Regarded as one of the positive innovative interventions in the financial sector, the Point of Sales system has undoubtedly made banking easy and promoted financial inclusion, especially in rural areas. However, on the flip side, it has turned into a tool through which fraudsters swindle unsuspecting Nigerians. With little or no measures put in place to stem the tide by financial regulators and the police, DAMILOLA OLUFEMI writes that many people are likely to be left high and dry.

In September, Med Pepple, a Twitter user, took to the microblogging platform and tweeted, how her younger brother was repeatedly fleeced of his savings at different Point of Sales centres in Port Harcourt, Rivers State.

According to the thread, her brother, an undergraduate in one of the tertiary institutions in the state, had lost money thrice to fraudsters after using POS machines at different locations.

“It is no news that fraudsters set up POS outlets, copy customers’ pins and clear their accounts. This is the third time he has been defrauded. The bank Automated Teller Machines in his school are always out of cash,” an obviously angry Pepple tweeted.

 
Èdè Wa Ni: Ẹ Pàdé Olorì Sports Tó Ń Fi Ẹ̀fẹ̀ Ṣ'àtúpalẹ̀ Eré Ìdárayá Lédè Yorùbá
 
0:19 / 1:01
 
 
 
 
 
keep watching
 

When PUNCH Investigations reached out to her via her Twitter handle to shed light on the incidents, she refused to divulge her brother’s details, citing security reasons.

She, however, obliged our correspondent with skeletal details of her brother’s experiences.

Pepple said the day of her tweet coincided with his birthday and that she sent him money as a gift.

She noted that as soon as her brother got the money, he went to a POS outlet to make a withdrawal.

“Shockingly, when his debit card was slotted into the POS machine, the operator told him that his bank account was empty. My brother was furious and immediately sent a message to the family WhatsApp group to inform them about the development. He felt like dying. They took all his money,” she lamented.

Recalling his other two experiences, Pepple said the sad events happened in April during the Easter celebration and in September.

She explained that in April, he got a debit alert on his phone for an unauthorised transaction which was later traced to a particular POS centre.

Pepple said despite getting a new debit card from the bank, her brother was again defrauded in September.

“It all happened in Port Harcourt. That experience triggered the tweet because I kept hearing about similar incidents from friends here,” she said with exasperation.

Miffed by her brother’s ugly experiences, Pepple blamed the rise in POS fraud on negligence on the part of financial institutions and called for urgent action to nip the trend in the bud.

“I know how hard I worked to save the money sent to him, only for someone to just take it just like that. Someone has to fix this before it affects everyone. The fact that the banks are not doing anything about it also triggered the tweet. The main issue here is about regulators not scrutinising POS operators,” she added.

Enter an easy payment system

Although the invention of the POS system dates back to the 1800s, the Central Bank of Nigeria officially introduced it to the Nigerian banking sector in 2012.

It was launched as part of the apex bank’s much-touted cashless policy.

One of the reasons cited by the CBN for introducing the new policy was that it would reduce the amount of physical cash in circulation and encourage more electronic-based transactions.

The policy specified penal charges for individuals and corporate organisations that withdraw or lodge cash above the prescribed limits of N500, 000, per day and N3m for corporate accounts.

The CBN, in a notice published on its website in 2012, further stated that the policy will drive development and modernise the payment system in line with Nigeria’s vision of being amongst the top 20 economies by 2020.

“An efficient and modern payment system is positively correlated with economic development and is a key enabler for economic growth. To reduce the cost of banking services (including the cost of credit) and drive financial inclusion by providing more efficient transaction options and greater reach,” it stated.

POS transaction

The POS system involves the use of a machine, which is a mini hardware computer that accepts both credit and debit cards to carry out financial transactions like transfers, withdrawals, airtime recharge and payment of utility bills.

This mode of payment is preferred because it does not require a customer’s presence in the banking hall and helps to facilitate transactions in rural areas where banking services are not available.

In a 2021 report published by Enhancing Financial Innovation and Access, an organisation that promotes financial inclusion, it was revealed that 38 million Nigerian adults lack basic banking services.

“EFInA data shows that only 64 per cent of Nigerian adults were financially included by the end of 2020. This means that 36 per cent of Nigerian adults, or 38 million adults, remain completely financially excluded,” the report read.

A booming business

As the POS system gained prominence, its popularity peaked during the COVID-19 lockdown in 2020, due to health and safety concerns.

Succinctly put, the pandemic sparked a digital frenzy in Nigeria, as it led to the closure of public facilities, including banks, forcing people to embrace electronic payment systems – mobile banking and POS.

