The advent of the Internet has helped 419 scammers evolve and extend their reach to more victims.
So says Abdulkarim Chukkol, head of the Advance Fee Fraud and Cybercrime Section of the Economic and Financial Crimes Commission in Nigeria. Chukkol will speak at ITWeb Security Summit 2015, to be held from 26 to 28 May at Vodacom World in Midrand.
Chukkol's presentation will cover how Nigeria fights cyber crime, and he has provided insight into how 419 scams challenge Nigerian banks. The infamous 419 scams, a common confidence trick, are named after the section of the Nigerian Criminal Code dealing with such fraud.
Such scams have evolved over the years, says Chukkol. "With the advent of the Internet, the fraudsters have now shifted their attention and resources towards the Internet, as it offers anonymity and has a wider outreach to victims."
Chukkol explains the Nigerian banking system is designed in a way that policies and guidelines have been issued by the Central Bank of Nigeria, which banks are meant to follow. New guidelines have recently been issued, placing emphasis on electronic delivery channels to reduce cash in circulation, he explains.
Yet, says Chukkol, this innovation came with its own risks, and fraudsters are exploiting some of these vulnerabilities to fleece banks and customers of huge amount of money. He says some of the major challenges facing the banks today are:
1. Phishing schemes targeting banks and customers:
Many banks offer great services to customers that enable them to use the Internet. In such instances, the customer's username and password are of utmost importance. Yet, most of these customers are not cyber security conscious and lack cyber skills and are careless with their login details. In most cases, these customers are not properly informed of the dangers and the possibility of their confidential information being compromised. When such vital information is compromised thorough phishing e-mails, lots of money is lost and customers hold banks responsible. There is an inadequate level of awareness on the part of the customers of cyber threats, which lends itself to widespread social engineering attacks. In some instances, the banking system has dealt with Trojans targeting online banking transactions, which is a major challenge to financial institutions and their customers.
2. Reputational loss or damage:
Most 419 scammers use the brand name of the banks to further scams when they spoof victims. In such instances, a clone Web site is created for such nefarious activities. Banks are sometimes named in legal action when this happens, much to their embarrassment.
3. Insider abuse and collusion:
Fraudsters often employ the services of bankers or a bank's IT staff to infiltrate the banking systems. Workers are compromised for one of two reasons: to make money for themselves by abusing their position, or being recruited by fraudsters to carry out tasks based on limited information in return for a token amount.
4. Vulnerable IT system or infrastructure:
Banks often do not properly manage technical vulnerabilities. IT security systems are not sufficiently secured and system configurations are not hardened. This vulnerability is being exploited by fraudsters to the detriment of banks, as they tend to lag behind in compliance of security standards. Some banks do not employ a layered security approach to minimise single points of exposure. This could be due to lack of investment in human resources when it comes to hiring people with cyber skills. This no doubt poses a great challenge.
5. Identity management system:
The identity management system in Nigeria is a major challenge banks face. Fraudsters open as many accounts as possible with multiple names and addresses, with minimal documentation required when it comes to savings accounts. These accounts are no doubt opened for collection of stolen funds. The best the bank can do is conduct the traditional know your customer routine. The lack of a central robust database that would identify suspicious accounts remains a major challenge and fraudsters continue to exploit that to their advantage.
However, says Chukkol, these are not the only challenges banks in Nigeria have to contend with.
Share