ICT Security Expert, Ujam, Addresses Key Cybersecurity Challenges for Fintechs
Dr Chukwuemeka Ujam
By Vanessa Obioha
Given the frequency of financial fraud in the country, a former deputy chair of telecommunications in the House of Representatives, Dr Chukwuemeka Ujam during a panel session at the recently held Vanguard/Economic Forum Series’ Fintech: Cybersecurity and Fraud Summit, spoke on ways to curb the menace.
According to him, human beings remain the weakest link in every chain. “Somebody has gained access to something that you know about, and is trying to convince you that he or she is genuine and because we’re humans, I don’t believe that we should be blamed,” he said.
Ujam argued that if someone’s phone is taken and money withdrawn within minutes, it’s not that person’s fault that the theft occurred.
“Now, many institutions just want to hit back and lay blame on the customer and that’s not fair. There are laws, but how many of these laws have been adequately tested in the law courts? Judges are slightly a weak link in the chain because they don’t understand technology. What we should realise, is that there’s always a willing participant in the fraud ecosystem. When you receive a call from a number you don’t know, asking you to send a number that just came into your Whatsapp, we may laugh about this but they still find so many victims, and that’s why they’re still successful. There are still so many gullible individuals out there.”
He further stated that if one is observant enough, one can identify the signs during communication between two devices, e-mail phishing or man-in-the-middle attack.
“There are always tell-tale signs to look out for. When an image or address is created, it is ‘easy’ to tell if it is fake. Also remember that if it is good to be true, it is definitely false. There usually is an encryption channel when dealing with financial services like tokenization and so on, to secure conversations and transactions. When making a payment, ensure it is an HTTPS address, and hover around email addresses to ensure it is what you should be expecting. It can present as me but behind, you would see it is something else, so check that everything matches to prevent being a victim.”
Narrowing financial fraud to the fintech space, the ICT security expert said that financial technology companies do not have the financial backbone and infrastructure to compete with well-established financial institutions.
“Who regulates the Fintech industry? The Central Bank of Nigeria? NITDA? Everyone is coming up with their policies, no synergy whatsoever. Operators are being hit everywhere and sadly, the government just thinks, ‘let’s just make money off these people.’ They see technology is thriving and instead of helping, they find a way of taxing everyone and making sure they don’t succeed.
“I think we’re getting it wrong with this approach; we should develop places where people can come and test their technology or anti-fraud project and so on; because what happens is, we are by and large, more reactionary. The thief has come into the premises, and then we start crying. Why don’t we prevent the thief from coming in? Thieves are always a step ahead of all of us. Abroad, if you’re caught as a hacker, the security services take you in and utilize your skills; we should do the same here. We should harness that skill-set; keep them in places where they can churn out ideas and technology to be ahead of hackers and fraudsters.”
While Artificial Intelligence (AI) is garnering all the hype, Ujam approaches it with a caveat. “AI can flag irregular transactions but the issue is, what did you feed into the system to address that irregularity? When we’re all jumping on the AI bandwagon, we need to be sure that the information fed into the repository is accurate. We need to be sure that the phenomenon of garbage-in garbage-out does not occur within the AI ecosystem. To what length have we gone to make sure that the machine that we’re relying on is being fed with accurate data?”
However, he applauded the Nigerian Fintech/tech ecosystem, as they are ahead of some advanced countries
“Within the telecoms sector, gone are the days where telecom company A would build a mast, telecom company B would build theirs and so on. Now there is collocation and using this same analogy, it should exist within this ecosystem where there is a collocation of ideas, testing and so on. There should be a platform where anonymously, people can report fraud activities. This is the surest way people can propagate the knowledge that this kind of thing happens. People can shield their company names, detailing their experiences so that others can learn from them. We need to encourage this and this is the surest way to move forward.”
The panel session also had the CTO, PalmPay, Mayowa Adeosun; Chief Risk Officer, eTranzact International Plc., Edward Onyenweaku and moderated by CEO, Billsbox, Dr Monday Ashibogwu.
