Nneoma Okonkwo, a high ranking civil servant got a shocker when she discovered that a sum of N3 million had been debited from her bank account. In a fit of anger, she demanded from the manager of the bank, an explanation on the mysterious disappearance of the money from her account.

One of the knotty issues the bank had to resolve was to find out whether Okonkwo shared her bank details with anyone or whether she exposed the details to the public through insecure online transactions or social media. But to the contrary, she said she had never shared her account details with anyone and had been diligent about keeping her account information secure.

The bank manager, however, promised to investigate the matter and respond to her concerns but about four weeks down the line, nothing has come out of the investigation.

In the case of Emeka Ani, another bank customer, he was logged out of his account by his bank after what was described as a suspicious transaction was detected.

“The bank’s customer care team informed me that my account had been flagged for suspicious activity after N200,000 was withdrawn from it by an unknown person and that I needed to come to the branch to resolve the issue,” Ani told Saturday Sun.

Even though he acknowledged that the bank took a proactive step to secure his deposit from further unauthorised withdrawals, his confidence in the ability of the bank to track down the person behind the unauthorised transaction began to wane as the bank could not come up with any concrete information, two months after.

In a related development, viral videos on social media platforms have exposed the plight of several Nigerian bank customers who have also fallen victim to unexplained debiting of their accounts.

The distressing scenes depict customers weeping, pleading, and demanding answers from their banks over unauthorised transactions.

In one of the videos, a man was seen in a banking hall, wailing. He held his phone, showing the bank’s alert, which indicated that his account was debited to the tune of N2.5 million without his involvement in any transaction.

“I didn’t share my password or PIN with anyone. How can N2.5 million disappear just like that,” he claimed, alleging that the bank must be complicit since he was not alerted before the transfer went through.

Another video featured a young man, recording himself speaking to the camera in frustration. “N1.2 million was withdrawn multiple times from my account without my authorisation. The bank kept saying they’ll trace the source of the withdrawals but never did,” he stated while suspecting insider involvement.

A third video showed a woman sitting in front of the bank, pleading with the staff to help her recover her savings.

“The sum of N2 million was transferred out of my account without my knowledge or consent,” she alleged, claiming to have been a loyal customer of the bank for over 20 years. She accused the bank staff of negligence and possible complicity in the theft, wondering how such a breach could occur.

These heart-wrenching cases have raised serious concerns about the security measures in Nigerian banks and the alleged involvement of bank staff in these unauthorised transactions.

The only striking similarity in all the cases is that all victims claim they never disclosed their bank details to anyone and all demanded answers as well as swift action from their banks to recover their missing money.

As these issues continue to trend, Nigerians are calling on the banking industry to take immediate measures to address these security breaches and restore customers’ trust.

How many more bank customers will fall victim to these mysterious disappearance of money from depositor’s accounts is a source of concern to many.

Cyber security experts give insight

According to Oluwananumi Dawodu, cyber security and digital development expert, the increasing adoption of digital banking in Nigeria has led to a surge in cyber risks, with financial fraud cases skyrocketing in recent years.

He stated that according to the Fraud and Forgery report, Nigerian banks faced thousands of fraud attempts in 2024, resulting in losses of billions of naira, noting that despite heavy investment in IT infrastructure by top banks, fraud cases continue to rise.

He said: “Banks have implemented security measures like biometric verification and multi-factor authentication (MFA) to safeguard consumer accounts. The Bank Verification Number (BVN) system, which links customers’ fingerprints and facial data to their accounts, has been made a baseline requirement for all accounts.

“The Central Bank of Nigeria (CBN) has also directed that accounts without BVN or National Identification Number (NIN) be locked until validated.”

Dawodu emphasised that insider fraud remains a significant threat, citing the Economic and Financial Crimes Commission (EFCC) revelation that most fraud cases in Nigerian banks involve collusion between bank staff and external accomplices.

“In the first quarter of 2024 alone, several bank employees were sacked for fraud-related offences. Nigeria’s banks need to use both strong digital tools and stringent internal controls.

“Fraud detection systems, biometrics, and MFA only work when people follow clear access rules, report honestly, conduct regular audits, and take swift action against insider threats.”

The cyber security expert recommended that banks adopt role-based access control, dual authorisation, and immutable audit trails for high-risk activities.

He said: “Regular internal fraud risk assessments, background checks on employees, and automatic alerts for suspicious staff activity are also essential.

“The CBN’s Complaint Management System is expected to enhance transparency and keep affected customers informed.

Regulators and law enforcement agencies must take a firmer stance on bank staff involved in fraud, with real consequences such as dismissals and prosecutions.”

Dawodu lamented that when customers report missing money, they often face delays, silence, or generic responses that don’t provide clear answers.

“Getting those answers can feel like shouting into a void,” he said, emphasising the need for banks to prioritise transparency and accountability.

