● Terminals multiply as frāud cases soar
●Poor education, indiscriminate issuance of machines enhancing criminal activities, says Ex-CIBN chief
The number of point of sales (PoS) vendors in the country is growing in geometric proportions, rising from 155,000 in 2017 to 3.04 million in July this year. But laudable as the development is for business and commerce, it is fast becoming a handy instrument for kidnappers, internet frăudsters and other criminal elements in the society. INNOCENT DURU reports that a lot more needs to be done by the authorities before criminal elements destroy the trust that innocent Nigerians have in the system.
A PoS operator based in Delta State recently played a role in helping k1dnappers to collect and disburse ransom money without knowing it. She had a customer, Timothy, who had been withdrawing and transferring money at her business centre and she had built a lot of trust in him over time. …CONTINUE READING
She said their business relationship grew with transactions ranging between N2,000 and N5,000 until Timothy decided one day to collect her account details.
She said: “When he collected my account details, he did not tell me that he would transfer money to me. He only called and asked me to check my account.”
On checking her account balance, she found that Timothy had transferred N4 million into it. Elated by the unprecedented cash deposit, the PoS operator quickly calculated what she stood to gain from the deal.
“My profit from the transfer is N40,000. I sent N1.2 million into Timothy’s account and he gave me other accounts that I transferred the remaining money to,” she said with every sense of innocence.
Shortly after the deal was concluded, the long arm of the law caught up with Timothy. It was at that point that it dawned on the PoS operator that she had played a key role in a kidnap deal.
Confessing to the crime, Timothy said: “Precious, Bala sent me the money. This was the first time they would do a transaction with me.”
He said aside from the N4 million, “another N590,000 was paid by another person. I do local fraud. The other guys also do local fraud. We do the fraud inside the yard. I have heard that the N4 million was collected from a kidnap victim.”
The case of Timothy and the innocent PoS operator is just one of the numerous instances of criminals using ignorant POS operators to carry out ungodly activities.
Aside from kidnappers, one notable criminal gang that uses PoS operators very often to carry out their heinous crimes are hoodlums who hack into people’s social media handles like WhatsApp and Facebook. Once the scammers have control over the hacked WhatsApp account, they impersonate the victim and request money from their contacts, often under the guise of an emergency with promises of repayment. They may also use the hacked account for other criminal activities.
One of such criminal elements recently hacked our Abuja based correspondent’s WhatsApp number. After gaining control of the app, he started impersonating the victim. He wrote a well-crafted message telling how he urgently needed financial help and promised to pay back shortly. He requested that the money be paid into a Moniepoint account number 5641873364 with the name Daniel Ilesanmi.
This reporter was among the people he sent the message to. After receiving the message, however, this reporter shared the information with a contact number found on the website of the Economic and Financial Crimes Commission (EFCC) asking them to track the number. No response was received and it was not certain that the anti-graft agency acted on the information.
Findings revealed that PoS gives hoodlums the opportunity of hiding their identities as no personal information about them are provided in the transaction. All they do is to provide the PoS with information that payment had been made to the POS operator’s account.
Another scammer, who reached out to our correspondent to assist a little boy through a POS account, in a poorly composed message said: “Please help the poor boy. Nothing his (is) too small, nothing his(is) too big? AND MY GOD WILL CONTINUE BLESSING YOU ALL. THANK YOU SO MUCH, PLEASE YOU CAN ALSO SHARE. Balogun Oizamisie Moniepoint Bank 5526266306.”
Also sharing her experience, Omon spoke of how a fraudster who had hacked her sister’s WhatsApp account and impersonated her, asked for financial help.
“The number he posted was a POS account number,” she said.
“When I got the message, I played along and asked the scammer to send his bank details. I promised to send the money after 30 minutes. He was glad, thinking that he had got a willing victim.
“After 30 minutes, he called back to remind me about the money. I said he should still hold on. After some time, he got angry and started abusing me. He quickly deleted all the messages when I told him that he would end up in jail.”
Fraudster uses online application to defraud PoS operators
A 29-year-old commercial motorcyclist, Victor Ukachuckwu, recently narrated how he used an online application he downloaded from the internet to defraud Point of Sales (PoS) operators in Ondo State.
