by Roqeebah Olaoniye
Dipo Fatokun is the Director, Banking and Payment Systems at the Central Bank of Nigeria where he is responsible for issuing circulars, guidelines, policies regarding both electronic and paper-based payments.
However, on this edition of TECHnically, the veteran speaks with us as the Chairman of the Nigeria Electronic Fraud Forum where his work revolves mostly around managing electronic payments in the country.
TECHnically: Your position in the banking sector in Nigeria must afford you access to a lot of statistics and figures. Can you tell the current state of Cyber security in Nigeria as it concerns electronic payments?
Dipo Fatokun: Electronic payments space in Nigeria is very secure. We have gone beyond many other countries – both in Africa and in Europe. For example, our card payments do not run on magnetic swipe unlike some countries in the world where the magnetic swipe allows for payment by simply swiping. There they do not need PINs. That doesn’t happen here.
TECHnically: So is the PIN system then safer?
Dipo Fatokun: Yes, it is more advanced. This is because the PIN requires two things whereas using the swipe, you need one thing. The swipe requires only the card and as such, anyone who picks up a lost card can just pick it up and start swiping.
But using the PIN, you need both the card and the PIN. As such, even if one loses his card, for anyone else to use it, the latter will need to know the PIN to make use of the card.
In fact, in Nigeria, we even have what is called the second-factor authentication. The way this works is that even with the card and the PIN, the user will still need to have a token. All these make the payment systems secure
Further, when you talk of internet banking, we have issued circulars to guide operations. We have levels of security that banks must have for various internet banking platforms which all the banks ought to have. The highest level of these security measures will allow the banks’ customers carry out transactions to the tune of NGN 5 million electronically. And these transactions are monitored by the special monitoring tools and the use of a hardware token.
TECHnically: How about these obviously fraudulent Bank Verification Numbers (BVN) messages customers get from individuals asking them to send their PINs to verify their BVN?
Dipo Fatokun: You have rightly called it fraudulent. Still, the Central Bank is running Newspaper adverts to warn against falling into their traps. And because we know that Newspapers may not get our messages to the grassroots, we have also put out radio jingles in 4 Nigerian languages – Igbo, Hausa, Yoruba, and Pidgin.
The Central Bank’s corporate communications department has also continued to issue bulletins and advertorials to warn that no bank will send a message asking for your card details to rectify a BVN error.
It is however very depressing to find that people still fall for these scams.
TECHnically: Have you been able to measure the effectiveness of all these measures to ensure that people actually get the message?
Dipo Fatokun: Well, sort of. However, it is difficult to measure because there is no controlled environment wherein we can ascertain whether the trend has gone down. Sadly, no study has been conducted to that effect.
Generally, what these fraudsters do is to use social engineering techniques to obtain the information of bank customers in order to obtain card details from unsuspecting people who are ignorant of these kinds of things. So essentially, what the CBN is doing is to educated people.
TECHnically: How about the perpetrators? How are they being dealt with?
Dipo Fatokun: There is a unit that is being put together currently – not just for the perpetrators of the BVN scams but for all electronic payment frauds. The unit will be called the Dedicated Electronic Payment and Card Crime Unit and it will be responsible for apprehending, investigating and prosecuting electronic payment fraudsters.
Right now, we report them to the existing law enforcement agencies but we find that they need the collaboration with other agencies which hinders them.
TECHnically: Do you have the total number of BVN holders?
Dipo Fatokun: Yes, there are about 25 million.
TECHnically: How does this check out against the number of people that have bank accounts?
Dipo Fatokun: What this means is that the number of people who have bank accounts with one or more banks (regardless of the number of accounts each person has) cannot be more than 27 million. The extra 2 million stands for the number of people with bank accounts in Nigeria who have domiciled abroad.
We only allow them to continue to operate the accounts because they have proven that they do not reside in Nigeria.
TECHnically: So we can say then that the BVN registration has been largely successful.
Dipo Fatokun: Yes. In fact, so successful that 3 foreign Central Banks have come to understudy us – Ghana, Zambia and Guinea. These countries want to replicate the system in their country.
TECHnically: Can you take us through how Nigeria came to operate the BVN system?
Dipo Fatokun: There has always been the need for a unique identifier in the Banking System. So that id one opens an account in as many as five banks or more, that account owner will be known as the same person across the board. We lacked that.
The documents that were being used to identify customers prior to the BVN cannot be called unique. An example is the Drivers’ Licence. But the one person could have as many different licences as possible bearing different names. The lack of regulation in with those identification systems filtered into the banking system too.
Biometrics precludes any one person from laying claims to more than one persona. There’s one central database to which each person is registered and all subsequent registrations must corroborate the details submitted to the central system.
TECHnically: We have learnt about a Payment Vision 2020 developed under the former Central Bank Governor’s tenure which aims for the BVN to be internationally recognised and be nationally utilised. How has that progressed so far?
Dipo Fatokun: We are almost there. The Payment Infrastructure Co-ordinating Committee will soon review where we are but the last meeting revealed we are already close.
When the vision was birthed in 2013, we came out with 8 recommendations, more than 5 of which we have achieved. One of the remaining three – collateral management – will be discussed at this next meeting.
The remaining two have much to do with the state pf the economy. That is the need for the Naira to be admitted to the Continuous Link Settlement and Nigeria’s admission into the Committee of Payments and Markets Infrastructure. Those are the one’s that will take some time to achieve because they are linked to the state of the economy.
TECHnically: Can you tell us about this issue of restrictions on the use of Nigerian bank cards abroad?
Dipo Fatokun: That is a strategy used by the banks to curtail their exposure to risks owing to the volatile foreign exchange markets. So you will find that while some bank cards work, others don’t. It’s a bank directive not from the Central Bank.
Yet, even the banks that have those restrictions allow the use of their cards abroad where the customer can fund his account in the currency of the country he intends to use the card.