Professional Documents
Culture Documents
By Nabimanya Julius
September 23, 2022
1. Brief Background.
Research indicates that the increase of electronic banking has led
to increase of fraud resulting in financial losses. For example, it is
estimated that in 2009 to 2010 there was 93% increase in
electronic banking fraud and a 30% increase in 2012 to 2013.
According to a study by retail banking researchers conducted in
2011, electronic-bank fraud costs 8.6 billion US Dollars annually.
This was anticipated to increase in the following years.1
Additionally, a report by Bank of Uganda revealed specifically for
Centenary Bank, that the total customer base of the bank declined
by 11.4%, its customer deposits declined by 7%, its total credit
slowed down by 12% and customer complaints due to electronic
1
Wisdom, K. (2012).The Impact of Electronic Banking on Service Delivery to Customers
of Ghana Commercial Bank.
2
fraud increased by 6.3%.
Another 2012 survey by Deloitte indicated that Ugandan banks
lose up to sh12b annually to electronic fraud while UGS118b was
lost by banks in the East African region.
Despite the above, the use of digital payment systems continued
to grow strongly, both for mobile money and in commercial banks.
According to the Bank of Uganda Quarterly Financial Stability
Report published in March 2022, demand for digital payment
services was mainly driven by a favorable policy environment,
evolving consumer behavior/needs, and recovery in economic
activity.3
The report indicates that the value of debit card transactions
increased by 23.9% to Ugshs. 1.2 trillion during the year ended
March 2022, while the value of internet and mobile banking fund
transfers rose significantly by 82.8% and 146.1% respectively to
Ugsh. 145.6 trillion for the year ended March 2022.
The above report indeed shows that electronic and mobile
banking continues to grow as more people continue to interest
themselves in digital banking services. That means, without doubt,
that the more the digital banking sector grows, the more financial
risks it is prone to face, particularly the dangerous vice of
electronic bank fraud.
As banks and other regulatory authorities continue to put in place
measures to mitigate loss, fraudsters, on the other hand, continue
to come up with novel and more lethal methods of digging and
depriving customers and banks of their money. Indeed cases
2
The Bank of Uganda Financial Stability Report (2015-2016).
3
Bank of Uganda Quarterly Financial Stability Review, March 2022.
have become so rampant today where customers continue to
accuse banks of negligence and breach of their fiduciary duty,
commonly known as the banker-customer relationship.
Although Courts have held in some cases that banks will not be
liable for financial loss caused by fraudsters on a customer’s
account, if there is evidence to prove that the bank in question
used commercially viable security features to prevent the loss,4 I
opine that the issue of digital fraud is not an easy one to
approach and therefore, even a Court faced with such a case,
ought to take sufficient caution, both in the manner of admitting
and evaluating evidence present before it, before it makes a
conclusion. Digital fraud takes various peculiar forms and in
some cases, it may be very difficult to tell whether the fraud was
occasioned by the Bank or the customer’s negligence.
However, this article makes an attempt to provide some basic
forms of electronic fraud, how they happen and how they can be
avoided or at least mitigated, and perhaps the nature of facts and
evidence that Courts might normally interest themselves in while
faced with such cases.
Whereas it is truly difficult to avoid being victim of digital fraud,
this article discusses how a bank and a customer can shield
themselves against financial loss caused by digital fraud.
2. Introduction.
4
In Aida Atiku v Centenary Bank HCCS No. 0754 of 2020, the High Court of Uganda
observed that the party who is best placed to prevent a fraudulent activity will bear the
loss. That the defendant Bank had put in place commercially reasonable security
features which the account holder had jeorpardised.Although this judgement was rightly
made based on the evidence presented by both parties, it imposes an unfair and
commercially discriminatory advantage by financial institutions over customers. It is
therefore important that every case be approached based on its own unique facts.
Meaning and Scope of Electronic Banking.
The term electronic banking (e-banking) may be defined as the
automated delivery of new and traditional banking products and
services directly to customers through electronic, interactive
communication channels (Buchanan, 2010). E-banking includes
but is not limited to; the systems that enable financial
transactions, modes of payment used by customers, individuals
or businesses, to access accounts, transact business, or obtain
information on financial products and services through a public or
private network, including the Automated Teller Machines (ATMs)
used alongside the Personal Identification Number (PIN), Internet
banking and Mobile Banking.5
There are five basic services associated with e-banking and these
include: viewing account balances and transaction histories;
paying bills; transferring funds between accounts; requesting
credit card advances; and ordering cheques for more faster
services that can be provided by domestic and foreign banks.
The forms of electronic banking.
E-banking is majorly comprised of internet and mobile banking.
Internet banking involves conducting banking transactions such
as account enquiry, printing of statements of account, funds
transfer, payments for goods and services, etc, on the internet
using electronic tools such as the computer or a smartphone
without visiting the banking hall.