The suspect said: “I saw the application online and I learned how to use it, which I tried and it worked, though I used it only five times in this month.
“I made N55,000 from the fraud business before I was arrested by NSCDC operatives in Akure.”
Speaking on the incident, Hammed Abodunrin, State Commandant of NSCDC, explained that the suspect had defrauded many PoS operators with his tricks. According to him, the suspect was in the habit of going to PoS operators to withdraw money.
“After he was done with PoS operators, he would access his own bank through a firewall application to inform the bank that he made a transaction, which failed.
“He would tell the bank that he had bought certain things and the goods were not delivered to him so he wanted the transaction cancelled and the money returned to his account. He would go back later and withdraw the reversed amount.
“That is what he has been doing. This month alone, he has done it three times; I think on February 13, February 17 and yesterday (February 26).
“One POS operator just noticed that each time he had a transaction with the suspect, the transaction would be reversed. This means that the POS guy kept losing money, amounting to about N55,000.
“The suspect was arrested today (February 27). We were about to grant him bail and we just felt we should approach his bank, and another money just came back into his account, which means that there are so many that will still come back to his account,” the NSCDC chief explained.
Abodunrin explained that when the command approached the bank, it (bank) claimed to have sent emails to the affected POS operators. He said the bank reversed the transaction and paid back the suspect because it did not receive any response from the POS operators it emailed.
“I am appealing to banks to find faster and better means of communicating with their clients to prevent future criminal acts,” he said.
How fraudsters use ‘No Trace Account’ to defraud on PoS
Findings revealed that scammers who defraud PoS operators often transfer the funds into what is called No Trace Account. A no trace account, according to AI search results, is a type of account that provides anonymity for its users by not keeping official records or tracking the source of money.
Hawala, also known as underground banking, is a money transfer system that uses no trace accounts to transmit money without moving currency. Hawala networks have been used for centuries, and are often used by expats to send money home.
However, some countries, like India, have declared Hawala illegal due to its informal nature and lack of regulation.
Reacting to a complaint by a scam victim on Nairaland about how his money was stolen through PoS, a netizen said: “The guy who withdrew the cash withdrew it to a no trace account which he already created with XXX. Yahoo guys/G Boys/online scammers create an account called “No Trace Account” using stolen BVN details.
“They create this account with online banks. Trust me when investigation is done on this matter, na innocent person dem go catch, except the scammer later transfers the cash to a regular account from which he can withdraw it using an ATM card or he can use a xxxx ATM card to do the withdrawal.
“Then with this, his face will be out there, captured by the camera attached to the ATM machine used. Being aware of this risk, he wouldn’t try that option. But las las (in the end), he will opt for the best option of buying stuff and then do transfer to the seller.
“But in this case, it’s obvious he used an XXX ATM on PoS to do that withdrawal. My best guess is that money is gone.”
He advised: “Next time, to avoid having your ATM card details /account being compromised, do this: Don’t you ever use your main bank account ATM on any POS.
“Any time you want to use the POS, transfer just that amount+ charges to a secondary account. You can go ahead and withdraw from this account using the associated ATM card. Do this for both ATM & online transactions.
“This way, you avoid exposing yourself to online hacks.
POS fraud cases rise in first half of 2024 as terminals spread
Reports showed that PoS fraud rose in the first and second quarter of this year. The prevalence of fraud and forgery in the country’s payment system showed a significant shift in the first quarter of 2024..
According to the Fraud and Forgeries Report in Nigerian Banks for the first quarter of 2024 by the Financial Institutions Training Centre (FITC), POS fraud cases surged by 31.12% in Q1 2024.
In Q4 2023, there were 2,683 reported cases of fraud associated with POS terminals. However, this number escalated to 3,518 cases by Q1 2024. POS fraud cases made up 30.67% of the total fraud cases (11,472) recorded in the quarter under review.
The second quarter witnessed a sharp increase in the ugly practice. A report from Nigeria’s Financial Institutions Training Centre (FITC) revealed a rising wave of fraud that cost Nigerians ₦42 billion between April and June 2024.
