• CBN threatens tough sanctions for security failures
By Chinenye Anuforo and Chinwendu Obienyi
A silent crisis is unfolding across Nigeria’s banking halls and digital platforms, as incidents of unauthorised withdrawals and account compromises have reached tormenting levels.
The growing challenge, according to a cybersecurity firm, Surfshark Nigeria, has pushed cyber theft risk up 56 per cent (affecting 152,000 accounts) in the first half (H1) of 2025.
On a regular basis, videos of wailing customers causing scenes in banking halls flood the cyber space.
The horror exposes deep vulnerabilities in banks’ security infrastructure and ignites palpable fears among depositors.
Investigations by Daily Sun revealed that while the shift to digital banking has improved financial inclusion and efficiency, it has also introduced a new frontier of risk for depositors as banks mostly absolve themselves of culpability and offload consequences on hapless customers.
Many Nigerians wake up to discover their savings wiped out, even after alerting their banks about misplaced cards or suspicious activities.
Surfshark Nigeria’s report also highlighted that about 56 per cent of those whose credentials were exposed face risks of bank account theft and identity fraud.
This means that Nigeria experienced a situation where more than half (over 50 per cent) of individuals affected by data breaches in the reporting period are at heightened risk of losing billions, despite a decline in data breaches. The report also stated that Nigeria ranks third in Sub-Saharan Africa for total data breaches and cumulatively, since 2004, about 13 million Nigerian accounts with leaked passwords have put users at risk, corresponding to that 56 per cent statistic.
Daily Sun had reported that approximately N400 million was stolen by fraudsters through financial accounts opened with stolen identities in 2024, according to the Nigeria Inter-Bank Settlement System (NIBSS).
Experts who spoke to Daily Sun say these figures may be under-reported, as many victims often do not escalate or follow through with complaints.
Several cases reviewed by Daily Sun reveal a troubling pattern: customers report stolen ATM cards, compromised mobile apps or suspicious debit alerts, and banks either delay action or fail to act altogether, even after written instructions to freeze the affected accounts.
In many cases, fraudsters manage to drain funds within hours.
A branch manager at one of the tier-1 banks stated that a lot of fraudulent transactions happened when the bank was still using Basis as its core banking application.
According to her, one of the major issues was how it handled account blocking.
“For instance, if someone lost their phone and used the USSD code to block their account, Basis would often only block the current account, leaving the savings account still active. This created a loophole in which fraudsters with access to the victim’s phone could still access and transact through the savings account, leading to successful fraudulent withdrawals.
We decided to move away from Basis and adopt Finacle as our new core banking platform in September 2023.
“This change was not just because of the fraud concerns but also due to recurring service interruptions and limitations in Basis.
“We needed a more unified, robust system that could seamlessly integrate both banking and non-banking subsidiaries, especially in areas like wealth management and pensions. Finacle, developed by Infosys, provided those modules and the scalability we required,” she explained.
Founder of Jidaw.com and tech policy advisor, Jide Awe, noted that the continued ATM breaches, digital banking compromises and insider-enabled fraud, which keep occurring despite prompt reporting by affected customers, raise serious questions.
“Why are these incidents still happening with such regularity?
The problem is not just in the sophistication of modern fraud techniques but in the inadequate response from the banks in the way they prevent and manage such threats.
“These failures reflect deep problems with operational controls, customer protection processes, regulatory oversight, and, most crucially, ethical standards,” Awe said.
According to him, banks still lack fast and effective incident response systems, as real-time fraud detection is either absent or underutilised.
He also added that where advanced tools exist, internal monitoring mechanisms are often unable to stop breaches in time.
“Technology alone will not guarantee security if the people behind it are not motivated or are poorly trained. It is unfortunate when customers report that their complaints are met with bureaucracy, slow responses or outright disregard.
“No one should feel abandoned after reporting a fraud incident. Customer confidence is at the core of banking.
“Hence, to truly address this issue, banks must overhaul their fraud response systems and raise customer service standards. They need to modernise their cybersecurity infrastructure while also investing in staff training, clearer communication and customer education, especially when it comes to refunds and compensation, timelines should be transparent and fair. Customers deserve clarity and honesty on the processes,” Awe stressed.
Amid mounting pressure, the Central Bank of Nigeria (CBN) has vowed to investigate the rising fraud complaints and enforce stricter sanctions on banks found culpable of negligence.
The apex bank in various circulars and statements has repeatedly urged victims of Bank infractions to report formally through its consumer protection department with evidence for proper address.
A source said: “The CBN will not take these breaches lightly. “There will be consequences for institutions that ignore red flags or fail to activate account protection protocols after receiving customer complaints. Consumer trust is the lifeblood of the financial system.”
The source also stated that some commercial banks are currently under review for repeated security failures and delayed fraud resolution processes. According to him, the apex bank is also considering mandating automated account-blocking systems that respond instantly to high-risk customer alerts.
While technology has undeniably transformed the Nigerian banking sector, experts insist that regulatory reform, institutional transparency and customer protection enforcement must evolve in tandem.
Head of Research, FSL Securities, Chiazor Victor, said, “There have been efforts for us to shift to a cashless economy, which I think should not be a shift to vulnerability. As fraudsters become more sophisticated, so must banks, and more importantly, they must be held accountable. With this 56 per cent risk, we could see a pushback of consumers towards the informal financial system, which will, in turn, undermine decades of progress in financial inclusion and digital adoption.”
Leave a comment