The Point of Sale (PoS) system, which is supposed to serve as a faster, safer and more efficient means of financial transactions for businesses, is increasingly becoming a nightmare for many Nigerians. This is largely due to its misuse by criminals to carry out illicit activities.
The rise and widespread adoption of PoS systems have also led to a surge in other crimes, including kidnapping and “One Chance”, as the convenience of these transactions makes it easier for criminals to operate without being easily traced.
PoS fraud usually happens when criminals exploit loop holes in the electronic payment systems used by businesses and consumers. This can involve card skimming, phishing schemes, data theft or even direct theft of funds through compromised terminals. With Nigeria’s rapidly expanding financial technology sector and the growing adoption of digital payments, the country has become a prime target for these fraudulent schemes.
The statistics paint a stark picture. Reports indicate a sharp increase in PoS fraud cases over the past few years. According to data from the Nigerian Cybercrime Unit, there was a 40% rise in reported POS fraud incidents between 2022 and 2023.
Similarly, recent reports by the Financial Institutions Training Centre (FITC), on Fraud and Forgeries in Nigerian Banks showed that PoS transactions experienced the highest increase in fraudulent activities in the first quarter of 2024. According to the report, PoS fraud cases swelled by 31.12% with over 3,518 reported cases.
Many of these cases involve sophisticated tactics that are difficult for the average consumer to detect until significant financial damage has already been done.
Helen Nnamani, a POS operator in Abuja, recounted how she lost a huge sum earlier in the year when her POS terminal was compromised, leading to unauthorised transactions that drained her business account.
She lamented that despite her efforts to contact her bank and the POS provider, the process of recovering her lost funds has been slow and fraught with frustration.
“I trusted the system, but now I feel betrayed. The bank says it is not their fault, and the POS company is unresponsive. My business is suffering because of the fraud,” she said.
Also, Samuel Adewale, a university student, had his card skimmed during a POS withdrawal at a market in Lagos. His bank account was nearly emptied before he could block it, and although he reported the incident immediately, the recovery process has been anything but swift.
“I went to the market on that very day in March and after purchasing everything I needed, I realised that the cash I had on me would not be enough to get me home. So, I decided to make a quick withdrawal from a random POS operator nearby.
“About thirty minutes after I left the market and was on my way home, I started receiving debit alerts for withdrawals I had not made. I tried to block my account, but the network was very poor.
“By the time I was finally able to block it, they had successfully withdrawn N150,000 from my bank account. I immediately returned to the market and searched everywhere, but I couldn’t find the POS operator.
“I reported to the bank but the recovery process has been very slow and bleak. I had to take a loan just to cover my immediate expenses while waiting for the bank to sort things out,” Samuel narrated.
To address this troubling trend, the Corporate Affairs Commission (CAC) has recently mandated that POS agents from major fintech companies in Nigeria, including OPay, Palmpay and Moniepoint, register their businesses by July 7, 2024.
The deadline has since been extended by an additional 60 days, giving operators until September 5, 2024, to comply.
According to the CAC, the registration initiative is designed to protect the interests of fintech businesses and their customers, while also bolstering the economy.
To further strengthen the war against the escalating problem of POS fraud, several experts have proposed a multi-faceted approach.
Zainab Abu, Head of Merchant Business at Nigerian Fintech Hydrogen, affirmed the widespread occurrence of POS fraud in Nigeria and noted that most POS terminals in the country use Europay, Mastercard and Visa (EMV) chip cards instead of magnetic stripe cards, that make it harder to compromise card details. She suggested employing tamper-proof terminals that automatically erase data if tampering is detected.
The FinTech expert also recommended geofencing PoS terminals, which she explained, is a cybersecurity feature that sets virtual boundaries for devices.
Abu said if a device with this software feature leaves the environment it has been tagged to, a trigger is set off, alerting relevant parties. She noted, however, that this will require certain businesses to make adjustments to their business models or processes.
She further said that geofencing would help relevant authorities identify the specific regions or terminals responsible for PoS frauds, but pointed out that this technique is limited to only some sectors as it can not be applied to other areas that require mobility.
She noted that the strategy would be useless without adequate and responsive enforcement protocols.
“If you look at businesses in the transportation or logistics sector, this could have a negative impact because, from day one, you are not able to tell where your devices will end up. It would adversely affect their business models because people that want to pay on delivery are no longer able to pay because the POS has most likely left its geo-fenced location,” she added.
Abu also welcomed the recertification of PoS terminals, which she said will ensure the harmonisation of standards for all stakeholders.
“From a merchant perspective, it would ensure that merchants have quality devices, and that would in turn ensure that the customer experience is a good one because there might have been instances where terminals find their way into circulation without having the proper certification done,” she said.
But, she stated that with over 1.8 million POS terminals in the country, completing the proposed six-month recertification process might be challenging. However, she added that the Central Bank of Nigeria (CBN) could achieve it if the necessary arrangements are made.
Financial consultant, Michael Nduka, highlighted the importance of consumer awareness. “Consumers need to be educated about the risks and signs of fraud. Simple measures, like regularly monitoring bank statements and using secure networks, can make a significant difference,” he said.
According to Chuka Nwosu, a technology policy analyst, collaboration between banks, POS providers, and regulatory bodies is crucial. According to him, “we need a unified approach to address the vulnerabilities in the payment system. This includes sharing information about threats and coordinating responses.”
Legal expert, Idris Amoo, advocates for more stringent regulations and enforcement, saying: “The regulatory bodies should ensure that POS providers adhere to strict security standards and hold them accountable for breaches.”
Former National President of the Association of Mobile Money and Bank Agents of Nigeria (AMMBAN), Olojo Victor, stated that illegal POS agents have infiltrated the system and the association is working diligently to identify and remove these problematic actors.
Olojo said that there have been customer complaints about fraud occurring at agents’ points, with many incidents involving cardless withdrawals using pay codes.
A pay code is a 10 to 14-digit number used for withdrawing cash from an ATM or making payments at a paycode-enabled POS terminal. It is generated through a bank’s Unstructured Supplementary Service Data (USSD) code or mobile app.
Olojo explained: “A number of factors are involved in PoS fraud with agents. First, it depends on what kind of withdrawal was made with the PoS agent.
“There are also cases of people stealing SIM cards and using bank short codes to withdraw customers’ funds. That is possible.”
He confirmed that, in cases of compromise, there is a possibility that agents could gain access to customers’ bank details.
“The possibility is just a case of compromise. It is either the customer has told the agent her personal PIN number or there is a compromise in terms of the details of the card.
“For instance, if a customer gives out to the agent those numbers written in the front of the card and the details at the back of the card, when a customer goes, the customer can do a transaction online using those details.
“We always advise customers not to divulge their bank details to anyone. When you carry out agent transactions ensure that you do not reveal your PIN to him. Do not drop your ATM card with him.
“Also ensure that your SIM card is not compromised because these days many SIM cards are tied to bank accounts. Fraudsters can easily load cards or make withdrawals from your bank account through SIM cards,” he warned.
By Adanna Nnamani, The Sun