According to data from the Nigeria Inter-Bank Settlement System Plc portal, published by PUNCH in May 2022, Nigerians made use of POS terminals 178.9 million times in two months.

It was noted that the figure indicated a 25.59 per cent increase from the 142.51 million times it was used in the corresponding period of 2021.

Breaking it down further, the NIBSS report stated that POS terminals were used 3.03 million times daily to process payments in the first two months of 2022, as the use of cheques dropped to a six-year low.

The data further showed that the total value of these transactions was N1.15tn, a 19.76 per cent increase from the N958.14bn worth of transactions processed in the corresponding period of 2021.

According to the NIBSS, there are 986,252 registered POS units in Nigeria, while 955,234 units were deployed and in use.

In its ‘Instant Payments – 2020 Annual Statistics’, the NIBSS revealed that the COVID-19 pandemic changed the e-payments landscape and accelerated the adoption of instant payments as more people transitioned to electronic channels for funds exchange in the wake of government lockdown.

NIBSS, as part of its function, provides the infrastructure for automated processing, settlement of payments and fund transfer instructions between banks, discount houses and card companies in Nigeria.

Meanwhile, it is owned by the CBN and all licensed Deposit Money Banks in Nigeria.

According to Statista, an online portal that provides data on the global digital economy and trends, the number of POS terminals in Nigeria from 2017 to 2022 is over 1.1 million.

An infographic showing the progression of POS terminals in Nigeria from 2017 to 2022. Credit: Statista.

The data highlighted why it is hard to walk through a street in Nigeria without seeing a POS centre.

Experts have described the POS business as very lucrative and revealed that an outlet sited in a good location has the propensity to attract an average of 30 to 50 customers per day.

It was noted that such outlets can generate a minimum of N5, 000, profit daily.

Infiltration by fraudsters

Ironically, amid the growing patronage of POS terminals arose the monstrous challenge of fraudsters infiltrating the system to defraud customers who use their cards for transactions.

CBN, in its Financial Stability Report of 2018, revealed that POS, ATMs and Mobile Money, are the worst culprits when it comes to e-payment crime in Nigeria.

It noted that ATMs had the biggest fraud cases with 34.87 per cent, followed by Mobile Money at 28.21 per cent, while POS has 19.55 per cent.

According to a report by Forbes, the rise in cashless POS transactions is not lost on hackers, scammers and cyber-criminals because technologies like near-field communication and radio-frequency identification that are typically used in cashless POS payments are still vulnerable to data theft.

The report projected that POS fraud would become more prevalent in the post-COVID-19 cashless era.

 How POS theft is perpetrated

Based on PUNCH Investigations’ findings, the most common means through which POS fraud is perfected is after a transaction.

A customer’s details, such as card number, Card Verification Value number, expiration date and passwords are clandestinely copied or memorised by a fraudulent POS operator.

Usually, hours or days after, the operator-cum-fraudster would use the details to facilitate electronic transfers from the victim’s bank through the POS terminal or via an online banking application.

What then plays out is that the victim starts getting unauthorised debit alerts, which if escalated (reported) to the bank, are not easily resolved, as the victim’s bank and that of the fraudster will endlessly trade blame.

This has been the experience of those that spoke with our correspondent.

Another method is for the operator to use the victim’s card details to divert money into a betting account.

Tracking such transactions, our correspondent learnt from bank officials that spoke under the condition of anonymity, can be problematic as the operations of betting companies differ and they mostly withhold their customers’ details.

However, it was gathered that in rare cases where details of fraudsters are obtained, the bank will give them to the affected customers and refer them to report to the police for proper investigation.

PUNCH Investigations learnt that once this happens, most victims would simply back out and allow the matter to die a natural death.

Cards vulnerability

Shedding more light on POS-related fraud, Forbes, noted that when a customer uses a smartphone or any other contactless payment method, credit card numbers are left vulnerable unless they are properly encrypted.

“More specifically, it’s the firmware in the POS terminal that hackers target to steal credit card and other payment data. The problem is, many merchants fail to utilise point-to-point encryption solutions to safeguard POS data. Without P2PE, it’s impossible to guarantee that payment data remains secure from the customer’s smartphone all the way to its destination in backend payment processing systems.

“Unfortunately, many merchants rely solely on transmission-level encryption for POS transactions, encrypting card data only when it moves from the POS terminal to the payment processor. This increases the attack surface for hackers, introducing additional risk to businesses in a time of crisis,” Forbes stated.

