Hackers hit bank ATMs in Lagos

A large number of Automated Teller Machines located in some posh areas of Lagos

like Victoria Island, Lekki Peninsula Phase I and II, and Ikoyi have been attacked by hackers and electronic fraudsters, it has been learnt.

The hackers are said to be fixing small fraud tools on the ATMs in order to harvest the passwords of cardholders who come to collect cash or do some other transactions on the machines.

Top bank officials privy to the development said a number of banks had deployed detectives to monitor their ATMs in those locations, especially in the Victoria Island and Lekki axis.

A banker told our correspondent, “A number of the ATMs in Victoria Island and Lekki axis have been compromised by hackers. Some of these fraudsters visit those ATMs very late in the night or very early in the morning to fix some fraud devices on them, which are capable of collecting cardholders’ information, including their passwords.

“They come back later to remove those devices. The information collected is then used to commit fraud against those customers later.

“Most of us (banks) are aware of the development and we are very vigilant now. What some of us have done is to get a patrol team of security men to start combing the affected areas and the ATMs from time to time. We will get those guys soon.”

While some of the cardholders’ information collected by the fraudsters were being used to commit online-related frauds locally, a large number was used to clone ATM cards and used to shop in malls abroad, especially in the United States of America, bankers told our correspondent.

The Vice-Chairman, Committee of e-Banking Industry Heads, Mr. Dele Adeyinka, confirmed the fraudsters’ activities.

He, however, said that following the banks’compliance with the CBN directive asking them to install anti-skimming devices on their ATMs, it would be difficult for the fraudters’ devices to work.

He said, “Yes, it is true that hackers are carrying out those activities. It is not only in Victoria Island axis, they are doing it everywhere. But all the banks have complied with the CBN directive on anti-fraud tools. So, it will be difficult for those fraud devices to work.”

Rising cases of electronic frauds, especially ATM-related scams, which have made Nigerian banks to lose billions of naira in recent times, have forced some lenders to prevent their payments cards from working in the US, China and a few other countries.

According to Central Bank of Nigeria statistics, the banks lost N40bn to electronic frauds in 2013 alone.

On January 19, 2015, the CBN ordered banks in the country to prevent payment cards (debit and credit) issued by them from working in fraud-prone countries, including the US, South Africa and China.

The central bank also said that banks would be liable for frauds committed abroad using cloned cards belonging to their customers.

The CBN said in a circular that from February 1, 2015, all the banks in the country must stop the payment/ATM cards from working in non-Europay, MasterCard and Visa countries.

It directed the banks to only activate the cards when customers to whom the cards had been issued were travelling abroad and this should only be for the period that the customers would spend overseas.

The circular, signed by the Director, Banking and Payment System, CBN, Mr. Dipo Fatokun, read in part, “The occurrence of card present frauds in non-EMV environments is on the increase, especially when international hybrid cards issued by Nigerian banks are used in non-EMV environments like the USA.

“It has, therefore, become necessary for the CBN to issue the following directives and that all DMBs should do the following: collate all their card frauds abroad and send to the CBN not later than January 30, 2015; subsequently, all data on card frauds occurring abroad should be rendered on the NIBSS fraud portal; implement anti-fraud solution on their card management systems not later than January 30, 2015; ensure that from February 1, 2015, only customers that expressly indicated the intention of travelling to non-EMV jurisdictions would have their cards default to the magnetic stripe and for the period indicated by the cardholder only.”

Prior to the deactivation of the payment cards from working overseas, one of the ‘systemically important banks’ made refunds in excess of N200m in 2014, The PUNCH had reported exclusively.

The PUNCH had in August last year also exclusively reported that electronic fraudsters had been duplicating payment cards belonging to Nigerian bank customers and using them to buy items worth millions of dollars from shopping malls in the US.

The development had forced top executives of the banks and senior officials of the CBN to meet with the Economic and Financial Crimes Commission sometime last year in order to stem the tide.

The Chairman, Chartered Institute of Bankers of Nigeria, Lagos State Branch, Mr. Abolade Agbola, had emphasised the need for the CBN to fast-track the biometric registration of bank customers as a way of checking electronic frauds.

The President, Institute of Chartered Accountants of Nigeria, Mr. Chidi Ajaegbu, said the CBN had achieved a lot in the cashless drive but there was a need to continue to build public confidence in the electronic means of payment.