In the digital era, the widespread occurrence of fake alerts significantly impacts both consumers and financial institutions. These deceptive communications, often posing as harmless emails, SMS messages, or phone calls, are designed to trick recipients. Similar to opening Pandora’s Box, these scams can result in unauthorised transactions, identity theft, and considerable financial losses. It also encompasses unsolicited or promotional messages from banks and other financial institutions.
The emphasis of this paper is the fake alerts involving sending money to a bank account from which the recipient cannot withdraw funds. This practice, known as alert flashing, uses SMS to mimic a bank’s transaction alert to deceive unsuspecting victims. A bank bears the legal and financial responsibility if a customer falls victim to fraudulent activities by third parties or dishonest staff. This issue affects not just the individual or victim but the banks or financial institutions.
In 2010, the Nigerian government introduced a cashless policy aimed at reducing the volume of cash in circulation and curbing the excesses associated with cash handling. However, this policy inadvertently led to the emergence of fraudulent bank applications designed to exploit bank customers. These apps, which often disguise themselves as legitimate financial tools, have become a significant problem by facilitating fake alerts and fraudulent activities.
Fraudsters behind these apps only require minimal customer details to carry out their schemes. Some of the fraudulent applications known for generating fake alerts include, but are not limited to, Flash Fund Apps, Lofty SMSs App, Money Prank App, Millionaire Fake Bank Account, and Fake Alert Makers for Android. These apps are specifically designed to deceive users into believing they have received financial notifications or transactions that are entirely fictitious, thereby exploiting their trust and personal information for fraudulent purposes.
A key piece of legislation in Nigeria is the Banks and Other Financial Institutions Act (BOFIA) 2020, which regulates the operations of banks and other financial institutions in the country. Although BOFIA 2020 may have limitations in fully protecting consumers from cyber-related crimes, it addresses important issues related to the operational standards and liabilities of financial institutions.
For instance, Section 12(1) of the Act allows the governor to revoke the banking license of any institution that poses a threat to financial stability, which could result from infrastructural deficiencies.
This emphasises the need for banks to adhere to operational standards and prudential requirements to ensure soundness and stability, avoiding situations that could compromise consumer protection and increase exposure to cybercrime. Similarly, Section 66(1) of BOFIA mandates that all banks and financial institutions implement policies to prevent transactions that could facilitate criminal activities, money laundering, or terrorism.
In response to the increasing frequency of cybersecurity threats such as ransomware, targeted phishing attacks, and Advanced Persistent Threats (APTs), the Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) were issued by the Central Bank of Nigeria (CBN) and became effective in 2019. These guidelines aim to strengthen the cybersecurity programmes of financial institutions by adopting a risk-based approach to managing cybersecurity risks, thereby enhancing their overall cybersecurity posture.
The Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers provide comprehensive measures to prevent and mitigate cybersecurity risks, and sanctioning of offenders involved in cybersecurity threats.
With the growing dependence on AI, algorithms, and advanced systems, banks are seeing significant improvements across various aspects of their operations. For example, customer service is increasingly handled by AI-powered chatbots, which offer 24/7 support. Routine tasks, such as processing transactions and managing accounts, are now automated, minimising the need for manual intervention and enhancing overall efficiency.
Established in 1993, NIBSS plays a crucial role in standardising technical and operational practices across the financial system. The system utilises advanced algorithms to enable real-time settlement of interbank transfers, greatly reducing the time required for funds to be transferred between banks. The BVN (Bank Verification Number) system, supported by NIBSS, uses biometric data and AI to verify each customer’s identity across the banking sector, thereby reducing fraud and enhancing security.
However, a downside is that AI systems can occasionally misclassify illegitimate transactions as unsuspicious, leading to false alerts, and vice versa. Technical glitches or system downtimes in AI processing are key factors contributing to the occurrence of fake alerts.
On August 2, 2014, the National Information Technology Development Agency (NITDA) National Center for Artificial Intelligence (NCAIR) released a draft of the National Artificial Intelligence (AI) Strategy 2024. This draft outlines risk mitigation strategies for AI, focusing on issues such as accuracy, bias, transparency, and governance. Its goal is to strengthen privacy rights, prevent discrimination, ensure algorithmic accountability, and enhance data protection.
The Nigeria Inter-Bank Settlement System PLC (NIBSS) is a shared-service e-payment infrastructure company that facilitates electronic payments within the Nigerian financial sector. The NIBSS develops and manages the infrastructure for transactions between banks across Nigeria and it is owned by all licensed banks, discount houses, and the Central Bank of Nigeria (CBN).
NIBSS provides the infrastructure for the automated processing, settlement, and transfer of payment instructions between banks, discount houses, and card companies in Nigeria. It operates by accessing customer account reports and ensuring that banks transmit financial transaction data through secure online networks.
Its mandate includes enabling same-day clearing and settlement of inter-bank transfers and payments. The company can be held liable for inefficient automated processing and settlement of transactions related to deposit placements and fund transfers between banks.
Sections 2(d) and 2(f) of the Central Bank of Nigeria (CBN) Act, 2007, played a crucial role in initiating the development of a Consumer Protection Framework (CPF). This framework is designed to safeguard consumer rights by ensuring that financial institutions maintain a secure and supportive banking environment, offer reliable channels and platforms for transactions, and provide efficient mechanisms for addressing claims or disputes.
These provisions collectively underscore that banks in Nigeria are legally and regulatory obligated to uphold a high standard of consumer protection. Specifically, Section 2(d) mandates that financial institutions must create and maintain a safe banking environment, ensuring that their operational practices do not pose risks to consumer safety.
Meanwhile, Section 2(f) requires the establishment of effective redress mechanisms, allowing consumers to resolve complaints and disputes in a timely and satisfactory manner. These regulations collectively emphasise the responsibility of banks to protect consumer interests and provide avenues for redress, reinforcing their commitment to maintaining trust and ensuring fair treatment of their customers. As such, financial institutions are held to rigorous standards, ensuring they meet legal obligations and deliver a high level of service and protection to consumers.
To be continued tomorrow.
Aigbokhan is the Co-Founder of FOI Counsel and Kokoye is a national service staff of the firm.