The report highlighted how fraudsters targeted PoS systems and mobile devices, with fraudulent activities involving the technologies reaching alarming levels.
The second-quarter report of 2024 recorded 11,532 cases of fraud, with a total value of ₦56.3 billion, marking a sharp increase from ₦34.8 billion in the first quarter. Out of this, ₦42.6 billion was successfully stolen, while financial institutions managed to recover ₦13.7 billion.
The report showed mobile fraud was the most prevalent, responsible for 33.4 per cent of the reported incidents, followed by PoS-related fraud at 24.6 per cent.
These forms of fraud, it underlined, include scams carried out through mobile apps and internet banking platforms.
Web-based fraud accounted for 16.9 per cent of the cases, underlining the growing sophistication of cybercriminals.
The FITC report also noted that most of the losses occurred at the bank branch level, where 95 per cent of the total fraud value, approximately ₦54 billion, was recorded.
According to FITC, this points to a troubling increase in insider involvement, with 49 employees dismissed for their role in these schemes during the quarter.
The report indicated fraudsters continue to exploit weaknesses in both modern and traditional systems despite advancements in digital security.
PoS terminals multiply as fraud soars
The number of POS terminals in the country has continued to rise in geometric proportion showing a relationship between the rise and the increasing cases of fraud.
Between 2017 and 2022, the number of POS terminals in Nigeria grew significantly. In 2017, there were around 155,000 terminals, while as of April 2022, this figure reached roughly 1.1 million.
By July this year (2024) the number of PoS machines deployed by merchants and individuals across Nigeria, according to the Nigeria Inter-Bank Settlement System (NIBSS), rose to 3.04 million.
This represents a 32% increase year on year when compared with the number of deployed terminals in the same period last year, which was 2.3 million.
The July 2024 figure indicated that a total of 744, 533 new PoS terminals were deployed between August 2023 and July 2024.
However, as at July, the figure for deployed PoS was still lower than the total registered terminals. According to the NIBSS data, a total of 4.06 million PoS machines had been registered across the country as of July 2024, which shows that a total of 1.02 million terminals are either yet to be deployed or have become inactive.
Police counsel PoS operators
Counselling POS operators, Delta State Police Command spokesperson, Bright Edafe, said : “Anybody that wants to do transactions above N500,000 should go to the bank.
“If you as a POS operator are receiving money that is unreasonably high, understand that there is an element of crime in it, because they are supposed to go to the bank.”
The PPPRO disclosed this while parading Timothy and the innocent POS woman operator. He said: “This lady was contacted by this suspect who collected her POS account number and sent N4 million that was taken from a victim who was kidnapped into the account.”
Indiscriminate issuance of PoS machines fuelling fraud- Unegbu
A former Chartered Institute of Bankers president, Mazi Okechukwu Unegbu, blamed the rising cases of PoS fraud on indiscriminate issuance of PoS machines by banks and fintech companies without proper training. Checks showed that fintech companies particularly have their vendors moving about wooing people to take the machines.
Findings also revealed that some PoS operators sell PoS machines and get commission for as long as the machine is in use.
Deploring the practice, Unegbu said: “Part of the problem is that you have people who are not properly examined to operate PoS business. It is a fintech business, what we call financial technology business.
“Now, you have people who are not properly trained. Everybody starts PoS business without proper training.
“And I think the banks are at fault. The banks who give this PoS machines to operators, should be able to give the people training, but they are not doing that.
“They need to properly train them so that they’ll be able to know their do’s and don’ts. But once they don’t train them, they are exposed to the weather and anything can happen to them.”
Aside from banks, Unegbu also said “OPay, Palmpay and Moniepoint, among others, should be able to train PoS operators.
“And that’s why I’m talking about due diligence. The bankers should also be held responsible for the malfeasances of these PoS operators, because it is not right for them to just give the PoS machine to anybody.
“They keep going around encouraging people to take PoS, and those people who take them are not properly trained as to what they ought to do. It’s unfortunate.
“If anything happens, the banks will be held responsible too.You must give them training, telling them the do’s and don’ts, how to use the system, and how to do due diligence by examining people that come to do business with them.
