The use of legitimate access in inappropriate ways by bank insiders to gain financial benefits from the bank has been identified as one of the means by which some workers in the financial institutions connive with fraudsters to defraud customers.
These bank insiders include current and former employees, contractors or business partners.
The common patterns of insider abuse, according to a report titled: “E-Fraud & Insider Abuse -The Warning Signs,” that was presented by an Executive Director of First City Monument Bank (FCMB), Mr. Nath Ude, at the Nigeria Electronic Fraud Forum (NeFF), held in Lagos at the weekend, include intellectual property (IP) theft, organisational / IT sabotage, fraud, espionage and accidental insider threats.
Furthermore, he listed fraudulent Nigerian Interbank Settlement System Instant Payment (NIP) transactions, the use of sniffer technologies to gain privileged access, social engineering, input data diddling, unauthorised mandate modifications, fake standing instructions, database / backend scripting and fraudulent transactions via ATMs, PoS and internet as some of the ways the criminals perpetrate electronic fraud.
“Banking is about trust. This trust makes customers keep their funds with the bank. Customer information is among bank’s most valuable assets, frequently driving its ability to compete in the market space – customer details, account balances/transaction history – Credit / debit card details, loans / facility details, etc. Competitors and criminals seek these assets and insiders, being trusted, are easy means of losing such assets,” Ude added.
He urged employees not to live above known means, even as he stressed the need for organisations to discourage the use of personal laptops by their employees, avoid installation of sniffers / hack tools, frequent manipulation of data/poor change management, employee(s) closing late/irregular hours or frequent weekend work, among others.
Commenting on how to overcome the risk posed by activities of fraudsters, he advised organisations to “filter out predatory employees – HR as internal control component (risk-based). Continuous monitoring of character profiles. Review upwards the required reliability Status for all staffbwho need privileged roles to work.
“Deploy appropriate prevention and detection technologies – CCTV monitoring. Consider threats from insiders and business partners in enterprise-wide risk assessments. Be vigilant regarding social media and types of information released to the public.”
However, the Chairman, NeFF, Mr. Dipo Fatokun, pointed out the recent circulars on two factor authentication from the central bank was because it observed that most of the fraud in the banking system were as a result of insider abuse.
“It is like one of the adage we have here in Africa that says if an internal thief does not steal, then an external thief will not be successful. The circulars have helped in reducing the volume and value of fraud. Another thing is the discussion we are having on the industry having a security centre. More discussions will be made and more opinions would be sort.
“We are sure that when this is implemented, it is going to help us a lot. Before now, we have issued a circular on the use of cards on non-EMV environment, this was because we observed that people were using social engineering tactics to get card information from unsuspecting members of the public and clone their cards and because some of the environment are not EMV compliant yet, they will use these cards to do transactions especially on PoS.
“If you are here in Nigeria, there is no way anyone can clone your card and use it in a non-EMV environment. These are some of the giant strides we have made,” Fatokun, who is also the Director, Banking and Payment Department, CBN, explained.
According to him, there are spelt out panalties for non-compliance with central bank policies.
“Nigerian banks are very compliant; they don’t want to be penalised. To comply with regulations is the way to go. It not only increase the level of their profitability, it also increase the level of their trust because banking is based on trust and confidence and if you are sure that your money is safe, most people will go to the bank.
“Penalty is the last and usually, compliance is voluntary by most of the banks. The level of corporation amongst banks has increased. It is a journey that starts with a step and it is gathering momentum,” he said further.
Source#Thisday#
