Fintechs in Nigeria have suffered combined losses of over N5 billion since the beginning of 2023 to date.
While three fintechs only, account for the N5 billion loss, more fintechs and some commercial banks have lost much more money this year alone.
The losses have been traced to suspected insider connivance involving employees of the fintech companies, making it challenging for these companies to secure their systems effectively.
In a report, NAIRAMETRICS said three lost over N5 billion to hackers in the first 8 months of this year as hack and fraud cases increased within the ecosystem.
While there are many more incidences involving undisclosed amounts running into billions, Nairametrics gathered that the situation is getting more complicated as some of the heists had members of staff of the fintechs involved.
According to different sources in the industry, this has now become a major challenge for the fintech companies in Nigeria.
More worrisome for the fintechs is the fact that an attack could also come through another connected fintech, hence, a well-secured platform could get compromised through another connected platform with poor cyber security systems.
This fear recently prompted a commercial bank to disconnect many fintechs from its platform, which made it impossible for its customers to send money to the affected fintechs, although the issue was later resolved.
Sharing an experience on the prevalence of breaches in the fintech space, the Chief Executive Officer of Aladin, one of Nigeria’s digital banks, Darlington Onyeagoro, narrated how a fintech company lost N800 million to hackers in one week. But the act was not just perpetrated by outsiders, insiders’ connivance is suspected, according to him.
“We’ve seen a lot of breaches happening in the fintech space. I mean I don’t want to start mentioning So, one of my friends and also a fintech player, about two months ago lost N800 million in one week through hackers and there was a connivance.
“The issue is still with the Economic and Financial Crimes Commission (EFCC) because we feel there is an internal connivance using chargebacks for card transactions. In just one week, he lost N800 million. We have seen terrible cases,” Onyeagoro told Nairametrics.
In another case of fraud involving Patricia Technologies, facts have also emerged that the stolen fund had the hands of hackers and insiders including a notable Nigerian politician who contested for House of Reps position in the last general elections.
According to an inside source, while the case is currently with the police, the said politician was said to have promised to repay part of the money.
Patricia, a crypto trading platform, is currently facing the battle of repaying thousands of its customers whose money had disappeared through the breach in its system.
An escrow manager appointed by the company last week to manage the repayment, DLM Trust, later pulled out.
However, Patricia’s founder and CEO, Hanu Fejiro, said the repayment of its customers would go on starting from November 20 as earlier scheduled.
Earlier this year, it was reported that hackers stole N2.9 billion from Flutterwave’s account. In its response to the report, Flutterwave said it noticed unusual activities in its systems and told users to activate safety protocols, but it insisted that customers did not lose any funds.
While the company denied that money was lost, the events that followed proved otherwise. Court documents that later found their way to social media showed certified true copies of a petition by Flutterwave’s legal counsel to the police dated February 20, 2023.
The letter asked for police assistance to recover funds by obtaining court orders from the magistrate court to sustain account freezes on 107 bank accounts in 27 banks that allegedly, directly or indirectly, received money from the illegal transfers from Flutterwave accounts.
Thereafter, several accounts belonging to innocent Nigerians were frozen by commercial banks.
The reason given by the banks was that stolen funds from Flutterwave were traced to those accounts hence, liens were placed on them.
According to Aladin’s CEO, Onyeagoro, the fintech companies are challenged by the fact that hackers see every fintech app as a target.
Indeed, Oyenagoro believes that the first set of people to download every new fintech app are the fraudsters, hence security should be the top priority for all the platforms.
“If you launch a fintech app today, the first set of people that will download your app are fraudulent people. They want to test the vulnerability of your system,” he said.
Onyeagoro said this security challenge has made encryption a top priority for fintechs. But not just that, he said fintechs would also need to work with partners that prioritize security to ensure their own safety.
“You need other players to transmit transactions from one endpoint to another and also ensure that not just you but your partners are also not vulnerable because if their own system is porous, hackers can go through their own system to get through to your system,” he said.
While it is less pronounced given their financial muscle compared with fintechs, commercial banks in the country are also losing billions to fraudsters and hackers every day.
Following a similar pattern with the fintechs, most frauds in the banks also have the involvement of insiders, according to data released by the FITC.
In its Q2 2023 Fraud and Forgeries report, FITC revealed that commercial banks in Nigeria lost a total of N5.79 billion to fraud activities in the quarter. This amount represented a 1,125.03% increase in losses when compared with the N472 million lost in Q1 2023.
The FITC pointed out that the losses were recorded by 24 banks that filed their returns on fraud cases for the period.
The data also indicated that there was a significant increase in the total amount involved in fraud cases during Q2 2023 compared to the previous quarter.
The sum increased from N2.58 billion to N9.75 billion, representing a 276.98% increase.
Based on the FITC report, in the same period, there was also a 20.55% increase in insider involvement in the frauds committed across the bank in the second quarter of this year.
This prompted the FITC to caution the banks to be more vigilant about the type of people they employ.
“Considering the increasing instances of employees engaging in fraudulent activities, banks should exercise heightened vigilance when hiring new staff or contracting outsourcing firms for employment purposes. To prevent staff involvement in fraudulent behaviour, it is recommended to acknowledge and reward employees who have demonstrated exceptional integrity in situations where they could have acted otherwise,” FITC advised.
Obviously, the Nigerian fintechs will also need to take a cue from the FITC’s advice as they continue to battle the outside and inside forces that are bent on running them down through fraud.