E-commerce is greatly facilitated by internet banking and is
mostly used to effect payment. Internet banking also uses the
5
Gates, T. and Jacob, K. (2009). Payments fraud: perception versus reality – a
conference summary. Economic Perspectives. Vol. 33 No. 1, pp. 7-15.
electronic card infrastructure for executing payment instructions
and for final settlement of goods and service over the internet
between the merchant and the customer. Currently the most
common internet payments are for consumer bills and purchase
of air tickets through websites of the merchants.6
In modern day banking, customers rely heavily on the internet for
their banking business, which practice has orchestrated an
increase in the number of electronic bank fraud. It has been
argued that electronic banking continues to provide a huge
opportunity to hackers and fraudsters to attack Banks and
customers.7
Further research even shows that the internet enables criminals
to strategise as a network, supporting each other in their attacks.
More particularly, fraudsters are interested in accessing
customers’ bank accounts through the navigation of electronic
systems by using security breaches. Some prevalent practices of
illegitimately accessing Bank-customer data are done using a
method termed as “phishing.” Phishing is where a hacker sends
an e-mail from an allegedly credible source either to a bank or its
customer, requesting for sensitive information such as the
customers user name or password.8
As for mobile banking, this involves the use of a mobile phone to
settle financial transactions. It is observed that mobile banking
supports person to person transfers with immediate availability of
6
Littler, D. and Melanthiou, D. (2006).Consumer perceptions of risk and uncertainty and
the implications for commercial banks.
7
Gates, T. and Jacob, K. (2009). Payments fraud: perception versus reality – a
conference summary. Economic Perspectives. Vol. 33 No. 1, pp. 7-15.
8
Ebiringa, O. T. (2010). Automated Teller Machine and Electronic Payment System in
Nigeria: A Synenthesis of the Critical Success Factors. Journal of Sustainable
Development in Africa, 12 (1): 71-86.
funds for the beneficiary. Payments through mobile banking use
the card infrastructure for movement of payment instructions as
well as secure Short Message Service (SMS) messaging for
confirmation of receipt to the beneficiary.
It is further argued that mobile banking is meant for low value
transactions where the speed of completing the transaction is key.
The services covered under this product include account enquiry,
funds transfer, recharge of phone accounts, changing of
passwords and bill payments.9
In Uganda, the mobile money market has been a playground for
fraudsters with an average of at least 100 mobile money users
losing money every week. Indeed, a survey about Agent Network
Accelerator in Uganda conducted by the Helix Institute of Digital
Finance (2013) revealed that one of the biggest challenges of
mobile financial services is the high risk of fraud.10
Mobile banking fraud may be categorized into: consumer driven
fraud, agent driven fraud, business partner related fraud, mobile
financial service provider fraud. Consumer driven fraud refers to
fraud that is initiated by fraudsters posing as customers and is
the most common type of mobile fraud;
Agent driven fraud is perpetuated from within the agent network
and it is initiated and operated by agents or their employees.
Business partner driven fraud describes the fraudulent activities
perpetrated by bank staff on the bank, bank staff on customers or
9
Sathye, M. (1999). Adoption of Internet banking by Australian consumer: An empirical
investigation. International.
10
A survey about Agent Network Accelerator in Uganda; Helix Institute of Digital
Finance (2013)
11
bank staff on mobile money operator.
It goes without saying that electronic banking is intended to offer
a wide range of advantages and opportunities in the banking
sector to ensure that work is carried out effectively and efficiently.
It is argued that its adoption would improve three critical domains
which are efficiency, quality, and transparency in any banking
institution.
3. Forms of Digital/electronic Fraud.
The more people spend longer online and continue to give out
their personal data to various online sites, the more it makes
them more susceptible to such scams.
Impersonation Scams.
Recently, impersonation scams, where hackers pretend to be
from a trusted source, contact and trick victims into moving their
money to that contact, are so common.
Fraudsters impersonate organisations such as telecom service
providers, banks, beverage and alcohol companies, government
departments, among others, via phone calls, texts, emails, fake
websites and social media posts to trick people into handing over
their personal and financial information which is then used to
convince Banks holding customers’ accounts to effect payments.
There could also be fraudsters who use romance scams to lure
their victims into thinking that their loved ones are in urgent need
and thereby giving them access to their personal information or
11
Mudiri, J. L. (2014). Fraud in Mobile Financial Services. Microsave Publications:
Kampala. Muhammad, A. K. (2009). An empirical study of automated teller machine
service quality and customer satisfaction in Pakistani banks. European Journal of Social
Sciences, Vol. 13 No.3, pp. 333-344.
even some times innocently sending money to these (illegitimate)
"lovers." Some fraudsters will even befriend the victim in an effort
12
to gain their unsuspicious trust.
Bank CEO Fraud.
There is also fraud that has grown most recently and this is
commonly termed as “CEO Fraud.” Here, a scammer normally
sends an email, often to a business accounts department of the
Bank, pretending to be from a senior staff member asking for an
urgent payment to be made to a supplier, partner or customer.
These are not yet very common here but are prevalent in
developed jurisdictions.
Leveraging on trends in current promotions and other
current affairs.
It is important to note that Fraudsters often take leverage on
current affairs to trick their victims into falling prey. For example,
hackers always look out for periods when business entities are
running promotional activities. Telecom companies like MTN and
Airtel normally run promotions to give back to their customers, or
to promote a particular service that is being brought to the market.