It advised merchants to also consider a POS ‘lockdown’ strategy, using technology that whitelists authorised processors. “If any systems or software comes in contact with the POS that’s not whitelisted, the system automatically shuts off and locks down completely until the issue is resolved, preventing any fraudulent transactions from being processed,” it added.

Whitelist, according to TechTarget, an online tech portal, is a cybersecurity strategy that approves a list of email addresses, IP addresses, domain names or applications, while denying all others.

Unforgettable memory

Aside from the experience of Pepple’s brother, the country is replete with ugly stories of theft perpetrated via POS terminals.

Among those with ugly memories is that of Kayode Michael, a Lagos-based fashion designer, who until his account was wiped clean in 2020, was fixated on the use of POS terminals for financial transactions.

Michael, who revealed that the incident took place before the COVID-19 pandemic broke out, said he went to a POS outlet to withdraw N15,000, with which to procure food items for his family and clothing materials for a customer.

When it got to his turn, as he met quite a handful of customers, he handed his ATM card to the POS operator and was told to input his password.

“I remember that something strange happened,” he recalled.

“I was still inputting my password when I got a debit alert and an approved receipt. My mind was not there while entering the password because I was in a hurry but I was not suspecting anything since I was given the N15, 000.”

Michael said a few days later, he received a debit alert of N10,000 for a  transaction he did not initiate and immediately suspected that the withdrawal must have been carried out from the POS outlet.

Luckily, he was able to transfer what was left in his account into that of his wife to forestall further deductions.

“It was not possible for me to visit the area where the POS terminal was located due to distance and traffic. I live in Agege while the centre was in Badagry,” he added.

While describing his experience as unforgettable, Michael implored the government and security agencies to carry out regular background checks on POS operators to prevent the business from being infiltrated by unscrupulous elements.

Salary vanished into thin air

Mariam Bala, a secondary school teacher in Kaduna State is still dazed after N80, 000 was stolen from her savings account in 2021, shortly after she withdrew N20, 000 from a POS outlet.

She recalled using a POS machine manned by an unfamiliar face in Down Quarters in an area known as Kakuri, noting that before she could return there, the man had fled.

Bala, who sounded dejected, regretted her decision to patronise the unfamiliar POS operator on that fateful day.

“Some people, rather than sympathise with me, made disparaging comments about my ordeal. Some women said the incident would serve as a lesson to me not to patronise just any POS operator,” the distraught teacher said.

Like many others, Bala went to lodge a complaint at the bank but was told to stop using the debit card and issued a new one.

When asked about the bank’s efforts to identify or track the fraudster, she said, “They promised to track the person involved but they have not told me anything. I have accepted my fate,” the teacher said forlornly.

Defrauded via a betting site

Similarly, a young lady presently undergoing the mandatory National Youth Service Corps programme in Ikirun, a remote community in Osun State, was also served the same unpalatable dish.

Speaking under the condition of anonymity (as the NYSC rule forbids members from granting press interviews), she revealed that her N60, 000, was fraudulently withdrawn hours after she used a POS terminal.

She told our correspondent that the unavailability of banks or ATM centres in the community made the use of POS as the only available option.

The corps member said it happened when she got a three-month contract job in May and was being paid N60, 000, monthly.

According to her, on July 28, she got an alert notification but was shocked when within five minutes she received yet another one indicating that the money had been transferred into a betting site account.

She said, “I have been using POS pay points since I came to this town. I don’t even know at what point I was careless. All my salary was withdrawn,” she lamented.

The angry lady claimed she lodged a complaint at her bank but was told that the only way the fraud could have been perpetrated was if they (fraudsters) had access to her card details.

She said, “I told them that my card was with me all the while and was never stolen. I also made them to know that I don’t use bank online services or apps.

“I was told that the fraudster downloaded a banking app, used my details to create an account, logged in and carried out the transaction.”

The corps member said during a visit to another of the bank’s branches in Osogbo, the state capital, she learnt that the money was allegedly moved from the betting account to that of a commercial bank but that the bank claimed there was nothing suspicious about the transaction.

When asked if the matter was reported to the police, she said it was not, adding, “I was frustrated and gave up. I haven’t reported and won’t do that. Once I do, I am expected to go through another round of stress and spend more money to recover the stolen money.”

POS owners are also victims

PUNCH Investigations learnt that while customers are usually at the receiving end of fraudulent activities, POS operators are not spared the terrible ordeal.

Recounting his experience, Ismael Uthman, an Osun-based POS operator, said he lost N30,000 to a customer-cum-fraudster.

Uthman, who is also a journalist, said he ventured into the business in 2021 to augment his income.

