Cybercrime in Nigeria: Beyond Borders
Last Monday, September 24th, 2018, 30 Legal Practitioners were conferred with the rank of Senior Advocate of Nigeria, at the Supreme Court. Here are some of the New “Silks” and other personalities who attended the ceremony ....
“MORE IMPORTANTLY, NIGERIA NEEDS A COLLABORATIVE AND ALL-ENCOMPASSING INVESTIGATION AND ENFORCEMENT PROCEDURES, TO BE ABLE TO EFFECTIVELY COMBAT CYBERCRIME”
TFraudsters and Hackers he other morning, I received an email ostensibly from my financial institution, saying that my bank account had been blocked. I suspected it was a hoax, because the sender’s email address was most unlikely, and there were a few obvious grammatical errors in the correspondence. A friend was sent a similar message, requiring her to send her BVN number before a stipulated date, or risk having her account frozen. Another scam!! Resolutions from the Nigerian Electronic Fraud Forum (NEFF), advice bank customers not to respond to unsolicited spam emails, and not to click on links contained within such mails. There is no doubt that , there has been an increase in cyber security threats faced by banks, globally.
Only recently, it made the rounds that, a Nigerian bank was very close to losing N144billion to hackers. The bank’s email server was said to have been hacked to prevent email notifications being sent, after international transfers were made. Thankfully, the bank was proactive and this anomaly was rectified, before much damage was done.
The Bangladeshi Central Bank experience, in which suspected fraudsters sent a hoax message to the New York Federal Reserve requesting a $1 billion transfer, is described as one of the biggest online scams in history. Unfortunately, $81 million was said to have been lost, before the fraud was detected. Cyber security Venture, an international outfit creating awareness on the subject, predicts that the cost of global cybercrime damage will hit $6 trillion annually by 2021, and cybercrime will become more profitable than the global trade in all major illegal drugs combined. These facts are alarming, and call for action on the part of relevant stakeholders.
It must be mentioned that, there is nothing sinister in technology itself. However, its evolution provides new opportunities for crime. Most cyber-crimes, are reasonably common offences. The internet in whatever mode, has simply provided a new means to commit ‘traditional’ crimes. It is most unfortunate that many young people today, see crime as an alternative to hard work. Internet based criminal activities, have even become more attractive, because of the ease with which they can be perpetrated.
Cybercrimes Act There are a number of legislations on cybercrime, as well as regulators which ensure the security of the Nigerian cyberspace. The National Assembly enacted the Cybercrimes (Prohibition, Prevention, etc) Act 2015, to prevent, detect, prosecute and punish cybercrimes in Nigeria. The Act also seeks to promote cyber security, and protect critical national information infrastructure, computer systems and networks, personal data, etc. Although, the enactment of the Act is laudable, in the light of the risks of violation of privacy rights and data breaches the internet may cause, it is uncertain whether the provisions of the Cybercrimes Act, have been able to promote cyber security in Nigeria. Particularly, Section 8 of the Cybercrimes Act, makes the offence of fraudulently hindering the functioning of a computer system by transmitting, altering or suppressing computer data (or any other form of interference with the computer system), punishable by imprisonment for a maximum period of 2 years or a maximum fine of N5million, or to both imprisonment and fine. A wilful misdirection of electronic messages for fraudulent purposes, is also an offence punishable by 3 years imprisonment or a N1million fine, or both imprisonment and fine. It is worthy of mention that, very few cases on the subject have been concluded to a logical end, in spite of the laid down penalties.
Protection of Personal Data There are also legislations, relating to the protection of personal data. For instance, the Freedom of Information Act, 2011, mandates public institutions, to refuse requests for information which contains a citizen’s personal information, without his/ her consent. There are also certain Nigerian agencies, whose duties and responsibilities touch on the promotion of cyber security in Nigeria. Further, the Credit Bureaus have a duty, to ensure the accuracy, security and confidentiality of personal data in their possession. The Nigerian Communications Commission, is also established to protect personal data of citizens, by ensuring that network providers take reasonable care in securing personal information. These laws and Agency functions, exist to protect and secure the privacy of Nigerian citizens, as to their personal information and data.
