Bank Heists in the Digital Era: a Customer’s Woes at FCMB
By Chuks Emele
How safe is the money you have in a bank in this digital era?
In the past all the banks had to do was to lock up the funds in highly secured vaults. It was always a tough job for the bank robber to reach them, secured by all manner of metallic barriers and human guards.
That’s why they would often target the bank tellers or hope to march the branch manager to lead them to the vault. Even here banks often had measures to make it a most onerous task.
All that has changed in the digital era. These days criminals can breach the computer systems of financial institutions to reach the digital equivalents of the good, old vaults, and move large sums of money that would’ve made the bank robbers of old quite envious.
Let’s take for an example what happened to a customer of FCMB whose account is in the Aba Road by GRA branch of the bank in the oil city of Port Harcourt. Let’s call him Mr George Braide to maintain some confidentiality and be able to cite from an ongoing police investigation.
One Saturday morning early in July, it dawned on Braide, a 60-year-old retiree, that his MTN phone line was no longer working. He was perplexed and had no explanation for it. Then he began to wonder if something had gone wrong with his linking of his phone line to his national identity number which caused it to be suspended, as he had heard other people complain.
Because he was able to continue using his WhatsApp to make calls and reach people, the incentive for immediate rectification wasn’t there. So he waited until early Monday morning to go to an MTN office to find out what had gone wrong with his phone line.
When the customer service official checked, she found that Braide’s line had been blocked, but not for any of the reasons he feared. He wasn’t in breach of any regulation.
“Who blocked your line?” the customer service lady asked.
“I have no idea,” Braide responded. “It’s definitely not me.”
“That’s strange,” the lady responded. “Anyway, I’ve unblocked it. You should be able to make and receive calls now.”
On the way to his car, the alert messages started pouring in. There were multiple transfers to Opay accounts, binge purchases and all manner of withdrawals from his account starting from Saturday morning when his phone first went off. Then the climax was the transfer of 4 million naira from the account done just that Monday morning, probably while he was en route to the MTN office. In all 7 million naira was withdrawn out of the account that has his retirement benefits between Saturday morning and Monday.
When Braide reported to the bank, he was told he must’ve compromised his digital banking log in details unwittingly. That might sound like a plausible explanation in these days of phishing attacks.
But going through Braide’s experience, a few things are obvious. Somebody needed to gain access to the MTN computer system in order to stop his phone line. Someone also needed to have access to FCMB’s system to disable his email alerts. While his phone was blocked at MTN, his email alerts were also blocked at FCMB.
Therefore, it’s logical to assume that this digital heist was carried out by collaborators who had access to the computer systems of both FCMB and MTN. Whether these were actual insiders or outsiders, is a question left for investigators to unravel.
And there are quite a large number of cases being reported by bank customers to the police fraud office to investigate. While many banks have been affected, a majority of the cases currently under investigation concern FCMB, Zenith and Guaranty Trust Bank.
However, the point of interest here is the customer, who is often left completely unprotected. In the physical world, the banks take the liability for the money stolen from their custody. But when it comes to the digital world, they’re shirking this responsibility in Nigeria.
To illustrate what this means, FCMB isn’t taking responsibility for the lost funds, according to the criminal complaint. Apart from initial exchanges over the matter between Braide and his relationship manager at the bank, FCMB hasn’t sought to make any explanations on how access to his account was breached.
When contacted for this report, the FCMB customer service department said its procedure requires it to investigate the “customer account with respect to any fraudulent transaction(s) that might have occurred on customer account to analyse the source and recoup funds.” The bank was silent on who bears immediate responsibility for money lost in its custody.
It’s a situation that shows up Nigeria’s non-protective regulatory attitude to the bank customer regarding digital transactions. In much of the rest of the world, the banks take immediate liability for fraudulent transactions and refund the customers even before going after the thieves.
In Nigeria, the contrary is the case as people like Braide are finding out. When will the Central Bank of Nigeria and other regulators intervene on behalf of the ever increasing number of Nigerians that are victims of digital heists?