality was that financial services deploy on mobile network platform had inadequate controls such as ‘no opt-in process’, ‘weak transaction pins’ and ‘lack of second level authentication’.
“The aforementioned identified weaknesses and the failure of financial service providers as tenants to accept responsibility for stronger controls for the development of financial services deployed on the telecommunications infrastructure resulted in the exploitation of the SIM swap process by fraudsters,” the document read in part.
In its recommendations.toward ending SIM swap fraud, MTN noted that: “with regards to financial transactions, banks need to assume full responsibility of security of customer’s funds in their bank accounts.”
ALSO READ: Employee compensation: Gbajabiamila warns against sabotage by employers of labour
The report showed that the total number of 3,593,184 Sims were swapped between January and September 2019 (average of 14,768 per day and 54 swap complaints received); while 1,231,450 SIM swaps carried out between October and December 2019 (average of 13,381 per day) for the periods under review.
It also harped on the “need for an amendment of the relevant laws (particularly the NCC Act 2003), to allow for biometric SIM swaps. Biometric swaps will enable telecommunications operators to take fingerprints or record voices (using voice registration technology) to identify customers before their SIM are swapped.
“This will eliminate the human factor that allows for subjectivity in the identification of customers at the point of doing swaps. This can only happen, however, of telecommunication relevant laws are amended to allow mobile network operators to collect, store and use information such as customers voice and fingerprints.”
In its own document co-signed by Stephane Beuvelet, acting Managing Director of 9mobile and Abdulrahman Ado, 9mobile Executive Director, Regulatory &Corporate Affairs, the company observed that although CBN and NCC had facilitated an engagement between Banks and MNOs which led to the development of a system for notifying banks about recent SIM swaps on lines initiating USD banking sessions, however stressed that “Banks and MNOs are yet to agree on the appropriate commercial considerations to enable MNOs to recover the cost of developing and maintaining the solution.”
The report also stated that despite the prohibition of the use of easy-to-guess PINs for USSD transactions by the apex bank, “on many USSD banking platforms, these PINs are allowed, thereby compromising the security of banking channels and contributing to the undesirable prevalence of fraudulent SIM swaps.”
In the same vein, Ecobank in its report noted that all the accounts that received the fraudulent inflows were placed on PND and their BVN submitted to NIBSS for watchlisting.
According to the report, the total sum of N10.6 million fraudulent withdrawals/transactions were carried out in 4 accounts between 2018 and 2019.
In a related development, Unity Bank in its document which affirmed that “SIM swap fraud has become prevalent in Nigeria as fraudsters use SIM swap techniques to steal details by blocking a SIM card and exchanging it with a fake one at the telecommunication companies,” However argued that that: “Once the bank is notified of a swapped Sim, the customer’s account and his profile on all electronic channels are disabled to prevent withdrawals from the account.”
It, however, confirmed that: “Unity Bank customers have had a fair share of frauds as a result of SIM swap. Investigation reports on some of the frauds reported having been carried out via SIM swap.”
and then