CYBERCRIME AND INFORMATION SECURITY AMONG

COMMERCIAL BANKS IN NIGERIA: CHALLENGES AND

PROSPECTS

BY

TEMITOPE AUSI
NOU214049829

BEING A DESERTATION SUBMITTED TO THE FACULTY OF THE SOCIAL

SCIENCES IN PARTIAL FULFILMENT OF THE REQUIREMENT FOR THE
AWARD OF THE DEGREE OF M.SC CRIMINOLOGY AND SECURITY STUDIES
OF THE NATIONAL OPEN UNIVERSITY OF NIGERIA

JUNE, 2023
 ONE

INTRODUCTION

1.1. Background To The Study

According to Edwards (1995), “we are moving rapidly to the point where it is possible to

assert that ‘everything depends on software’”. The exponential growth of this technology,

the increase in its capacity and accessibility, and the decrease in its cost, has brought about

revolutionary changes in commerce, communications, entertainment, and education.

Technological development has improved the quality of life along making life easier. We

can testify to this in the various areas of our daily lives where there have been significant

improvements such as communication, shopping, information, entertainment, wellbeing as

well as banking. Information Technology has seen the introduction of the internet as well as

the integrations of digital platforms and online services that has become an important space

in the world of information and communication technology. This has since proved to be

vital factor in productivity, growth and innovation in the various sectors of human existence.

In recent years, technological developments have greatly affected accounting and banking

practises that the world has seen the world adapt itself to these changes. However, this

growth in the information technology environment has introduced us to new and related

threats which has got thinking if the gains are really worthwhile

Cybercrimes and online attacks now have the ability to greatly harm the society in new and

critical ways. Cyber-attacks now have the ability to greatly harm the society in new and

critical ways. Online fraud and cyber-attacks are just a few examples of computer related

crimes that are committed on an extremely large scale every day (Gercke, 2006).

The more daily activities migrate from the physical space to the online and people’s

reliance on the Internet grows the potentiality for hacking, cyber attacks and other security

breaches by cyber criminals to increase rapidly. Recently, cybercrime has turned into a

growing threat to all

companies worldwide and there is a need to address the issue for the protection of the

company and their stakeholder. The effect of the breach on financial performance ultimately

reduced earnings

per share and overall market value of the affected companies

(Ernst and Young, 2013).As reflected by (Douala, 2012), that it is an everyday reality

growing in an unprecedented dimension in line with the technological progress and

advancement. In recent time , banks have been the most affected as they are targets of

various attacks such as Distributed Denial-of-Service attack (DDoS attack) , malware ,

ransomware e.t.c, but these days we don’t gel such reports again. It is clear that with a with

a DDoS attack, large amounts of data are sent to the servers of banks so that they are

inaccessible for users and customer for period of time until the banks are able to resolve the

issue ..

The media also has been more involved in the coverage of such cyber attacks and also

concerning the drawing of attention to such attacks. These days, most news media don’t

hesitate to roll out daily updates on how Cyber attacks, like DDoS attacks, phishing, hacking

incidents, and viruses target individuals, corporations and government site. These attacks are

classified by the news media most frequently as ’cybercrime’. It is not only has the media

adopted the term cybercrime, but also academia, law enforcement and governments as they

use it to refer to criminal activities committed online or on the internet space.

Financial institutions have become major targets for these criminals because of the

migrations of most operations of these organisations online as well as their customers

vulnerability to tactics been various tactics been devised by these criminals known as social

engineering that makes them susceptible to exploitation. The growing threat of cybercrime

requires all hands to be on deck in tackling this ugly menace and trend. People should be

more aware of their activities and take proper percussions, so that both employers and

employees are able to take appropriate measures to reduce the risk and impact of such

threats. This is not just a challenge for the ICT department or the Chief Information Officer
[CIO] alone to prevent but the organization. It is no news that Cybercrime can hamper the

continuity of any business processes and cause the organizations to suffer financial and

reputational harm (de Joode, 2011; Bhasin, 2007). In addition, it affects the core of the

organization, including all employees. Organisations along with employees must recognize

and assess the risks associated with the use of ICT, but also take proactive measures to

reduce such risks.

1.2. Statement of the Research Problem

There has been a global campaign against the growing threat of cyber-crime on Nigeria’s

financial institutions, which if not properly handled could lead to a lasting disaster to the

national economy. Since the introduction of electronic fraud, cybercrime has become a local

and international problem.

