Experts urge collaboration to tackle SIM theft, mobile fraud at UBA Fraud Awareness Week

Joy Agwunobi 

As mobile technology continues to drive communication, banking, and commerce, ensuring the safety of mobile networks has become crucial for national development.

However, the rising threat of SIM theft and mobile number compromise undermines this safety, posing significant financial, personal, and societal risks. To effectively address these threats, experts at the recent ‘UBA Fraud Awareness Week’ stressed the need for a collaborative, multi-stakeholder approach involving regulators, telecom operators, financial institutions, and customers.

Stakeholders in Nigeria’s financial sector have expressed growing concerns over the alarming rise in fraud cases, particularly in mobile banking, which accounts for a significant portion of fraud in the industry. Billions of naira are reportedly lost to fraudsters each month, highlighting the urgent need for coordinated efforts to combat this menace.

These concerns were further underscored by the latest Fraud and Forgery Report for Q3 2024 released by the Financial Institutions Training Centre (FITC). The report revealed a sharp increase in fraud cases reported by banks, rising from 11,532 in Q2 to 19,007 in Q3.

According to the report, fraud attempts surged dramatically, with fraudsters attempting to steal ₦115.9 billion in Q3, compared to ₦56.6 billion in the previous quarter. Despite this spike, actual losses dropped to ₦10.1 billion, a 75.4 per cent decline from the ₦42.8 billion lost in Q2.

UBA’s Fraud Awareness Week, themed “Collaborative Action against SIM Theft and Mobile Number Compromise,” aimed to address the escalating threat posed by SIM theft and mobile number-related fraud. The event focused on educating the public and industry stakeholders about the risks of SIM theft, emphasising how fraudsters exploit mobile numbers for unauthorised transactions, identity theft, and social engineering scams.

Through expert-led discussions, awareness campaigns, and practical strategies, the event highlighted the critical role of collaboration in safeguarding digital identities and financial transactions. Experts underscored the importance of synergy between financial institutions, telecom operators, regulators, and customers in mitigating fraud and enhancing the security of Nigeria’s digital economy.

In his keynote, Ayodele Ogunmiloro, lead, fraud management systems, enterprise and mobile money assurance at Airtel Nigeria, underscored the profound impact of SIM theft and mobile number compromise on individuals and the broader digital ecosystem.

Ogunmiloro emphasised the multifaceted consequences of these issues, stating, “The impact of SIM theft and mobile compromise starts with financial loss. Victims often lose money directly from their bank accounts as mobile numbers are commonly linked to banking platforms. There’s also the issue of identity theft.”

He further highlighted that such compromises can disrupt essential services, explaining, “Most of our day-to-day lives are tied to our phones and SIMs. Banking transactions, business communications, and notifications are all tied to our mobile numbers. A compromised SIM could lead to significant service disruptions.”

Ogunmiloro identified several root causes of these issues, beginning with historically weak verification systems. However, he noted that improvements have been made with the introduction of the National Identification Number (NIN) for SIM registration and SIM swaps. “Previously, we had very weak systems for verification, but with NIN integration, it’s now a bit more difficult for fraudsters to gain access,” he added.

He also cited social engineering as a major factor, where criminals manipulate victims into divulging sensitive information. Ogunmiloro added, “Weak regulations, insufficient penalties, and lax enforcement mechanisms embolden these criminals. Legislators and law enforcement agencies must enact and enforce stricter laws with stiffer penalties to deter such crimes.”

Another significant contributor, according to Ogunmiloro, is the practice of SIM swaps and SIM recycling. He pointed out the disconnect between banks and telecom operators in handling these cases, stressing that collaboration between these sectors is essential to combat the rising tide of mobile fraud.

While acknowledging the role of regulators and telecom operators in improving security, Ogunmiloro stressed that subscribers also have a critical role to play in safeguarding their SIM cards and mobile numbers. He offered several practical tips:

1. Set Strong SIM PINs: “Everyone should have a strong SIM PIN. If your phone is stolen, a locked SIM cannot be used without the PIN,” he advised.
2. Be Vigilant Against Phishing Scams: Subscribers should remain cautious of unsolicited requests for personal information.
3. Monitor Accounts Regularly: “Review call and SMS history for unknown numbers and suspicious transactions. Report any unusual activity to your telecom provider immediately,” Ogunmiloro recommended.
4. Limit Sharing of Personal Information: he noted: “Scammers profile their victims based on the information they share publicly.”

