HOW TO CURB CYBERCRIME ARISING FROM THE USE OF DIGITAL BANK ACCOUNT
By: Destiny Young
In Nigeria, there have been an increasing number of reported cases of cyber criminals directing their victims to make payments to account numbers that are established to be opened with some of the digital banks especially those banks that open accounts using customers’ mobile numbers as the bank account number (only striking off the first zero (0)).
Some of these banks allow customers to operate their accounts at a certain level depending on the requirement. The requirements are graded into Tier 1, Tier 2, and Tier 3. Each of the levels requires certain information from customers for the account to be opened and functional.
Tier 1, which is the basic level requires the Mobile number of the customer, and the Transaction limit is sometimes pegged at N500.000.
Tier 2, the second level sometimes requires the customer to supply his or her BVN, and the Transaction limit is put at N1,000,000.
Tier 3 which is the highest level requires the customers to completely fulfill all the bank Know Your Customer (KYC) requirements. These may include supplying a Utility Bill to confirm Address, National Identity ID, and BVN. At this level, the customer can transact up to N5,000,000
Cyber Criminals with a Digital Bank Account Number
Cybercriminals and fraudsters leverage the KYC requirement of these digital banks to open an account with a Mobile Number. These Mobile numbers are purportedly registered with some “roadside” SIM Card registration agent who most times do not stick to ensuring a SIM is only registered on the presentation of a NIN Card to establish the identity of the person registering the line and linking the number directly to the National Identity number of the person. The lapses have created an opportunity for cybercriminals to exploit.
The criminals will just open a Tier 1 account with a digital bank for fraud purposes, and once he has used the account to collect the money he wants from his victims, he will throw away the number, and open one for the next set of victims.
A typical example:
In the above image, this fraudster has opened a Palmpay Tier 1 account using a mobile: 0817579252. To mislead his potential victim, he used NPower Test as the name of the account owner.
From the above information, his potential victims are NPower applicants.
How can this kind of crime be curbed?
1. Government must put in place a legal instrument that spells severe sanction to any network operator whose SIM number is registered without proper NIN linkage.
2. They must be a central database where all Nigerian banks can verify the name linked to NIN and the Mobile Number a customer presents before an account is opened.
3. Government must launch a sustained cybersecurity awareness programme using all the available means of communicating with people including the vulnerable ones.
The criminal that opened the above PalmPay account should be investigated by first establishing the NIN Number that was used to register the number on a network. The details of the NIN will reveal the ID of the fraudster. But the question that will remain unanswered is, what if another person registered the number? What is the number is a stolen number?
Destiny Young, an IT Infrastructure and Cybersecurity Engineer
Writes from Uyo.