Sharing his experience with PUNCH Investigations, Uthman said his employee in Owode-Ede, Osun State, was actually the one scammed.

He narrated that the fraudster went to his female employee to withdraw the sum of N70, 000 but that the transaction failed several times.

He said the fraudster pretended to have an emergency, and appealed to his employee to give him N30,000 in exchange for his phone and promised to come back but never did.

After losing N540,000 to POS fraudsters, Uthman, now depend on his monthly salary and proceeds from media engagements for survival

Uthman said he was called by his hysterical staff at about 7:30 pm and told him about the development.

Sadly, it was discovered that the phone left as collateral was not functioning.

“The lady did not suspect that the phone was faulty. He just deceived her, collected N30, 000 and went away. She did not know the person,” Uthman said.

‘I lost over N540, 000 to fraudsters too’

Uthman told our correspondent that cumulatively, he had lost over N540,000 to fraudsters disguised as customers and was forced to disengage his employees and reduce his POS terminals from three to one.

He said surviving the ordeal has been the grace of God, noting that he now depends on his salary and stipends made from media engagements.

Aided, abetted by machine types

Damilola, a POS operator in Oke-Afa, Isolo, a Lagos suburb, told our correspondent that he was yet to fathom how he lost money in one of his accounts in one fell swoop.

He, however, noted that many of his customers have lost money after carrying out transactions with random POS operators.

Damilola, who is also a structural engineer, attributed the trend to get-rich-quick syndrome and the need for survival among Nigerians due to the present harsh economic realities.

He revealed that POS fraud is easily perpetrated with the use of android POS machines, noting that transactions on them are hard to trace and can easily be manipulated

“In as much as it is easy to input figures because of its touch screen functions, they are red flags.  Android POS will leave no footprint with which they can be traced,’’ he said.

Emboldened by dual SIM card use

Damilola said the experience had shown that it is difficult to track a fraudulent transaction carried out by a POS operator that uses two SIM cards.

He explained that a POS machine can use a registered SIM card different from the one attached to the account where the operator receives bank alerts for transactions.

“The second SIM card can be unregistered, thus making it untraceable. If one SIM card is used to perpetrate the act, the fraudster can be apprehended,” he added.

Helpless POS issuers

Uthman, the journalist told our correspondent that many POS operators prefer to obtain their machines from fintech companies, noting that it is more effective when compared to the ones issued by traditional banks.

He, however, lamented that should fraud occur, both issuers practically appear helpless.

Uthman said, “Traditional banks’ POS terminals are not always effective. If you visit 80 per cent of POS operators, you will see more of those from fintech companies. Banks do other things aside from managing POS businesses. So, they don’t really concentrate on it.

 “There is nothing both of them can do when fraud occurs. They won’t tolerate you coming to report the loss. There is no official agreement that is binding, which makes them liable when fraud occurs.”

Commercial banks and mortgage banks are examples of traditional banks, and they are characterised by physical locations where customers can easily visit to access financial services.

Meanwhile, fintech companies are noted to use modern technology to make traditional financial methods easy and efficient. They combine traditional banking foundations with technological innovations. Though they have a sprinkle of offices, they do not have banking halls.

POS frauds fuelled by alleged poor CBN regulation

When the CBN introduced POS in 2012, it put in place a guideline to safeguard both the interests of customers and operators.

One of the provisions in the guideline stated that a vendor must provide a valid certificate, show compliance with standards, and regularly review the status of all its terminals, to ensure they are compliant.

CBN mandates vendors to provide valid certificates and to comply with set guidelines

It stated, “To ensure proper effectiveness of POS operations, support and maintenance, the Payments Terminal Service Providers, PTSPs, licensed only by the CBN deploy, maintain and provide support for POS terminals in Nigeria. The criteria for PTSPs are spelt out by CBN, and the performance of licensed PTSPs shall be reviewed yearly to monitor if they meet defined performance targets set by the apex bank.

“However, licences of PTSPs that fail to meet performance expectations can be withdrawn and fresh licences issued to qualifying financial institutions.”

PUNCH Investigations, however, noted that the CBN oversight function has not in any way reduced POS frauds.

In March, a member of the House of Representatives, Jimoh Olajide, implored the CBN to tighten its rules and penalties on POS operations in Nigeria.

He expressed concern that POS operators are not only licensed by commercial banks, but also by private companies, who are also giving out POS for business purposes, thus making the venture to be very porous and easily infiltrated.

“The House is concerned that presently, no financial regulatory bodies in Nigeria can precisely ascertain the total number of POS machines and their operators in the country.

