The recent increase in identity theft cases in the country has led stakeholders to advocate for stiffer regulation of the digital space, JOSEPHINE OGUNDEJI, writes
As technology continues to gain traction, identity theft has become a growing concern for individuals and businesses. Many have suffered significant financial losses at the hands of identity thieves.
Identity theft is when someone uses another’s personal identifying information, like their name, national identification number, or debit card number, without their permission, to obtain any benefit for themselves. Identity theft can be committed in various ways, including phishing scams, hacking, and physically stealing other people’s information. An example of an identity thief is an individual, who impersonated Chief Bola Tinubu on Facebook and was apprehended recently by the police.
Identity theft and fraud are significant concerns in Nigeria. In April 2024, Flutterwave experienced a security breach resulting in the unauthorised transfer of N11bn ($7m) to multiple accounts. While Flutterwave did not disclose the exact amount, insiders indicated it might be as high as N20bn ($13.5m).
The breach was discovered due to unusual account activities and involved funds being transferred through several accounts across five financial institutions to avoid detection.
On Sunday, March 5, 2023, hackers reportedly stole N2.9bn ($6.3m) from Flutterwave. Court documents revealed that the hack occurred between January and February 2023.
The breach involved multiple unauthorised transfers across 28 commercial banks in Nigeria.
After initially denying the breach, Flutterwave said it detected the anomaly and worked with law enforcement and other financial institutions to investigate and recover the funds.
Additionally, it was reported in April 2023 that hackers gained access to the Flutterwave system and stole roughly N2.9bn.
Reports indicated new breaches totalling N450m involving cryptocurrency transactions. Detained individuals claimed Flutterwave had been breached multiple times since the first incident was reported on March 5, 2023.
Narrating his ordeal to The PUNCH, a tax practitioner, Habeeb Olaosebikan, said fraudsters were taking advantage of the yawning loopholes in the financial literacy and financial needs of victims.
He noted that they devised various gimmicks to exploit people, including identity theft (also known as identity fraud).
According to Olaosebikan, identity theft is becoming more rampant in the era of fast-paced technology due to the significance of targets on social media.
He narrated, “I have had an experience where a social media account was created in the name of a celebrity I admire. Initially, I did not suspect a thing, especially when they sent me a direct message and requested to connect on WhatsApp. But as things progressed, I became curious about the authenticity of the account. When I tried to verify, I received a fabricated video call response.
“As a financially aware individual, I played along to see where this would lead. Soon, a request came in to support a charitable cause, like a motherless baby home or accident victims, with emotive images.
“While I wanted to help, I realised this request should have come from an official, verified account, not a personal one. Despite my doubts, I made a small contribution. However, when they asked for more money, citing insufficient funds or a minimum requirement, I realised the potential financial threat.”
Olaosebikan also shared his friend’s experience with identity thieves with our correspondent.
“I spoke with a fraud victim who fell prey to identity theft through a celebrity impersonation scam. The scammer promised rewards to followers who passed ‘tests’, a ploy to extract personal financial information.
“The victim revealed that the tests were easy, but the request for financial information came with the promise of a reward, making the scam appear appealing. This highlights how fraud can be deceptively enticing,” he stated.
Nigeria’s financial institutions, including commercial banks, point-of-sale operators, and others, lost about N17.67bn to fraudsters in 2023, according to the Nigeria Inter-Bank Settlement System.
NIBSS disclosed the loss in its Annual Fraud Landscape (January to December 2023). According to the report, though the fraud count dropped by six per cent to 95,620, the actual loss from fraud grew by 23 per cent in 2023 when compared to 2022.
According to the data submitted to NIBSS by financial institutions through the Industry Fraud Reporting Portal, the mobile channel is the preferred means for fraud, as it increased by five per cent compared to the previous year.
The web and POS businesses were the most exploited payment channels by fraudsters in 2023.
Also, in 2023, people aged 40 and above remained the primary targets of fraudsters, which NIBSS said signified a persistent focus on the targeting strategy of fraudsters.
“This sustained trend emphasises the enduring appeal of the demographic group as potential victims, reinforcing the need for continuous efforts to educate and protect individuals in this category from fraudulent activities,” NIBSS noted.
In 2023, a total of 80,658 unique customers fell for the gimmicks of fraudsters, which was four per cent less than 84,130 customers recorded in the previous year.
