Calls for tougher laws grow amid rising identity theft

The recent rise in identity theft cases in the country has prompted stakeholders to advocate for tighter regulation of the digital space, writes JOSEPHINE OGUNDEJI

As technology advances, identity theft has become a growing problem for individuals and businesses. Many people have suffered significant financial losses at the hands of identity thieves.

Identity theft occurs when someone uses someone’s personal information, such as their name, identification number, or debit card number, without their consent, to gain some kind of advantage for themselves. Identity theft can be committed in a variety of ways, including phishing scams, hacking, and physically stealing other people’s data. An example of an identity thief is the person who impersonated Chief Bola Tinubu on Facebook and was recently detained by the police.

Identity theft and fraud are serious threats in Nigeria. In April 2024, Flutterwave experienced a security breach that resulted in the unauthorized transfer of N11 billion ($7 million) to multiple accounts. While Flutterwave did not disclose the exact amount, insiders indicated it could be as high as N20 billion ($13.5 million).

The security breach was discovered due to unusual account activity. Funds were transferred through multiple accounts at five financial institutions to avoid detection.

On Sunday, March 5, 2023, hackers reportedly stole N2.9 billion ($6.3 million) from Flutterwave. Court documents revealed that the hack took place between January and February 2023.

The hack involved multiple unauthorized transfers between 28 commercial banks in Nigeria.

While Flutterwave initially denied the breach, it later said it had detected the anomaly and was working with law enforcement and other financial institutions to investigate and recover the funds.

Additionally, in April 2023, it was reported that hackers gained access to Flutterwave’s system and stole approximately N2.9 billion.

Reports indicated new breaches totaling N450 million involving cryptocurrency transactions. The detainees claimed that Flutterwave had been breached multiple times since the first incident was reported on March 5, 2023.

Talking about your experiences HitTax consultant Habeeb Olaosebikan said fraudsters exploit huge gaps in the financial knowledge and financial needs of their victims.

He noted that they are developing various tricks to exploit people, including identity theft (also known as identity fraud).

According to Olaosebikan, identity theft is becoming increasingly common in this era of rapid technological development due to the large number of targets for criminals on social media.

He said, “I had an experience where a social media account was created in the name of a celebrity I admire. Initially, I was unsuspecting, especially when they sent me a direct message and asked me to connect on WhatsApp. But as the situation developed, I became curious about the authenticity of the account. When I tried to verify it, I received a fake response in the form of a video call.

“As a financially conscious person, I played along to see where it would lead. Soon there was a request to support a charitable cause, such as an orphanage for orphans or accident victims, with emotional images.

“Although I wanted to help, I realized that this request should have come from an official, verified account, not a personal one. Despite my doubts, I paid a small amount. However, when they asked for more money, citing insufficient funds or minimum requirements, I realized the potential financial risk.”

Olaosebikan also shared his experiences with identity thieves with our correspondent.

“I spoke with a victim of identity theft through a celebrity impersonation scam. The scammer promised rewards to followers who passed “tests,” a ruse designed to trick people into revealing personal financial information.

“The victim revealed that the tests were easy, but the request for financial information came with the promise of a reward, which made the scam seem attractive. This shows how deceptive fraud can be,” he said.

According to the Nigeria Inter-Bank Settlement System, Nigerian financial institutions, including commercial banks, point-of-sale operators and others, lost about N17.67 billion in 2023 due to fraud.

NIBSS revealed the loss in its Annual Fraud Landscape (January to December 2023). According to the report, although the number of frauds fell by six percent to 95,620, the actual loss due to fraud increased by 23 percent in 2023 compared to 2022.

According to data reported to NIBSS by financial institutions via the Industry Fraud Reporting Portal, the mobile channel is the preferred method of detecting fraud, with its use increasing by five per cent compared to the previous year.

In 2023, fraudsters most often used online and point-of-sale payment channels.

Additionally, in 2023, scammers continued to target people aged 40 and older, which NIBSS says indicates a continued focus by scammers on this strategy.

“This ongoing trend underscores the enduring attractiveness of this demographic group as potential victims, reinforcing the need for continued efforts to educate and protect individuals in this category from fraudulent activities,” NIBSS notes.

In 2023, a total of 80,658 unique customers fell victim to fraud, down 4% from 84,130 customers recorded in the previous year.