Most Banks and its customers have been targets of criminals who are always looking for

ways of stealing from them. They have devised various means and keep developing new

ways of stealing from unsuspecting individuals and corporations including banks.

This is great menace which if not dealt with or properly managed could cripple the

economy of the nation. Cybercrime has international dimension that does not require the

presence of the offender, an occurrence that requires little or no presence of the offender at

the location of the victim (in this case a target commercial bank), since there is no

international legal framework that could give a comprehensive investigation on the offences

committed, it can only be investigated with the transnational corporation among countries

involved. Economic recession in Nigeria has created a high rate of unemployment,

commercial banks are going bankrupt. Private and public enterprises embark on mass sack

of staff, places unreasonable age bracket for employable age, and employs mostly as ad-hoc

staff.

The increasing rate of poverty in Nigeria, insufficient basic amenities and epileptic power

supply adds to overhead cost for commercial banks without a corresponding deposit inflow

from business to the banks. This and other factors like (lack of national functional databases,
porous nature of the internet, corruption, lack of standards and national central control) are

responsible for the increased rate of cybercrime in the country.

Nigeria’s apex bank (CBN) embarked on a bank verification project with the intent of

registering all bank users within and outside the country and issue them unique numbers that

will reduce identity duplication , identification and also capture data of individuals using

these banks. It has always been open knowledge that Nigeria does not have a database of its

citizens and the BVN identification was a welcome step. But as time went on it was

discovered that most of the aims of the BVN was been defeated as cyber criminals also

deviced means of hacking into accounts using this same number and also ransom paid for

kidnapping in to the banks were never traced or recovered or the account holders identified

and arrested .It was reported that over NGN 203 billion has been lost to card frauds in the

last 14 years, and the figures though unverifiable are still increasing as most cases were not

reported or was left unrecorded.

The evolvement of Cybercrime can be traced to the advancement in information

technology and advancement in the use of the internet as it has afforded individuals new

opportunities to cuase harm without been noticed in the society . In Nigeria, cybercrime

issues are further compounded by the increase of broadband penetration and the availability

of internet which has seen an increase in online fraudulent activities. Broadband

penetrations and internet introduction has its benefits though, but the growing concern is the

lack of cyber or internet awareness by the most users makes them vulnerable to exploitation

by criminals online.

1.3. Research Questions

This research thesis is seeking for answers to the following questions

a. What types of cyber attacks are mostly experienced by Banks in Nigeria?

b. Are cyber attacks more prevalent in First Generation Banks New Generation ones?

c. How do Bank customers perceive cyber crimes in Nigeria?

1.4. Objectives of the Research

 This research has the objective of exposing relevant dangers or threats, challenges and

prospects of cybercrime and information security in the banking sector in Nigeria.

The study seeks to establish:

i. The challenges experienced by commercial banks in Nigeria in the area of information

and cyber security.

ii. Recognise the most prevalent of these cyber crimes.

iii. Proffer or advice on solutions or measures to curb cyber crimes. .

iv. Identify the factors responsible for the increase in cyber crime activities especially in

the banking sector of the economy.

1.5. Significance of the Study

It is clear that cybercrime cannot be easily and completely eliminated, but can be

minimized. This been sais , there should be collaborative efforts by individuals, corporate

organization , government and countries in the area of technical partnerships and capacity

building training which would go a long way in reducing the menace. Firms should secure

their networked information by updating their security infrastructure and getting

professionals that would manage their information security and data infrastructure.

The result from this study will go a long way in identifying the challenges and problems

along with prospects in the Nigerian banking sector and the impact of cyber crimes.

This research will be able to proffer solutions to curb incidents of cybercrimes within the

Nigeria Banking sector by;

1. Making suggestions to ensure laws on cyber crimes offences are formulated and strictly

adhered to as it is important that Nigeria as a nation take measures to ensure that the

procedural laws are adequate to meet the challenges posed by cybercrimes.

2. Proffer solutions for firms dependent on the internet for their daily transactions to make

their own information and computer systems secure.

3. Create awareness on the need for customers and users of the internet not to share sensitive

personal information over the net.

4. Also advice bank customers to ensure the use of the three step authentication protocol for

password security in order for their identity not to be stolen or compromised.