“So the banks will need to have such training ingrained in these POS operators.”
Reacting to the case of Delta PoS operator engaged by kidnappers, Unegbu said: “That’s why POS people now, before they make such transactions, should carry out what we call Know Your Customer (KYC).
“You must know who you are dealing with. You can’t just do things without knowing who you are dealing with.
“Once somebody is going to do business with them, they should find out all their details and hold it just in case something happens. They can now use it, even though somebody may give false names since they are criminals.
“But the POS man should have done some due diligence operations which can be shown, so that he can be free from harassment by law enforcement authorities.”
Continuing, Unegbu said PoS operators’ banks should give them dos that don’ts emanating from central bank direction, because that’s why the CAC wants to register all of them. “So, if they are registered, you can trace them, you can know where they are. That’s why they need to be registered.
On people who register in one state and carry out their businesses in another state, Unegbu said: “Once you are registered, anywhere you are in Nigeria, you are recognized, because registration is national, not statewide, although states may require you to register with their business units because of taxation and all that.”
On the red flags that PoS operators must watch out for when dealing with customers, the ex CIBN chief said: “First of all, if somebody comes to you and starts acting funny, it should show a red flag to you. If somebody comes to do a N1 million transaction, you know it’s funny.
As a PoS operator, you should direct him to the bank. And I know banks will not do it because the banks will immediately see the trick.
“So the POS operators, if anybody comes to them to do from N1 million and above, they should raise the red flag before them.
Various PoS frauds, solutions
Flutterwave, a payment processing company that allows businesses to make and receive payments across borders, in a post, listed card skimming as one of the ways PoS frauds are carried out.
This, it said, involves bad actors attaching devices, known as skimmers, to your card readers. “The skimmers are then used to capture and store the magnetic stripe information from credit or debit cards. The information obtained is then used to create counterfeit cards and make unauthorised purchases.”
Providing safety tips to prevent card skimming, Flutterwave said: “Regularly inspect your POS terminals or card readers for any signs of tampering or unauthorised devices. If anything looks suspicious, promptly report it to your PoS provider for assistance and avoid using the terminal to collect payments.
“Cardholders should always be on the lookout for any irregularities such as someone focusing too much on your card, that might make your card information or PINs accessible without your permission.
Next pattern of PoS fraud according to Flutterwave is data breaches.
“Cybercriminals may target POS systems to gain unauthorized access and steal your customer’s sensitive information like card details, names and addresses. Such sensitive data can be exposed to other bad actors and used to commit other crimes, such as identity fraud.”
To prevent this fraud, it said: “Conduct regular security audits of POS systems and networks to identify vulnerabilities and address potential weaknesses.
“Also, encourage your customers to always monitor their card reports through their bank statements and report any unauthorised transactions to their banks immediately.”
Other forms of fraud and ways of preventing them as posted by Flutterwave are as listed below.
Employee Fraud
Dishonest employees may engage in fraud by manipulating POS transactions, providing unauthorised discounts, or conducting “sweetheart” transactions, where they collaborate with friends or accomplices to commit fraud.
Safety tip to prevent employee fraud
Safeguarding your POS business against employee fraud starts with conducting thorough background checks during every hiring process. Then, implement strict controls and access to limit your employees’ ability to manipulate your POS transactions.
Transaction reversals
Fraudsters may attempt to reverse legitimate transactions to receive a refund or credit for a purchase they did not make. This can be done through exploiting vulnerabilities in the POS system.
Safety tip to prevent transaction reversals
Set up monitoring systems that track transactions in real time and trigger alerts for unusual or high-risk activities. Keeping track will also provide you with records appropriate in cases of possible reversal fraud attempts.
Stolen card information:
If a customer’s card information is stolen, either physically or through a data breach, bad actors may attempt to use that information to make unauthorised purchases at POS locations.
Safety tip to prevent stolen card information
Implement measures to verify customer identities, especially for high-value transactions. This could include requesting additional identification, such as National ID cards, that correspond with the cardholder’s details for certain transactions.
-The Nation
