The banking industry has, perhaps, been the biggest beneficiary of Africa’s digitization spurt. Deepening financial inclusion, better accessibility to financial accounts, and quicker transaction times have culminated in record profits for many banks across Africa. However, just as revenue and profit have grown, fraud has grown in tandem.

While the jury is still out, as most organizations have yet to release reports from the previous financial year, the signs point toward 2023 being the most brutal year in recent history for banking and finance companies dealing with fraud.

Financial institutions in Nigeria are on course to have their worst financial year in 2023. The Q2 report by the Financial Institutions Training Centre in Nigeria showed that the industry had lost N6.3 billion in the first half of the year alone.

Digital fraud — a rising challenge

Digital fraud, in particular, has become an increasing contributor to overall fraud on the continent, becoming a source of concern for financial institutions. Nowhere is this trend more evident than in Nigeria and South Africa, the continent’s two largest digital economies.

A deeper dive into the FITC reports showed that the two most common channels for fraud in the first two quarters of 2023 were web and mobile platforms, indicating the impact of digital fraud.

In a report released in October, the South African Banking Risk Information Centre (SABRIC) revealed that reports of digital fraud had increased by 24% in 2022 compared to the previous year and resulted in gross losses of R704 million ($39 million).

The link between identity fraud and financial fraud

Although financial fraud happens in several ways, it is never too far from identity fraud. In many fraud attacks, especially those involving customer accounts, identity fraud is the first line of attack. Identity-linked financial fraud can happen in a number of ways, including:

• Bonus/Referral Fraud: Fraudsters create multiple fictitious accounts with digital services to take advantage of referral or sign-up bonuses.

• Account Takeover Fraud: Fraudsters obtain a customer’s information through various means, e.g., social engineering, phishing attacks, etc., and use it to access the customer’s account, allowing them to operate the account illegitimately.

• Money Laundering: The fraudster opens an account with a financial service to move funds from illicit activities.

• Chargeback fraud: This happens when a customer fraudulently files a chargeback for a transaction, insisting they did not initiate it.

• Loan fraud: Fraudsters take a loan from a financial institution with no intention of paying back.

Regulators across the continent have made efforts to curb financial fraud through stronger KYC/AML regulations, but compliance from financial institutions has not always been forthcoming. For instance, in a recently concluded court case in Kenya, First Community Bank did not perform due diligence, allowing an account to be opened in the name of a company by persons who were not directors or employees. The fraudulent agents subsequently cashed multiple checks in the company’s name to the tune of <>.

The idea that identity fraud is closely related to financial fraud and, therefore, must be taken seriously is a popular one with regulators and financial institutions, and they are beginning to take stringent measures. In 2023, several traditional banks in Nigeria temporarily blocked bank transfers to neobanks because of weak KYC systems. Many of the neobanks in question used loopholes in KYC regulations like Tier 1 accounts, which allowed financial institutions to create low-risk accounts for customers using only their phone numbers as identity information. That loophole has now been closed by the Nigerian Central Bank, which announced the imminent blocking of tier 1 accounts that remain unlinked to a National Identification Number or Bank Verification Number.

Building an anti-fraud identity solution

Because anti-fraud regulations typically mandate identity verification during account creation, financial institutions have historically funneled resources toward secure onboarding. However, of the five categories of identity-linked fraud listed earlier, only bonus/referral fraud is closely linked to onboarding. The other categories happen much later in the customer lifecycle.

As financial institutions are learning, regulatory compliance is only the beginning of fraud prevention. Businesses must protect their customers throughout every phase of their lifecycle. Two strategies are going to be important for companies in protecting customers in the near future:

Risk monitoring: this is the ongoing evaluation of a customer’s account to spot any irregular activities or high-risk events, e.g., high-volume transactions, login from a new device or location, etc.

Multiauthentication: a process that requires customers to verify their identity multiple times during their journey, especially during high-risk events.

In the coming months, more businesses are expected to implement AI-based risk monitoring and multi-authentication during high-value events.

Enjoying the Newsletter? Invite your friends to read it too

Share on: Twitter, Facebook, and LinkedIn

In The News:

Uganda mulls requiring return of old identity cards to issue new generation IDs - Biometric Update

Editor’s Note: Mopping up older ID cards during replacements is an important part of protecting the ID integrity of any country. Older ID cards typically have weaker security systems and correlate with higher fraud rates.

Mozambique begins pilot of biometric SIM registration - AimNews

Mozambique joins the growing list of African countries that are considering biometric SIM registration. The pilot will run until the 16th of June