…N250bn lost annually

By Chinenye Anuforo

At a time when the federal government is pushing for deeper financial inclusion as a fulcrum for engendering economic growth, many Nigerians are being pushed out of the banking system by scammers who prey on them.

Accounts are being wiped out in minutes as SIM cards and telecommunication devices get instantly compromised after being stolen.

Before now, losing a phone in Nigeria was just limited to the pain of replacing it and perhaps the trauma of losing treasured contacts, documents or photos.

Today, it is much more than that.

With electronic banking gaining ground, banking halls are now compressed into a phone to enable depositors to transact businesses whenever and wherever they like.

But the virtual banking space is littered with cyber criminals constantly lurking around in ambush for victims of lost devices.

The scenario has amplified calls for a more fortified electronic banking framework to safeguard depositors’ funds, especially as the banks frantically distance themselves from culpability.

There are also calls for urgent overhaul of the electronic banking ecosystem comprising banks, telcos and other service providers.

Already, the media space is awash with depressing tales of victims of lost devices who had their funds looted by criminals despite lodging complaints at the bank early enough.

A Lagos-based journalist, Vivian Onyebukwa, narrated how her lost phone in February marked the beginning of a nightmare that wiped out her savings, saddled her with debts she never incurred and drained her emotionally for months.

She said: “It was sometime in February, after a long day at work, I stopped at a supermarket near Jakande Gate, Ejigbo, to buy a few items. It was after I arrived at the gate of my house around 9pm, I discovered my phone was stolen and that was where my problems started.”

She tried to block her bank account that same night, but the process was incomplete. The following morning, she attempted to block her line, only to be told by roadside operators that her National Identification Number (NIN) had not been properly registered. She had to re-register at a cost of N8,000 before she could proceed. By the time she regained control, it was far too late.

Within just 20 minutes of the theft, fraudsters had cleaned out her account. But the nightmare did not stop there. Her bank soon demanded repayment of a N60,000 “Pay Day Loan” she had never applied for.

“For three months, they deducted from my salary to pay off a loan I never collected. They even borrowed airtime and money with my SIM. Each time I recharged, it was immediately swallowed.”

In addition to her lost savings, she had to buy a new phone, settle fraudulent debts and endure months of trauma.

“It was not just a financial loss. It was emotionally draining. My phone became a weapon used against me,” she lamented.

Onyebukwa’s story is not isolated. It is part of a growing wave of fraud in Nigeria where stolen phones and hijacked SIM cards are used to empty accounts and saddle victims with phantom loans.

Another victim, Nimot Shekoni, discovered to her shock that a loan had been taken in her name using her stolen phone number. “It was really confusing at the beginning because I have never taken a loan from any loan app,” she recalled.

“Why would someone use my phone number to take a loan, and how could the company fail to verify it with an OTP or other measures?”

Her experience mirrors a worrisome pattern where fraudsters, armed with a stolen SIM, bypass verification protocols, secure loans and leave the real owner to pick up the bill.

For Chinelo Obogo, another journalist, the experience was even more dumbfounding. On Tuesday, July 15, 2025, her phone was stolen in Ikeja, Lagos. Acting swiftly, she sent an email to her bank by 6:54pm the same day, requesting that her account be blocked immediately.

Within minutes, she received two emails confirming that the request had been received and that her account had been “blocked successfully.”

Relieved, she assumed her funds were safe. But the nightmare had only just begun.

The next day, she discovered that her second account, bearing her maiden name, had also been blocked unintentionally through a USSD action by her sister. At the bank branch, staff confirmed both accounts were indeed blocked, though bureaucratic hiccups with her BVN name linkage delayed access. After over three hours, she left reassured that her married-name account was locked and inaccessible.

That assurance was false. Two weeks later, on July 31, to be precise, debit alerts started pouring in. By the time she did the math, over N286,000 had disappeared from her supposedly blocked account. Worse, some deductions carried strange labels such as “Principal Liquidation” and “Interest Liquidation,” despite Obogo never taking a loan in her life.

“When I confronted customer service, I was told no email to block my account was ever received. Yet, I had the confirmation mails with case IDs to prove it,” Obogo recounted.

