20 | The Lion King
time e-channel fraud monitoring,
customers were also notified to advice
the bank each time they are travelling
to enable us provision their card to
ensure uninterrupted service.
We also send periodic online safety
tips to our customers to educate them
and to ensure they do not fall victim to
fraud. Majority of our customers that are
into online banking are quite pleased
with our real time fraud monitoring as
we have succeeded in helping them
block funds that would have been lost
to fraudsters resulting from unknown
compromise of their debit cards.
What should the average customer do
to guard against becoming a victim of
Cyber fraud?
Bank customers should avoid actions
that could result in identity theft. They
should guard their personal information
jealously. On no account should
bank customers disclose their online
banking credentials such as User ID and
Password to anyone.
They should also avoid accessing the
online banking platform through any
link sent via a mail purporting to have
originated from the bank as they
may be accessing a Phishing site that
would compromise their confidential
information. Customers are also advised
to request for Token to be used for their
online banking authentication as it
offers higher security.
It is highly recommended that bank
customers use their personal system
that has antivirus and antimalware
installed to carryout online banking and
avoid the use of public system to avoid
compromise of personal information.
They should also avoid indiscriminate
download of unauthorized software
from the internet to avoid compromise
of their system.
Customers should guard their debit or
credit card and avoid giving their debit
card and PIN to anyone to assist them
in withdrawing cash from the ATM.
When they visit stores or any merchant
location, they should be mindful of
how the attendants handle their card
to ensure their card is not swiped on a
skimming device.
They should only use their debit card
on known, trusted and secure websites.
Customers are advised to pick up UBA
prepaid card to support their online
payment as the use of prepaid card
for online payment limits their level of
exposure in the event of card data
compromise as the amount at risk will
be limited to the amount that is funded
on the prepaid card. It is also important
for customers to subscribe to SMS and
email alert in order to be prompted of
any transaction on their account.
Finally, customers should know the
Bank’s contact details especially the
CFC numbers to enable them alert the
bank in the event of a fraud on their
account for immediate action.
What are the emerging risks in IT and
how are we protecting the bank against
these risks?
We are witnessing an emergence of
APT (Advanced Persistent Threat) and
Dangerous Malware / Zero Day attacks
that cannot be identified by signature
based security protection. The malware
is designed to infiltrate organization to
steal confidential information and some
that are designed to create a back
door to the organizations systems.
There are new dangerous malware that
are targeting payment systems such
as POS to capture card information
directly from the memory of POS system
and also targeting ATMs resulting in
manipulating of the ATM for fraudulent
cash withdrawal.
Malware targeting mobile devices
based on the growing mobile banking
services is also a cause for concern.
The social media such as Facebook
has also become an easy means
of spreading dangerous malware.
Facebook is one of the most popular
social networks in the world, and in
recent years this has been leveraged
by fraudsters to trick victims into clicking
on links to Phishing and malware
infection sites, as well as to advertise
their wares. It was observed that a new
approach to online attacks: an attack
that doesn’t require the victim to be
infected by malware installed on his
system. This attack only requires the user
to run a JavaScript that is hidden inside
a browser extension.
To address the emerging threats,
involves updating our security defence
system and implementing new solutions
designed to address the emerging threats.
How do we balance managing IT
risk and ensuring smooth and fast
processing of customer transactions?
Effective management of IT Risk is
meant to enhance service delivery
as the core objective is to ensure
that the confidentiality, integrity and
availability of our systems that process
customer transaction is guaranteed.
This underlines the key role of IT
Risk involvement in the process of
introducing new systems or rolling out
new e-channel products and services.
Our assessment and certification before
a new system and service goes live and
our periodic continuous assessment is to
ensure that both security and business
objectives are met.
Also in managing e-channel fraud
risk, our goal is to ensure that while
seeking to protect the customers
and the bank, smooth and fast
processing of customer transaction
is not hampered. To achieve this, we
ensure that in implementing our fraud
detection systems and processes we
focus on alerting on highly suspicious
transactions, which enables our
monitoring team to reach out to
customers to confirm the authenticity
of the transactions. While the system
is configured to block fraudulent
transactions real-time, genuine
transactions are to be smoothly
processed.
However, due to increased cross
boarder Card fraud especially from
countries that are not EMV compliant,
our customers that are travelling outside
the country are expected to notify the
bank before travelling to enable our
e-fraud monitoring team provision the
Card they are traveling with to avoid
any form of transaction restriction. We
commenced this practice more than a
year ago and it was recently adopted
by CBN and rolled out as a mandatory
guideline for all banks to comply with.
Ask the Executive