5. Sensitize parents on the need to monitor and possibly manage their children’s use of the

Internet in order to minimize cyber-crime cases e.g. ‘Yahoo Yahoo’

1.5. Scope And Delimitations Of The Study

This study will be limited only to four banks, customers (end users) of the banks, and other

threats that can negatively affect information security, like hacker attacks,

software/hardware errors or failures, forces of nature will also be considered.

An anticipated delimitation of this research will be inability or refusal of the banks to give

statistics of reported Cyber attack or information threat. The fear of losing their customers

will not allow them to give figures of successful attacks along with the nature of such

attacks and finally how much was involved in such breach.

1.6. Definition Of Terms

Distributed Denial-of-Service attack (DDoS attack): is a cybercrime in which the attacker

floods a server with internet traffic to prevent users from accessing connected online

services and sites

Cybercrime: is a criminal activity which is carried out with the help of a computer or a

communication device through a transmission media called the cyber space and global

network called the internet

Information Security: provides coverage for cryptography, mobile computing, social

media, as well as infrastructure and networks containing private, financial, and corporate

information.

Commercial Banks: these are monetary institutions which accept deposit from the general

public, give loans for the purpose of consumption and investment to make profit.
 References

Adebusuyi, A. (2008). The Internet and Emergence of Yahoo boys sub-Culture in Nigeria.

International Journal of Cyber-Criminology, 2(2), 368-381.

Ahmed, T. M. (2022). Cybercrime and Digital Forensic: The Binding Gap in Nigeria’s

Criminal Justice System.

Akers, R. L. (1998). Social Learning and Social Structure: A General Theory of Crime and

Deviance. Boston: North-eastern University Press.

Anderson, R., et al. (2012). Measuring the cost of cybercrime. In 11th Workshop on the

Economics of Archaic laws Threaten Global Information. Available at

www.mcconnellinformation.com.

Augustine C. Odinma, MIEEE (2010). Cybercrime & Cert: Issues & Probable Policies for

Nigeria. DBI Background Check International, “Information Technology/Cyber

Security Solutions”.

Brenner, S. (2001). Is there such a thing as virtual crime? California Criminal Law Review.

Retrieved from http://www.boalt.org/CCLR/v4/v4brenner.htm. Commemorating a

decade in existence of the International Journal of Cyber Criminology: A research

agenda to advance the scholarship of cybercrime.

CBN; Guidelines and Incentives on Consolidation in the Nigeria Banking Industry. Press

release -April 11, 2005 on Banking Sector Consolidation: Special Incentive to

Encourage Weaker Banks, 2005.

Cornish, D. B., & Clarke, R. V. (2003). Opportunities, precipitators and criminal decisions:

A reply to Wortley’s critique of situational crime prevention. Crime Prevention

Studies, 16, 41–96.

Cornish, D. B., & Clarke, R. V. (1987). Understanding crime displacement: An application

of rational choice theory. Criminology, 25, 933–948.

Cybercrimes and the Internet. In D. S. Wall (Ed.), Crime and the Internet, 1-17. New York:

Routledge.

Cyberspace. Stanford Law Review, 48.

E-Journal of Sociology, 3(1), 70-87.

Fellow, Nigerian Institute of Advanced Legal Studies. Retrieved from

http://nialsnigeria.org/pub/lauraani.pdf; From

http://www.strassmann.com/pubs/dod/cybersecurity-draft-v1.pdf.

Gabrosky, P. N., Smith, R. G., & Dempsey, G. (2001). Electronic Theft.

Gercke, M. (2006), The slow wake of a global approach against cybercrime. Computer Law

Review International, 2(2), 141.

Gillespie, A. A. (2016). Cybercrime: Key issues and debates. London: Routledge: Taylor

and Francis Group.

Grabosky, P. N. (2001). Virtual criminality: Old wine in new bottles? Social and Legal

Studies, 10, 243–249.

Hill, J. B., & Marion, N. E. (2016). Introduction to Cybercrime, Computer Crimes, Laws,

and Policing in the 21st Century.

Holt, T. J., & Bossler, A. M. (2016). Cybercrime in progress: Theory and prevention of

technology-enabled offenses. London: Routledge, Taylor and Francis Group.

International Journal of Cyber Criminology (June 2012). Retrieved from International

Journal of Cyber Criminology, 11(1), 1-9.

Meier J.D., Mackman A., Dunner M., Vasireddy S., Escamilla R. and Murukan A. (2006)

Improving Web Application Security: Threats & Countermeasures.

http://msdn2.microsoft.com/en-us/library, Accessed on 16/01/2010.