Financial fraud is bad news for the ecosystem as it erodes consumer trust in the formal financial service sector.
According to a recent statement made by the Nigerian Inter-Bank Settlement System (NIBSS), the banking industry lost the sum of N12.30 billion to various instances of fraud between 2014 and 2017. It was also revealed that ATM and mobile were the channels of choice for fraudsters as they had a combined loss of N845.29 million in 2017 alone. There has also been a surge in occurrence of fraudulent transactions over mobile, particularly the USSD channel.
In what ways can the ecosystem embrace forward-thinking in order to plug the loopholes frequently exploited by fraudsters?
First of all, there is a need to develop fraud prevention mechanisms.
Is there a way to use real-time monitoring via geolocation data of the physical phone device while transaction is being conducted on the device? Google, Facebook and other internet companies do this all the time. Any login to your account from a new location that is unusual for the customer is flagged as suspicious activity and reported. Same technology would come in useful here and the user can then be asked to answer security questions in order to verify his/her identity. This extra layer of security curtails any unauthorised remote access to the user’s account.
Transactions over mobile, USSD in particular, are on the rise, therefore mobile channels have to be strengthened to minimise the risks. There are various avenues that make the USSD channel vulnerable to fraud – at the consumer’s end as well as the provider’s. Providers need to have appropriate protocols for data-at-rest and data-in-motion.
The newly updated USSD guidelines released in April 2018 by the Central Bank of Nigeria (CBN) mandates encryption of USSD information within its environment by an auditable process. In fact, the CBN’s USSD guidelines has a host of mandates that are aimed at improving the security of the USSD channel such as mandatory 2-factor authentication for transactions above N20,000, installation of a Behavioural Monitoring System with capabilities to detect SIM-Swap/Churn status, unusual transactions at weekends, among a host of others. However, enforcement is required to reduce vulnerabilities and ensure customer data are safe.
In cases where the fraudsters have gained access to the customer’s account, in what ways can the customer be empowered to take action?
At the moment, customers have very limited options. The deficiency of complaints resolution mechanisms is evident in the lengthy response times to reports about fraud or suspicious activity which plays to the advantage of fraudsters. Stakeholders have suggested a toll free USSD short code or a mandatory menu option in the service interface dedicated to reporting complaints. This enables the customer to immediately flag or block his/her account in instances involving unauthorised access to the account.
We also need to increase the speed of diffusion of information across the ecosystem as information sharing is the ecosystem’s best defense against fraudsters and hackers. It has been suggested that we create a digital platform where complaints and cases of fraud can be reported and described. Can such a platform be built on blockchain technology? Blockchain will enable us to decentralise the information being reported and ensure transparency by seeing to it that everyone – operators, regulators and customers – is updated in real time of new shenanigans perpetuated by fraudsters. Whichever method or platform is adopted, what matters is that customers can easily and conveniently report fraud and this information is available to industry stakeholders.
Thirdly, citizens need to be educated on ways to protect themselves while using mobile banking services. For example, how many bank customers using the USSD code for transactions lock their phone as well as their SIM cards? As with most things digital, there’s a learning curve and we need to provide customers with adequate sensitisation and education on best practices, same way we did with ATMs a few years ago.
Finally, we need to examine other markets and note the ways they are tackling issues pertaining to fraud so we are not trying to reinvent the wheel. A lot of markets across sub-Saharan Africa and beyond have gone ahead of us in terms of adoption of DFS. Studying their journey thus far helps us to be forward-thinking and strategic in the fight against fraud.
Obviously, in order to address these issues, we need a high degree of collaboration within the industry. Thus, fraud prevention and mitigation is a collective ecosystem prerogative. At least, it should be.
Do you have other ideas on how to mitigate fraud within the ecosystem? We would appreciate your feedback. Reach us by email: firstname.lastname@example.org or follow the conversation on Twitter via ♯LBSInsight