ICT Security Expert Addresses Key Cyber Security Challenges for Fintechs
By Vanessa Obioha
Given the frequency of financial fraud in the country, a former deputy chair of telecommunications in the House of Representatives, Dr Chukwuemeka Ujam during a panel session at the recently held Vanguard/Economic Forum Series’ Fintech: Cybersecurity and Fraud Summit, spoke on ways to curb the menace.
According to him, human beings remain the weakest link in every chain. “Somebody has gained access to something that you know about, and is trying to convince you that he or she is genuine and because we’re humans, I don’t believe that we should be blamed,” he said.
Ujam argued that if someone’s phone is taken and money withdrawn within minutes, it’s not that person’s fault that the theft occurred.
“Now, many institutions just want to hit back and lay blame on the customer and that’s not fair. There are laws, but how many of these laws have been adequately tested in the law courts? Judges are slightly a weak link in the chain because they don’t understand technology. What we should realise, is that there’s always a willing participant in the fraud ecosystem. When you receive a call from a number you don’t know, asking you to send a number that just came into your Whatsapp, we may laugh about this but they still find so many victims, and that’s why they’re still successful. There are still so many gullible individuals out there.”
He further stated that if one is observant enough, one can identify the signs during communication between two devices, e-mail phishing or man-in-the-middle attack.
“There are always tell-tale signs to look out for. When an image or address is created, it is ‘easy’ to tell if it is fake. Also remember that if it is good to be true, it is definitely false. There usually is an encryption channel when dealing with financial services like tokenization and so on, to secure conversations and transactions. When making a payment, ensure it is an HTTPS address, and hover around email addresses to ensure it is what you should be expecting. It can present as me but behind, you would see it is something else, so check that everything matches to prevent being a victim.”
Narrowing financial fraud to the fintech space, the ICT security expert said that financial technology companies do not have the financial backbone and infrastructure to compete with well-established financial institutions.
“Who regulates the Fintech industry? The Central Bank of Nigeria? NITDA? Everyone is coming up with their policies, no synergy whatsoever. Operators are being hit everywhere and sadly, the government just thinks, ‘let’s just make money off these people.’ They see technology is thriving and instead of helping, they find a way of taxing everyone and making sure they don’t succeed.
“I think we’re getting it wrong with this approach; we should develop places where people can come and test their technology or anti-fraud project and so on; because what happens is, we are by and large, more reactionary. The thief has come into the premises, and then we start crying. Why don’t we prevent the thief from coming in? Thieves are always a step ahead of all of us. Abroad, if you’re caught as a hacker, the security services take you in and utilize your skills; we should do the same here. We should harness that skill-set; keep them in places where they can churn out ideas and technology to be ahead of hackers and fraudsters.”
While Artificial Intelligence (AI) is garnering all the hype, Ujam approaches it with a caveat. “AI can flag irregular transactions but the issue is, what did you feed into the system to address that irregularity? When we’re all jumping on the AI bandwagon, we need to be sure that the information fed into the repository is accurate. We need to be sure that the phenomenon of garbage-in garbage-out does not occur within the AI ecosystem. To what length have we gone to make sure that the machine that we’re relying on is being fed with accurate data?”
However, he applauded the Nigerian Fintech/tech ecosystem, as they are ahead of some advanced countries
“Within the telecoms sector, gone are the days where telecom company A would build a mast, telecom company B would build theirs and so on. Now there is collocation and using this same analogy, it should exist within this ecosystem where there is a collocation of ideas, testing and so on. There should be a platform where anonymously, people can report fraud activities. This is the surest way people can propagate the knowledge that this kind of thing happens. People can shield their company names, detailing their experiences so that others can learn from them. We need to encourage this and this is the surest way to move forward.”
The panel session also had the CTO, PalmPay, Mayowa Adeosun; Chief Risk Officer, eTranzact International Plc., Edward Onyenweaku and moderated by CEO, Billsbox, Dr Monday Ashibogwu.