“Every transaction should be automatically recorded, including the time, device, location, and the staff member or system that initiated it.

“These logs should be impossible to alter, even by internal staff, to ensure a clear record of transactions,” he insisted.

Dawodu advised that banks should prioritise both technology and governance to prevent fraud and restore customer trust, adding that “banks need to invest in teams that specialise in fraud response, providing clear case numbers, contact persons, and regular updates to affected customers,” he said.

Adebayo Erinle, a cyber security analyst and banking technology specialist, revealed that data analytics and machine learning are revolutionising fraud detection methods.

Erinle noted that Nigerian banks can significantly enhance their fraud prevention capabilities by leveraging data analytics and machine learning to analyse vast transaction datasets in real-time.

According to him, machine learning models, particularly supervised learning algorithms, can be trained using historical fraud data to recognise suspicious behaviour patterns in banking transactions.

He said: “Sudden high-value transfers, geo-location inconsistencies, or unusual transaction times are examples of behaviours these models can flag. The models improve over time, adapting to evolving fraud tactics.”

Erinle explained that unsupervised techniques like clustering or anomaly detection help uncover new fraud patterns that may not have been previously identified.

“If an account suddenly shows a high transaction frequency compared to its normal behaviour, the system can trigger alerts for investigation,” he noted.

Financial technology experts also agree that combining technologies like natural language processing for scanning customer communications for phishing attempts and behavioural biometrics such as typing speed or device fingerprinting could help in detecting fraud.

What banks, regulators must do

According to Erinle, other measures that could be adopted by Nigerian banks, in line with international trends in cyber security include Zero Trust Architecture (ZTA) which involves moving away from perimeter-based security to enforce strong identity verification and least privilege access; Multi-Factor Authentication (MFA) which involves adopting secure MFA methods beyond SMS OTP.

He called on regulators to mandate minimum cyber security standards and conduct periodic cyber-risk audits.

“Banks should invest in modern fraud detection systems and provide customers with tools for managing security. Customers should practise good cyber security hygiene, like using strong passwords and enabling two-factor authentication.

“Involving all stakeholders plays a key part in making the financial ecosystem more resilient and fraud-resistant,” Erinle advised.

According to Prosper Okwuobi, another cyber security analyst, insider threats pose one of the most significant risks to cyber security in Nigerian banks. He added that individuals with authorised access to critical systems, ranging from low-level employees to top management, can perpetrate dangerous forms of cyber fraud.

Okwuobi highlighted several indicators of potential insider threats, including employees accessing systems beyond their responsibilities, consistent system access during odd hours, disabling alerts, and sudden changes in behaviour.

To mitigate these risks, he emphasised that monitoring tools, regular audits, and enforcing the principle of least privilege must be enforced by the bank authorities.

He also stressed that customer education must be practised as a cost-effective defence against social engineering.

“By educating customers about fake websites, suspicious emails, SMS scams, and fraudulent calls, banks can reduce risks of insider theft. Failure to address these cyber threats can lead to unauthorised transactions, erosion of customer confidence, reputational damage, and penalties for non-compliance with cybersecurity regulations.

“Empowered customers act as the first firewall. If customers are aware of what fraud looks like, they are less likely to fall for it and more likely to report it promptly.”

banking system is facing a serious threat from cyber attackers, says Jide Ephraim, a Lagos-based Digital Fraud Prevention Analyst.

The analyst revealed that outdated software, weak passwords, and inadequate firewalls and intrusion detection systems are some of the most common vulnerabilities in banking systems that can lead to unauthorised transactions.

Ephraim explained that, “When banks don’t update their systems regularly, they leave themselves open to attacks,” citing cases where employees still use default passwords or passwords that are easily guessable.

He emphasised the importance of encryption in securing online banking transactions, saying it ensures that sensitive data, like account numbers and passwords, are protected from interception. However, he lamented that some Nigerian banks are still using outdated encryption protocols like Secure Sockets Layer (SSL), which is no longer secure.

“Multi-Factor Authentication (MFA) is important because it makes it harder for attackers to gain unauthorised access to bank accounts,” Ephraim said, stressing that MFA requires users to provide two or more authentication factors to access their accounts, which makes it a crucial security measure.

While recommending the use of biometric authentication and risk-based authentication, he warns that banks need to implement security measures that are effective but don’t frustrate their customers. To prevent insider threats and unauthorised access to customer accounts, Ephraim stressed the need for robust internal controls, including access controls, audit trails, and segregation of duties.

He also emphasised the importance of employee training and awareness programmes in preventing security breaches, citing cases where human error or lack of awareness led to security breaches.

“Regular training and awareness programmes can go a long way in preventing security breaches,” Ephraim advocated.

The experts noted that trust must be earned and maintained through robust security measures, transparency, and accountability.

They urged bank managements to take steps to reassure their customers that their funds are safe and that any issues will be addressed promptly and fairly. (Saturday Sun)