Additionally, Ogunmiloro encouraged subscribers to request extra layers of security from their telecom operators. “You can ask your operator to implement additional verification questions before a SIM swap is approved or request a ‘Do Not Swap’ instruction on your SIM,” he suggested. He also emphasised staying updated on security practices as technology evolves.

Ogunmiloro further warned against registering SIM cards through unauthorised agents. “SIM registration should only be done at Mobile Network Operator (MNO) outlets or their accredited partners,” he stressed. He explained that new telecommunications subscriptions are legally required to be registered to a properly documented subscriber using valid personal data and a National Identification Number (NIN).

He cautioned against roadside registrations, adding, “People could use stolen SIM kits to facilitate fraudulent activities. Always go to accredited centers for SIM registration and swaps to ensure compliance and security.”

In conclusion, Ogunmiloro reiterated the shared responsibility of all stakeholders in creating a secure mobile ecosystem. “As mobile technology continues to drive communication, banking, and commerce, protecting your SIM card is ultimately our responsibility. While service providers and regulators play critical roles, proactive measures from subscribers can significantly reduce the risk of SIM thefts and compromise. Let’s take these steps seriously to safeguard our digital lives and build a more secure mobile ecosystem for Nigeria,” he stated.

During a panel discussion at the event, experts delved into the multifaceted challenges of fraud in Nigeria’s financial landscape, emphasising insider threats, SIM swap and recycling, and the need for enhanced collaboration between banks and telecom operators.

Abba Sambo Usman, the head of cybercrime investigations at the Economic and Financial Crimes Commission (EFCC), pointed out that a significant number of fraud cases occur with the collusion of insiders. He explained that employees within financial institutions often exploit backend systems to alter customer details, such as phone numbers, facilitating fraudulent activities.

He further pointed out two factors that are associated with the success of insider participation in fraud. According to Usman, toxic workplace environments contribute significantly to the success of insider fraud. He noted that when employees feel undervalued or poorly treated, especially contract staff,  they are more likely to bypass security controls, making such environments a weak link in the system.

“When staff are managed in such a way that they are made to feel worthless, no matter the controls that are put into place, because people remain the weakest link, those controls will go down the drain,” he added.

Another factor he identified was the lack of rigorous background checks during recruitment, which often allows individuals with connections to criminal activities to gain employment in sensitive positions. He also stressed the need for continuous verification of employee information to account for changes in behaviour or circumstances.

According to Usman, “For any fraud activity to succeed, there has to be inside support, so all financial institutions must look at ways to ensure that the environment where they operate is good for human coexistence, do proper background checks and continuous verification.”

In addressing the strategies  Banks put in place when mobile numbers are reassigned to new users after prolonged inactivity, Yahaya Attai, head of information security and data protection at First Bank of Nigeria, pointed out the challenges posed by SIM swap and SIM recycling.

He explained that while SIM swaps are initiated by subscribers, SIM recycling is driven by telecom operators. Attai noted that although banks have systems in place to track SIM swaps, the level of integration with telecom operators is limited.

“For SIM swap, there’s an element of integration today; I can look up the integration and see SIMs that are related to my customers that are swapped, but for SIM recycle, that integration has not happened,” Attai explained, he noted that only MTN and Airtel provide partial integration, leaving other telecom operators out of the process. “We have engaged NIBSS, but they don’t have the power over the telcos, so they cannot force them to do that integration,” Attai said.

Attai also advocated for the creation of a centralised national database that would enable financial institutions to verify the status of phone numbers during account openings or suspicious transactions. According to him, “In other countries, they have a National Database where you can query the status if somebody is opening an account; you can query the number that is being inputted in that account opening and get the status of that SIM.”

He pointed out that implementing a similar database in Nigeria would streamline fraud detection processes. “If we have this thing put together, it will be easier for the financial institutions to combat fraud in the country,” Attai added.

Further addressing the vulnerabilities in Nigeria’s financial ecosystem, Attai noted that many mobile banking platforms were designed without robust fraud management systems. He noted that these platforms, developed with a focus on transaction functionality, often fail to incorporate fraud mitigation measures.

While some progress has been made, such as the integration of device ID tracking for fraud detection, Attai emphasised that a comprehensive, industry-wide solution is still needed. “Fraud prevention systems in Nigeria remain fragmented, with individual banks focusing only on their issues. A collaborative approach is essential to address the broader threats,” he added.