In such promotions, customers will normally win monetary and
non-monetary rewards. Scammers will therefore use such an
opportunity to trick innocent people into providing their personal
information which the scammers then use to make unauthorized
transactions on a victim’s Bank account.
Number spoofing and overriding caller IDs.
12
https://www.theguardian.com/money/2022/jun/29/uk-victims-lost-13bn-in-2021-amid-surge-in-online-
new-data-shows
According to the United States Federal Communications
Commission, Spoofing happens when a caller deliberately
falsifies the information transmitted to your caller ID display to
disguise their identity. Hackers often use neighbor spoofing so it
appears that an incoming call is coming from a local number, or
spoof a number from a company or a government agency that
you may already know and trust.
When you answer the call, they use scam scripts to try to steal
your money or valuable personal information, which can be used
in fraudulent activity. Apparently, a victim may not be able to
immediately tell if an incoming call is spoofed, however it is
advisable not to answer calls from unknown numbers or if one
answers the call and the caller is weird, one should hang up
immediately.
Sending malicious links.
According to the Reserve Bank of India, pushing out a malicious
link is one of the simplest methods that scammers use to access
your personal information. They may create a fake website which
looks like an existing genuine one, for instance a bank’s website
or search engine, fake e-commerce websites or even fake social
media accounts.
The links are then circulated by fraudsters through text messages
or via social media sites. The links are masked through seemingly
authentic names of websites, but in reality, the customer gets
redirected to a phishing website. When a customer enters his or
her secure credentials on the website, the same are captured and
used by fraudsters.
Other forms may be sharing malicious mobile apps, where links
are engineered in such a way that the customer is redirected to
download an unknown application. Once the app is downloaded
by the customer onto their phone, the fraudster gains complete
access to the customer’s device, whereby the scammer is able to
watch, control your phone to gain access to your financial
credentials.
4. Preventing/mitigating Risk.
6. Conclusions.
Given the major concerns that customers continue to express
constantly losing their money through unknown transactions on
their bank accounts, banks and other micro-finance institutions
need to strengthen their security posture with state of the art
security features that can help mitigate the frequency and severity
of data breaches.
By investing in advanced technologies, banks can capitalize on
customers’ growing interests in digital banking right now and
more importantly, keep their customer base for long. Therefore,
considering security systems built on highly secure and trusted
identities of data and payments should be every Banker’s area of
priority, moving forward.
Finally, it is without doubt that a bank owes a fiduciary duty of
care to their customer, at all times whenever transacting with
them. Therefore, it is important that Banks take an extra step to
not only provide information but also educate their customers.
Although a customer does not need to know the complex and
technical aspects of their Banker’s security systems, the Banker
still owes them a great duty to avail them with all necessary and
helpful education about its institutional security mechanisms
aimed at protecting their accounts and how best they can benefit
from it.
Do not just teach the customer on basic security tactics like
username and password, security questions, two-factor
authentication and fingerprint recognition, but go an extra mile to
educate them on advanced security features like biometric
authentication methods, among others.
In any event where fraud has transpired and the money has been
lost, then a customer may initiate a formal complaint procedure
to their bank and if the Bank does not help, the customer may
resort to Court and sue the Bank for breach of fiduciary duty. Of
course, the success of the suit will largely depend on the
circumstances of each case.
-Cross references-
1) Wisdom, K. (2012).The Impact of Electronic Banking on Service
Delivery to Customers of Ghana Commercial Bank.
2) The Bank of Uganda Financial Stability Report (2015-2016).
3) Bank of Uganda Quarterly Financial Stability Review, March 2022.
4) Aida Atiku v Centenary Bank HCCS No. 0754 of 2020,
5) Gates, T. and Jacob, K. (2009). Payments fraud: perception versus
reality – a conference summary. Economic Perspectives. Vol. 33 No.
1, pp. 7-15
6) Littler, D. and Melanthiou, D. (2006).Consumer perceptions of risk
and uncertainty and the implications for commercial banks.
7) Gates, T. and Jacob, K. (2009). Payments fraud: perception versus
reality – a conference summary. Economic Perspectives. Vol. 33 No.
1, pp. 7-15.
8) Ebiringa, O. T. (2010). Automated Teller Machine and Electronic
Payment System in Nigeria: A Synenthesis of the Critical Success
Factors. Journal of Sustainable Development in Africa, 12 (1): 71-86.
9) Sathye, M. (1999). Adoption of Internet banking by Australian
consumer: An empirical investigation. International.
10) A survey about Agent Network Accelerator in Uganda; Helix
Institute of Digital Finance (2013)
11) Mudiri, J. L. (2014). Fraud in Mobile Financial Services.
Microsave Publications: Kampala. Muhammad, A. K. (2009).
12) An empirical study of automated teller machine service quality
and customer satisfaction in Pakistani banks. European Journal of
Social Sciences, Vol. 13 No.3, pp. 333-344.
13) https://www.theguardian.com/money/2022/jun/29/uk-victims-
lost-13bn-in-2021-amid-surge-in-online-new-data-shows
14) What is a Security Operations Centre (SOC) accessed on
www.trellix.com on Thursday September 22, 2022 at 12:35 pm