“The House is worried that some of the POS operators fraudulently charge exorbitant amounts of money from the customers’ bank accounts, while some retain vital information from customers’ ATM cards in the course of making the financial transactions,” Olajide said.

Expert calls for more awareness on POS use

A cybercrime expert, Rotimi Onadipe, said there was a need for the government and security agencies to sensitise POS customers on the safe use of their cards and how to prevent them from falling victim to fraudsters.

Onadipe said, “Not much awareness has been created to sensitise those that patronise POS operators about the inherent dangers. Relevant government and law enforcement agencies have not really done much. There are so many people who have not been enlightened on how to protect themselves.’’

Rotimi Onadipe decries inadequate education and awareness on the use of POS machines 

He advised POS merchants to adopt a system through which the identity of a customer is documented and pictures discreetly captured by a camera.

“Government and law enforcement agencies should enforce it. With this, he added that if anything happens at the end of the day, the person can be tracked.

He further implored banks to be more proactive to customers’ complaints regarding fraudulent acts, rather than delay and in the process, have fraudsters destroy evidence that can be used against them.

He also urged individuals to block their accounts immediately if they suspect any fraudulent activity, as it would halt further losses.

Money lost forever

A male bank official, who spoke under the condition of anonymity, told our correspondents that there is no guarantee that victims of POS fraud will get their money back.

He, however, advised people to immediately contact their banks if they suspect fraudulent activities on their accounts so that the account can be blocked

“The bank would investigate thoroughly to determine the card used and the name attached to it and to get more details,” he added.

He urged POS operators and users to be vigilant and discreet with their details as scammers will always invent new tactics every day.

We’ve taken steps to tackle POS fraud — AMMBAN

The National President, the Association of Mobile Money and Banking Agents in Nigeria, Victor Olojo, said fraud cases are among the serious issues they face due to the indiscriminate allocation of POS terminals by issuers.

AMMBAN President, Victor Olojo says he is saddened by the spate of POS frauds recorded daily.

 “It has become a serious abuse in the industry. We are trying to ensure that POS agents are accredited so that customers don’t fall into the hands of fraudsters. We have written to the Lagos State government to immediately address the issue. The association is collaborating with the state government, CBN, Association of Licensed Mobile Operators, and all other relevant stakeholders to ensure sanity is brought into the system,” he said.

Protect your transaction details — PSFU

The spokesman of the Police Special Fraud Unit in Lagos, Eyitayo Johnson, said a series of POS fraud cases have been investigated by the unit.

He also said the unit maintains a cordial relationship with banks to ensure proper sensitisation on the need to maintain an up-to-date and know-your-customer strategy with POS operators.

“The bank is expected to inform POS users of the need to be security-conscious. The limit of individual withdrawal per day must not be exceeded,” Johnson noted.

Asked why banks often do not follow up on customers’ complaints after giving out details of a fraudster, Johnson said banks will not take responsibility for fraudulent transactions carried out on an account that is not due to their fault.

He noted that it is the responsibility of the individual whose account was defrauded.

“If your account is compromised due to your negligence, or if you compromise your ATM card details, banking app, pin, or lost your phone, the bank will not be responsible.

“But if all these didn’t happen and fraudsters have access to your account, the bank will take it up. Usually, banks’ legal sections send complaints to PSFU and we follow up to the latter,” he explained

Johnson, however, advised POS users to be mindful of the type of machines they use.

“Guard your pin. Look at the POS machine very well and be sure that no device is attached or plugged in that will enable your card to be cloned,’’ he advised.

Police react

The Force Public Relations Officer, Muyiwa Adejobi, said POS-related fraud is not a case the police can conclude without carrying out a thorough investigation.

He said, “It has to be established that something went wrong. If the bank can’t attend to the matter and can’t trace the money, then the victim can involve the police for a detailed investigation.”

Olumuyiwa Adejobi
Nigeria Police Force Public Relations Officer, Muyiwa Adejobi

Adejobi confirmed that several POS fraud-related arrests have been made and warned customers to always make use of ATM machines attached to banks.

“If you are not sure of the POS operator, it is better not to use the machine, especially those that don’t have permanent shops. Patronise those you know and that have shops, so that if there is any problem, they can be easily traced. Don’t expose your pin or identity to fraudsters.” he warned.

CBN mute

All efforts made to get the reaction of the CBN, especially to speak on plans to further tighten regulations on POS operation and monitor compliance to guidelines by merchants, proved abortive.

As of the time of filling this report, the CBN spokesperson, Osita Nwanisobi, had yet to respond to calls and text messages sent to his mobile.