Cyber Act: Making it work for e-payments
The Federal Government, had in May 2015, signed into law the Cyber Crime Prohibition Act, which stakeholders had already said it provides an effective, unified and comprehensive legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercriminals in the country. Other provisions of the Act include the manipulation of Automated Teller Machine/Point of Sale Terminals, phishing, spamming, spreading of computer virus and electronic cards’ related fraud, prescribing various prison terms and/or penalties for offenders.
Let us assume that the stakeholders are comfortable with provisions of the Act, the will on the part of leadership to take the sections of the law into action, not minding “whose ox is gored” still remains central to the discourse. Similar to this is the readiness of the “law interpreters”- the Judiciary to lend support and ensure that criminals do not go off the hook by mere technicalities. Granted, the implementation of the Act will be like an uncharted terrain at the initial stage, but patriotism would be needed to overcome the temptations to use “technicalities” to label cases flimsy ones.
Already, the Nigeria Electronic Fraud Forum (NeFF) has enlisted the support the support of the Judiciary in its fight against all banking related frauds in the country, especially with the coming of Cybercrimes Act 2015.
The Central Bank of Nigeria (CBN), in furtherance of its efforts at combating fraud within the banking industry, established NeFF to proffer solutions towards addressing frauds arising from the increased adoption of electronic payments.
The Chairman of the NeFF and Director of Banking and Payments System Department, Central Bank of Nigeria (CBN), ‘Dipo Fatokun, the group has secured the regulator’s approval to visit the Chief justice of the Federation in a move to strengthen and consolidate the relationship with the Judiciary.
The partnership would also set the tone for a planned training of stakeholders in the Judiciary to strengthen capacity, especially as fight against electronic fraud (e-fraud) has always created the need for the arm of government and law enforcement agencies to corporate with financial system regulators.
Fatokun, who noted that e-fraud losses are decreasing with increased monitoring of the incidences, however, admitted that the challenges facing the electronic payments system are more real than imagined.
“NeFF has responded to the challenges of the time, making the country increasingly difficult for cyber criminals to thrive. We cannot postpone a lot of issues that confront us especially the security of our payment system and that is why we meet regularly to review our progress,” he said.
Perhaps, speaking on the need to hasten the enforcement of the Act became urgent as the electronic fraud attempts in banking industry in the first half of 2015 reached 1,544, with value in excess of N1 billion, the Managing Director and Chief Executive Officer of Jaiz Bank, Mohammad Nurul Islam, while presenting a topic: “Role of Financial Institutions in Preventing Cybercrime Misdemeanor”, at the August meeting of the Nigeria Electronic Fraud Forum (NeFF), cited the report of the Nigeria Interbank Settlement System (NIBSS), noting that the major challenge in the fight against cybercrimes is the lack of legislation.
“This lack of recourse for consumers encourages the perpetration of cybercrimes for financial gains. Security and privacy concerns are also contributive factor, especially for the less aware customers of banks.
“In the first half of year 2015, analysis from NIBSS revealed that 1,544 fraud cases were reported with an attempted value of N1.34 billion and actual loss value of N654.4 million. Specifically, looking at electronic frauds (ATM, e-commerce, Internet banking, Mobile, POS and Web), a total of N926 million was attempted,” he said.
He pointed out that to encourage widespread use and acceptance of electronic channels, the perceived and actual levels of confidence must be high, while security should not be compromised.
But Islam noted that over the past decade, the cybercrime landscape has changed drastically, with criminals employing more sophisticated technology and skills around the world.
According to him, the deployment of technology like ATM, POS, mobile/Internet and agency banking as a means to drive innovation and deepen financial inclusion has increased the number of offerings and channels available to the customers, but hacked into by fraudsters.
“External cyber-attacks are increasing in frequency and causing extensive damage to companies and organizations. The internal cyber threat is the most damaging to an organization due to the insider knowledge.
“In Nigeria, the major challenge is the lack of legislation against cybercrimes. This lack of recourse for consumers encourages the perpetration of cybercrimes for financial gains. Security and privacy concerns are also contributive factor, especially for the less aware customers of banks,” he said.
The non-interest banker applauded government’s legislation against cybercrimes and expressed optimism that assessed inadequacy before now, would be remedied by the provisions of the Act.