A recent report by African identity verification startup Smile ID reveals that the Nigerian ID is one of the most targeted by fraudsters looking to clone IDs, ranking 9th in Africa.

According to the 2024 Digital Identity Fraud in Africa report, the number of attacks on ID cards of African countries has increased over the past two years.

The report found that in 2023, South Africa had the highest rate of ID card fraud (34%), putting it in first place.

The Tanzanian ID card was the second most attacked, with a 32 percent attempted fraud rate, while the Kenyan ID card came in third with a 26 percent rate. Nigeria recorded an 18 percent attempted fraud rate, coming in ninth.

The report narrowed the focus to West Africa. It found that identity fraud in the region primarily involves two countries: Nigeria and Ghana.

Government intervention

In 2023, House of Representatives Speaker Tajudeen Abbas revealed that the National Assembly plans to pass legislation that would regulate artificial intelligence in the country to curb identity theft, among other things.

Abbas stated this during the seventh celebration of the assembly, organised by the National Institute for Legislative and Democratic Studies in collaboration with the University of Benin, held in Abuja.

He stressed that Nigeria must have a regulatory framework for new technologies.

He also noted that while new technologies such as artificial intelligence and robotics bring enormous benefits, there is a need to control their misuse and abuse.

Under Section 6 of the Cybercrime Act 2015, any person who, without authorisation or exceeding authorisation, wilfully obtains access to a computer system or network shall be guilty of an offence and shall be liable on conviction to imprisonment for a term of not less than two years or to a fine of not less than N5,000,000 or to both.

If the offence is committed with intent to obtain computer data, gain access to programmes, trade or industrial secrets or confidential information, the penalty shall be imprisonment for at least three years or a fine of at least N7,000,000, or both.

In addition, Section 13 of the Cybercrime Act 2015 provides for the punishment for identity theft to be imprisonment for a term of not less than 3 years or a fine of not less than N7 million or both a fine and imprisonment.

The way forward

In an exclusive interview for HitOlusegun Adeniran, a financial lawyer at Dentons ACAS-Law, advises that to minimize the risk of identity theft, always keep personal documents in a safe place, destroy old personal documents, be careful with links from unknown sources and conduct transactions on secure websites.

He said: “Identity theft is a growing problem in Nigeria. A recent report by SmileID found that African businesses lose millions of dollars to identity theft every year. As more and more financial transactions are conducted online, it is important for individuals and businesses to know how to protect themselves from identity theft.

“Identity theft is criminalised under Part III of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2015, which falls under the jurisdiction of the Economic and Financial Crimes Commission. If you have been a victim of identity theft, you can file a petition with the EFCC with evidence of the offence and hire a lawyer to oversee the hearing.

“Depending on the case, identity theft can also be a civil matter. So, once the EFCC’s investigative capabilities catch the perpetrator, the victim can initiate a civil action against the perpetrator to recover the amount lost.”

Deloitte Canada finance expert Abdulmumeen Ridwan said verification processes are key to increasing security.

“Identity theft is a global problem, not just a Nigerian one. As technology advances, so do fraudsters’ tactics. Organizations like banks, governments and IT companies need to develop more advanced verification methods to combat it.

“This includes multi-factor authentication (2FA), biometric identification (fingerprints, iris scans) and personal questions. By offering users a range of verification options, we can make security more convenient and effective.

“This will make it harder for fraudsters to steal identities and siphon money. It’s time to improve our verification processes to stay ahead of fraudsters and protect people’s identities,” he explained.

Pascal Ekeh, an MBA candidate at the Mendoza College of Business at the University of Notre Dame, noted that identity theft is usually caused by weak controls and a lack of legal/political will to clearly investigate such issues.

He said that “for institutions like banks, the solution would be to ensure that they have the right controls and Know Your Customer requirements to ensure that fraudulent transactions do not see the light of day. Technology and anti-fraud tools will prove useful here.

“For individuals, there is a need for awareness and heightened sensitivity to these issues. People should be careful with their personal data and ensure they understand how criminals can take advantage of their ignorance.

“Then law enforcement should investigate cases of this nature to the letter and impose appropriate punishment to deter fraudsters. However, the victims of these scams are always individuals. To the extent that someone’s personal data has been compromised, it would be difficult for agencies to prevent the fraud.”