Combating Cybercrime In the United Kingdom, the government has established strategies and laws, to combat cybercrimes and secure the cyberspace e.g. the European Union General Data Protection Regulations (GDPR), which came into force in 2018. The GDPR also covers European Union Residents in third world countries, thus applicable to Nigerian financial institutions. Prior to this, the UK had released ‘The UK Cyber Security Strategy’ in 2011, which contains robust provisions for ensuring cyber security in the UK, and protecting its cyberspace against virtual crimes. Although, these efforts gear towards the promotion of cyber security, unless effectively and efficiently implemented/enforced, the Nigerian digital world may remain light years away, from being cybercrime protected.
It must be mentioned that, the Central Bank of Nigeria (CBN), as the primary regulator of financial institutions in the country, in a bid to prevent cyber theft, has made laudable efforts by establishing Bodies and releasing Circulars and Directives to regulate financial institutions. The CBN established the National Electronic Fraud Forum (NEFF) in 2009, with an objective to sustain public confidence in payment systems and address other fraud risks. Also, the CBN issued an Anti-Money Laundering/Combating Financing of Terrorism (AML/CFT) Compliance Manual, where financial institutions are required to report cyber-related crimes such as fraud, forgery, extortion, etc. The Circular also requires financial institutions to identify and verify their customers’ identities, using reliable and independently sourced documents, data and information. Further, financial institutions must immediately report suspicious transactions, or any transaction suspected to relate to any criminal activity e.g. terrorist financing to the Nigeria Financial Intelligence Unit (NFIU). In addition to these, the introduction of the Bank Verification Number (BVN) by the CBN to secure customer information against crime and enhance confidence in the banking sector, is a recognised attempt to fight cybercrime.
It is pertinent to note that, cybercrime is not territorial, as there is no requirement for physical proximity between the cybercriminal and the victim. As a result, it is very easy for few criminal minded individuals, to commit cybercrimes against a vast majority of victims within split seconds. Consequently, tackling cybercrime may require more innovative strategies, than the enactment of legislations and establishment of regulatory bodies. The fight-back strategy, must be at the same pace with cybercrime strategies. Thus, as suggested by Reidenberg J in 2004, there should be electronic sanctions to react to cybercrime. Further, victims who are very conversant with computer skills, may resort to electronic self-help by striking back on the cybercriminals.
More importantly, Nigeria needs a collaborative and all-encompassing investigation and enforcement procedures, to be able to effectively combat cybercrime. The question which begs for an answer, is whether the Nigeria Police Force and other relevant enforcement agencies, are adequately equipped to address this menace. Are these enforcement agencies sufficiently tech savvy and proactive, to effectively discover and prosecute cybercrime? The answers to the foregoing questions, are largely negative. Hence, assistance may be sought from more advanced jurisdictions, particularly in respect to capacity building.
Nigeria is a signatory to a few cybercrimerelated treaties, such as the United Nations Convention against Transnational Organised Crime and United Nations Convention against Corruption. However, it is suggested that, Nigeria should ratify the Convention on Cybercrime, as it contains provisions for the improvement of enforcement agencies’ In the United States of America, the National Cyber Security Division partners with private organisations, to combat cybercrime by detecting and warning against potential cyber threats. Through this and other strict enforcement procedures, the US has been able to considerably protect its cyberspace and promote cyber security.
Conclusively, abilities to react to cybercrime. the provisions of the Cybercrimes Act and other related legislations, are laudable, but Nigeria could take a leaf from the books of other jurisdictions, and move a step further post-enactment of these legislations. However, as with traditional crimes, the importance of vigilance cannot be over-emphasised. Suspected incidences of cybercrime, particularly those relating to the financial sector, should be reported promptly.