Nigerian fintech might be on the verge of a fraud crisis. This year, we have seen an uncomfortably high number of reports about companies losing millions to cybercriminals. Even the big names have not been spared. Since 2020, Nigerian financial institutions have lost a total of N159 billion ($201.5 million) to fraud incidents. Also, three fintech giants have lost over N5 billion ($6 million) in the first eight months of this year, according to the Financial Institutions Training Centre (FITC). FITC is a financial research and advocacy organisation operated by the Central Bank of Nigeria.
In 2022, MTN Nigeria experienced unauthorised transfers totalling over N10.5 billion ($13.3 million) due to a glitch in its mobile money service. This happened shortly after it started operating as a payment service bank. But that was only the beginning.
The first notable record of 2023 came when Flutterwave —Africa’s largest unicorn— reportedly lost N2.9 billion to hackers. The company denied this incident, but court documents showed that its legal counsel sought police assistance to recover funds. They aimed to recover money from 107 bank accounts in 27 banks that allegedly received money from the illegal transfers.
Then Patricia, a renowned crypto trading platform, took the stage with a much more concerning controversy. The company reportedly fell victim to fraud involving hackers and insiders, losing around $2 million belonging to customers. Now, the company is seeking ways to repay these customers, who are losing more patience with each passing day.
Reports of Interswitch, a household name in African payments and fintech infrastructure, losing money sent fresh tremors into the ecosystem. Interswitch’s losses to fraud have accumulated up to N30 billion (~$40 million). These losses came from a system glitch that allowed merchants to dubiously file and receive chargebacks. A TechCabal report also cites sources linking the company’s fraud problems to some of its former and current employees. This case gives base to a point made by the FITC: fraud-related losses in the sector don’t only come from external threats. It claims that insiders within companies collude with hackers and, as a result, make it more difficult for fintechs to protect their money.
However, fintechs are not alone. Commercial banks have also been victims. According to the FTIC, insider-aided breaches affect both fintechs and institutional lenders. For instance, recently published court documents show that Access Bank, the largest bank in Nigeria by customer deposits, took legal action in June to retrieve N 30 billion ($3.8 million) fraudulently withdrawn. Then in July, it filed another lawsuit to recover N5 billion ($6.3 million) allegedly transferred from its accounts by fraudsters.
This growing fraud problem is not only affecting customers’ trust. There’s now distrust among companies. Recently, Fidelity Bank, a leading Tier-2 bank, temporarily restricted fund transfers to neobanks such as PalmPay, OPay, Moniepoint and others. This move sparked controversy, but it wasn’t without cause. Fidelity Bank has lost about N2 billion in three separate attacks. And because neobanks often have relatively laid-back KYC methods, the bank saw them as possible channels for bad actors to exploit.
Having a solid framework against fraud for financial services has become more urgent than ever. But bringing this crisis to a standstill will be a Herculean task. Nigeria is Africa’s largest fintech market. Fintech is also the fastest-growing sector in Nigeria’s startup space. So, regulators might play catch-up with its scale for a while. However, it’s notable that several initiatives to curb fraud have come to light recently. One is Project Radar, an initiative launched by Flutterwave, Interswitch, and SystemSpecs to create a platform for fintech companies to monitor and prevent fraud in real-time.