He also warned that the law is not the “one size fits all” to the risks landscape because cybercrime is not going to disappear, as it is a part of a border crime landscape.
“The 2015 cybercrimes Act is only a first step in preventing Cybercrime Misdemeanor. The banks should increase collaboration with regulators, law enforcement and law making bodies with the goal of strengthening the legal framework and promote situational awareness to the general public,” he added.
However, Dipo noted that with the diversity associated with Information Technology and the ever-increasing need for speed in communication, it has become necessary to remodel NeFF’s online presence in line with current realities.
“Today, Nigeria has 80 million people using the Internet and the rate is growing faster than most other countries including United Kingdom. The forum is considering having a robust independent website, which will assist in dissemination of information to cyber participants, using all social media platforms to engage continuously with the public and ramp up awareness on etiquettes needed to interact safely on the on the e-device.
“It is laudable that we now have legal backing in the fight against cyber fraud. The Act is actually a force that would take us further in the course, in the sense that many things that were not criminalised are now serious offense. If people are aware of this, it could even become a deterrent on activities that would deny them of their freedom and possibly send them to jail or fine,” he added.
The Partner, Perchstone & Graeys, Kunle Ajagbe, who noted that the cyber threat is real, said seamless Internet access has created a virtual global crime scene for some people, with Nigeria currently ranked eighth globally on the use of Internet.
According to him, the Association of Certified Fraud Examiners (ACFE) in November 2013, identified Africa as the continent with the highest percentage of its online transactions ranked as fraudulent, and further analysis showed that the highest in the continent is from Nigeria and Ghana.
Ajagbe explained that the 2015 security summit in Johannesbourg, revealed that South Africa suffered from the most cyber-attacks in the region, with a yearly cybercrime loss estimated at $573 million, while Kenya’s loss is placed at $36 million.
Speaking on the implications of the development for the country, he said it is a disincentive to investment, undermines public confidence, with reputational cost, distorts the reward system and work ethic, poses grave danger to economic and financial system, as well as a national security threat.
He pointed out that previously, only scattered statutory provisions attended to the problems, but lauded the enactment of the 2015 cybercrime Act, which is the first and concrete step in that direction.
In his overview of the provision, he noted that the National Security Adviser would recommend to the President to designate certain computer systems, assets and networks as Critical National Information Infrastructure (CNII), suggesting that these should include banking and finance, telecommunications, aviation, agriculture, government infrastructure, law, defense and security architecture, public health, economic system, among others.
He also commended the penalties for offences against CNII, which is between 10 years and life imprisonment, given the extent of the damages; while unlawful access to a computer attracts three to seven years or fine of N5 million to N7 million or both.
Among the provisions of the Act include failure to duly register cybercafé, which attracts three years or fine of N1 million/N2 million or both; system interference- imprisonment not more than two years or fine of not more than N5 million or both.
Others are intercepting of e-messages, emails, electronic money transfers- seven years in the first instance and 14 years thereafter; failure to report cyber threat- mandatory fine of N2 million; and identity theft or impersonation- seven years imprisonment or N5 million fine or both.
Manipulation of ATM/POS terminals- imprisonment for not more than seven years or fine of N5 million or both (where employee is guilty, no fine),” he noted
He tasked financial institutions to raise the bar in verification and Know-Your-Customer scheme for customers involved in e-transactions, suggesting fine of N5 million for non-compliance.
The Partner, Templars Law Firm, Chike Obianwu, said the new Act could be said to be at par with international laws- almost mirrors European Council’s Budapest Convention and points can also be picked from the International Telecommunications Union’s toolkit for cybercrime legislation.
“Therefore Nigerian Act is thorough and modern; could be said to be at par with international laws,” noting the Atorney-General of the Federation has role of conforming Nigeria’s law with international standards, maintaining cooperation and effective prosecution,” he said.
However, he expressed worry on the uncertainty over the existence the bodies authorised by the Act as at date, which are needed to enforce the laws.
The Cybercrime Advisory Council’s functions are to “establish a programme to award grants to higher education institutions to establish cyber security research centres; and promote graduate traineeships in cyber security and computer and network security research and development.”
There was also concern over the ambit of the law, with respect to Nigerian citizens and foreigners and the territory where the offence is committed, but raised the hope that with time, some emerging issues would be sorted.