In 2023, financial institutions in Nigeria lost ₦17.6 billion ($11.2 million) to fraud, as revealed by the Nigeria Inter-Bank Settlement System's (NIBSS) 2023 Annual Fraud Landscape report. This report highlights a worrying trend of increasing fraud losses over the past five years, with significant annual growth. From ₦2.96 billion ($1.8 million) in 2019 to ₦11.61 billion ($9 million) in 2022, the total amount lost to fraud surged by 496%, reaching ₦17.6 billion in 2023.
A closer examination of certain fraud cases reported in the media shows that losses are even more substantial, amounting to ₦82.4 billion ($52.6 million) across six major fraud incidents. NIBSS noted that many fraud cases were not reported through the official Industry Fraud Reporting Portal by financial institutions, suggesting the actual figures could be higher. The report indicates that 92% of the 95,620 reported cases originated from deposit money banks, while the remaining 8% were from other financial institutions.
Furthermore, NIBSS's findings reveal that only 37% of financial institutions complied with the requirement to report fraud incidents, as mandated by the Central Bank of Nigeria's (CBN) circular on the Establishment of Industry Fraud Desks. This lack of compliance by 63% of institutions highlights significant gaps in the industry's efforts to combat and report fraud, underscoring the need for stricter enforcement and better adherence to reporting protocols.
Major Cybersecurity incidents and Fraud cases in Nigeria (between 2023-2024)
Financial security remains a formidable challenge for Nigerian financial institutions, as evidenced by the staggering ₦82.4 billion lost in reported fraud and hack cases. This figure underscores the severity of cybersecurity threats facing the sector, highlighting gaps in prevention and response measures despite ongoing efforts to enhance security protocols.
Globally, the landscape of financial crime poses significant risks, with the 2024 Global Financial Crimes Report projecting potential losses of $442 billion for banks in 2023, despite increased investments in security measures. The report emphasizes the enormity of the global financial crime epidemic, estimating that illicit funds totaling $3.1 trillion flowed through the global financial system in 2023.
Nigerian financial institutions were not immune to this trend, experiencing some of the most high-profile fraud and hacking incidents of the year, resulting in substantial financial losses running into billions of naira.
1. First Bank of Nigeria (FBN)'s Cybercrime Cases
In 2023, First Bank Nigeria was rocked by a major fraud case resulting in an estimated loss of ₦40 billion (approximately $29 million). The incident unfolded when a bank employee, now evading authorities, allegedly diverted the substantial sum into multiple accounts, including those belonging to his wife. The fraudulent activities came to light following a customer's complaint regarding unauthorized transactions, prompting an immediate internal investigation by First Bank.
The internal probe swiftly uncovered the employee's complicity in the scheme, prompting First Bank to take legal action to freeze the affected accounts and mitigate further financial damage. The scandal has shed light on glaring vulnerabilities within Nigeria's banking sector, sparking widespread concerns over the adequacy of internal controls and security protocols.
This high-profile case serves as a stark reminder of the critical need for enhanced safeguards and rigorous oversight within financial institutions to prevent such breaches and protect stakeholders' interests. It underscores the imperative for continuous vigilance and stringent measures to safeguard against internal fraud risks that threaten the stability and trustworthiness of Nigeria's banking industry.
2. Flutterwave's Fraud Cases
In 2023, Flutterwave, a prominent fintech company, faced a significant financial setback when it lost $24 million due to unauthorized point-of-sale (POS) transactions by merchants. Subsequently, in 2024, Flutterwave obtained a court order known as a Mareva injunction to initiate the recovery of these funds.
This legal maneuver enabled Flutterwave to reclaim the funds from more than 6,000 account holders across 35 banks and financial institutions who were potentially involved in spending the transferred funds during a technical glitch in October 2023. Flutterwave reassured stakeholders that no customer funds were permanently lost and emphasized its collaboration with investigative authorities to address the incident comprehensively.
The incident has spotlighted critical challenges in Know Your Customer (KYC) procedures for Flutterwave, essential for effectively recovering the misappropriated funds. This development underscores the growing threat of financial fraud in Nigeria and the broader necessity for accurate and robust customer information management practices within the fintech industry.
Flutterwave's proactive legal and operational responses underscore its commitment to restoring financial integrity and protecting customer interests amid the evolving landscape of digital transactions and cybersecurity threats in Nigeria's financial ecosystem. The incident serves as a poignant reminder of the imperative for fintech companies to continuously strengthen their security protocols and regulatory compliance measures to mitigate such risks effectively.
3. Flutterwave's Cybercrime Cases
In March 2023, Flutterwave experienced another significant breach resulting in the theft of ₦2.9 billion ($6.3 million) by hackers. Court documents indicated that the unauthorized transfers occurred between January and February of that year, affecting multiple accounts across 28 commercial banks in Nigeria.
Initially refuting claims of a breach, Flutterwave later acknowledged the incident and promptly engaged with law enforcement agencies and financial institutions to investigate and recover the stolen funds.
This response underscored Flutterwave's commitment to addressing cybersecurity threats and collaborating with relevant authorities to mitigate the impact on affected stakeholders and uphold financial security standards in Nigeria's digital payment landscape.
4. Flutterwave's Cybercrime Cases
In April 2023, individuals connected to beneficiaries of a significant breach involving Flutterwave, amounting to ₦2.9 billion ($6.3 million), found themselves detained by the police. Reports subsequently surfaced of additional breaches totaling ₦450 million ($677,559), specifically involving cryptocurrency transactions. Those detained claimed that Flutterwave had been breached multiple times following the initial incident reported on March 5, 2023.
Details regarding the specifics of this new breach remain unclear, but according to beneficiaries and other sources, cryptocurrency worth ₦200 million ($434,470) and ₦250 million ($543,088) was allegedly sold to a Chinese merchant as part of these unauthorized transactions.
The situation highlights ongoing concerns about cybersecurity vulnerabilities within financial transactions and underscores the challenges faced by companies like Flutterwave in safeguarding digital assets amidst evolving threats in the financial technology sector.
5. Flutterwave's Fraud Cases
In April 2024, Flutterwave faced alarming news of a security breach that led to unauthorized transfers totaling an estimated ₦11 billion ($7 million) to multiple accounts. Although Flutterwave did not specify the exact amount, insiders suggested it could potentially reach as high as ₦20 billion ($13.5 million). The breach came to light following anomalies in account activities, where funds were moved through several accounts across five financial institutions in an attempt to evade detection.
Similar to past incidents, Flutterwave reassured stakeholders that no customer funds were compromised during the breach. The company promptly initiated an investigation into the matter, collaborating closely with relevant authorities and financial institutions to address the security lapse comprehensively and prevent further incidents.
This latest breach underscores ongoing challenges in maintaining robust cybersecurity measures within the fintech sector, highlighting the persistent threats posed by sophisticated cybercriminal activities. Flutterwave's proactive response and commitment to transparency and security protocols are crucial in restoring trust and reinforcing resilience against such breaches in Nigeria's rapidly evolving digital payment ecosystem.
I know you'll be wondering why most of the cybercrime cases immerse in the Flutterwave banking system. We'd love to hear your point of view in the comment section. Don't spoil the show, make it reasonable. Cheers!