The latest report by Africa’s identity verification startup, Smile ID, revealed that the Nigerian National Identity document was one of the most-attacked documents by fraudsters wanting to clone IDs, ranking 9th in Africa.
According to the 2024 Digital Identity Fraud in Africa Report, National ID cards of African countries have seen a surge in attacks over the last two years.
The report showed that in 2023, South Africa’s National ID had the highest rate of fraud attempts 34 per cent, thus ranking number one.
Tanzania’s National ID emerged as the second most attacked, with a 32 per cent attempted fraud rate, while Kenya’s National ID ranked 3rd at 26 per cent. Nigeria recorded an 18 per cent attempted fraud rate to rank as number 9.
Narrowing it down to the West Africa sub-region, the report revealed that identity fraud in West Africa was largely dominated by two countries, Nigeria and Ghana.
Government intervention
In 2023, the Speaker of the House of Representatives, Tajudeen Abbas, disclosed that the National Assembly was planning legislation that would regulate artificial intelligence in the country to curb identity theft, among others.
Abbas stated this at the 7th Convocation Ceremony organised by the National Institute for Legislative and Democratic Studies in collaboration with the University of Benin, held in Abuja.
He stressed the need for Nigeria to have a regulatory framework in place for emerging technologies.
He also noted that although new technologies, such as AI and robotics, have immense benefits, there was a need to check their misuse and abuse.
Under Section 6 of the Cybercrime Act 2015, any person who, without authorisation or exceeding authorisation, intentionally accesses a computer system or network, commits an offence and is liable to a minimum of two years imprisonment or a fine of at least N5,000,000, or both.
If the offence is committed with the intent to obtain computer data, secure access to programmes, commercial or industrial secrets, or confidential information, the punishment is a minimum of three years imprisonment or a fine of at least N7,000,000, or both.
Also, Section 13 of the Cybercrime Act 2015 makes provision for identity theft, with the punishment of imprisonment for a term of not less than 3 years or a fine of not less than N7m or both fine and imprisonment.
Way forward
In an exclusive interview with The PUNCH, a financial lawyer at Dentons ACAS-Law, Olusegun Adeniran, advised that to reduce your risk of identity theft, always store personal documents safely, shred old personal documents, be wary of links from unknown sources, and transact on secure websites.
He said, “Identity theft is a growing problem in Nigeria. A recent report by SmileID showed that African businesses lose millions to identity theft each year. As more financial transactions move online, individuals and businesses need to know how to protect themselves from identity theft.
“Identity theft is criminalised under Part III of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2015, which is under the ambit of the Economic and Financial Crimes Commission. If you have been an identity theft victim, you can petition the EFCC with evidence of the crime and hire a lawyer to watch the brief.
“Depending on the case, identity theft can also be a civil matter. Thus, after the EFCC’s investigative capabilities fish out the perpetrator, the victim can institute a civil matter against the perpetrator to recover the sum lost.”
A financial expert at Deloitte Canada, Abdulmumeen Ridwan, said verification processes were essential to enhancing security.
“Identity theft is a global issue, not unique to Nigeria. As technology advances, so do the tactics of scammers. Organisations like banks, governments, and information technology companies must develop more sophisticated verification methods to combat this.
“This includes multi-factor authentication (2FA), biometric identification (thumbprints, iris scans), and personal questions. By offering users a range of verification options, we can make security more convenient and effective.
“This will make it more difficult for scammers to steal identities and siphon money. It is time to upgrade our verification processes to stay ahead of scammers and protect individuals’ identities,” he explained.
An MBA candidate at the Mendoza College of Business, University of Notre Dame, Pascal Ekeh, remarked that identity theft is usually fuelled by poor controls and a lack of legal/political will to investigate such issues conclusively.
He asserted, “For institutions like banks, the way forward would be to ensure they have proper controls and Know Your Customer requirements in place to ensure that fraudulent transactions do not see the light of day. Technology and anti-fraud tools will come in handy here.
“For individuals, there is a need for awareness and increased sensitisation to these issues. People should handle personal data carefully and be sure to enlighten themselves on how criminals can take advantage of their ignorance.
“Then for law enforcement, matters of that nature should be investigated to the letter and adequate punishment meted out to deter fraudsters. However, Individuals are always the ones who fall victim to these frauds. To the extent that one’s personal data has been compromised, it would be hard for institutions to forestall fraud.”