CBN Director, Banking and Payment ’Dipo Fatokun broke the news at the Nigeria Electronic Fraud Forum (NeFF) October meeting in Lagos at the weekend.
He said the framework, when unveiled, would give the regulator the legal backing to use the Bank Verification (BVN) platform to identify, watch-list and blacklist fraudulent account holders in all the 22 banks and Other Financial Institutions (OFIS).
According to him, the framework, which is at the final stage of its approval, would soon be sent to the Committee of Governors of the Central Bank for examination and exposure to the banking industry.
“It is a policy issue and therefore, has to go to the Committee of Governors of the Central Bank, which will look at it and do an industry exposure. These will be completed, hopefully, before the end of the year,” he assured.
Data from the CBN showed that although e-fraud rate in terms of value dropped by 63 per cent last year, after the BVN introduction and improved collaboration among banks via the fraud desks, the total fraud volume rose significantly by 683 per cent within the year compared to 2014 figures.
Also, the country experienced a total of 3,500 cyber-attacks with 70 per cent success rate and loss of $450 million within the last one year mainly through cross channel fraud, data theft, e-mail spooling, phishing, shoulder surfing and underground websites.
Fatokun explained that one common thing about electronic fraud was that when money is moved fraudulently from one account to another, it could easily be traced.
“And so, identifying the owner of that fraudulent bank account using the BVN, will not only be able to identify him or her in the bank he has moved the money to, we also identify him in all the banks where he has accounts.
“And when legal impediments are overcome, such people could be blacklisted, or watch-listed in the banking system. That will also assist us to a great deal, in curbing the menace of fraudsters,” he said.
The CBN director, who spoke on the theme: “Exploring new protective measures against social engineering vulnerabilities”, said social engineering has common phenomenon in cybercrime attacks in Nigeria.
“Almost on a daily basis, a plethora of messages are sent by these criminals with the express intent to con the unsuspecting recipient using techniques that appeal to vanity, greed or authority. It is, therefore, important that we look critically at measures that will protect the industry as a whole from the menace of social engineering attacks.
“It is often said that people, processes and technology are the tripod on which cybersecurity lies, with discussion ever hovering on which is the weakest link.
I must however submit that like what is required in building any chain, we must prepare to forge each link with the same degree of heat – in other words, no link must be too important or less significant in the pursuit of payments security.”
On the implications of such blacklisting on customers, he explained that for commercial banks, opening an account or having a bank account itself is a contract.
“It is a contract between a willing customer and a willing bank. So, if a bank notices that a particular customer is fraudulent, or is a criminal, the bank has the right to get out of the contract.
And another implication is that if an account is watch-listed, when the framework is finally approved, if there is a credit into that account and every other person is having his credit within two to three minutes, because the account has been watch-listed based on past activities, credit into such account may be withheld for a longer period while investigations are carried on to actually confirm that it is a genuine transfer,” he stated.
These steps, Fatokun said, would assist the bank, because being able to identify, apprehend and prosecute would go a long way in reducing the problem of electronic fraud.
On prosecution and apprehension, he said the NeFF is working with the police to create a dedicated electronic payment and card crime unit, which when operational, would help reduce further, electronic fraud.
He said the operationalisation of a dedicated e-Payment and Card Crime Unit in the Nigeria Police will enable a greater effort in NeFF’s quest to successfully investigate and bring to book through effective and efficient prosecution of cyber-criminals.