A senior staff member later claimed two different emails were received: one to block and another to unblock. But when pressed to produce evidence, the bank backtracked, calling it misinformation. Requests for screenshots of the supposed unblocking order were denied on grounds of “sensitivity.”

By mid-August, the debits continued including N22,000 marked as “Principal Liquidation” and another N10,800 as “Main Interest Liquidation.” All these happened despite repeated confirmations that her account was blocked and would remain so unless she authorised reopening.

“What loan are they liquidating when I have never borrowed? “Why was my request ignored, and how could fraudsters access my funds when I had taken all the right steps?” she lamented.

These bitter tales highlight a deepening crisis that require urgent intervention before fraudsters chase genuine depositors from electronic banking and ultimately retard the pace of financial inclusion. According to the National Bureau of Statistics (NBS), between May 2023 and April 2024, Nigeria recorded over 25.35 million stolen phones, making it the country’s most common crime. Less than 12 per cent were recovered.

The National Information Technology Development Agency (NITDA) also estimates that Nigeria loses about N250 billion annually to cybercrime, with SIM-swap fraud, weak passwords and social engineering attacks topping the list.

Experts explained that fraudsters often combine SIM swap, social engineering and password reset loopholes to bypass banking security.

Ravleen Kaur, an information security expert with Twilio, explained that “SIM swap attacks bypass normal security measures by letting criminals intercept standard one-time password messages.”

Having gained control of a victim’s number, attackers can trigger password resets on banking apps, receive the OTPs and lock out the rightful owner. This is exactly what happened in a widely reported case in the UK, when a Barclays Bank customer recounted how thieves hijacked her number, tricked bank staff into sending a code to the stolen SIM, then cleaned her out and pushed her into overdraft.

Nigerian fraudsters apply the same template. An industry source, who requested anonymity, revealed: “Once they gain access to the SIM, they often keep transfers below automated fraud thresholds and route funds through multiple accounts to avoid detection.”

So, why do banks delay blocking accounts after customers report stolen phones? Cybersecurity experts explained that part of the reason lies in verification checks: banks must confirm a request truly comes from the account owner, otherwise fraudsters could trick banks into freezing accounts as a diversion. But critics argued that this excuse is often stretched too far, leading to catastrophic delays like in Obogo’s case, where a blocked account continued leaking money for weeks.

Regulators have come under fire for failing to stay ahead of the criminals. The Nigerian Communications Commission (NCC) has admitted that regulation is lagging.

The executive vice chairman, Dr. Aminu Maida, said the commission is working on new rules to criminalise the use of SIM cards for fraud. “Currently, there is no consequence for using phone lines for fraud. We are looking into regulations that will criminalise such acts,” Maida noted.

The Central Bank of Nigeria (CBN) has also pledged to investigate the surge in fraud complaints and sanction negligent banks.

A source at the apex bank told Daily Sun: “There will be consequences for institutions that ignore red flags or fail to activate account-protection protocols after receiving customer complaints. Consumer trust is the lifeblood of the financial system.”

The Nigeria Inter-Bank Settlement System (NIBSS) reported that attempted fraud across financial institutions hit N17.67 billion in 2023, with mobile and digital channels accounting for the majority. Industry groups such as the Association of Mobile Communication Device Technicians of Nigeria have called for mandatory registration of mobile phones at purchase points to deter resale of stolen devices. Its president, Kehinde Apara, said: “Registration of mobile phones will reduce theft to the barest minimum, as it will be difficult for thieves to sell registered stolen phones.”

For technology experts, the problem runs deeper than criminals’ sophistication. Tech policy analyst, Jide Awe, argued: “The recurring breaches, even after victims promptly report thefts, raise serious concerns. The problem is not just in the sophistication of fraud techniques but in the inadequate response from banks.”

He warned that banks often lack real-time fraud detection systems and effective incident response. “Technology alone will not guarantee security if the people behind it are poorly trained or unmotivated. Customers face bureaucracy, slow responses, or outright disregard. No one should feel abandoned after reporting fraud.”

Fintechs are also raising awareness. Paystack’s Information Security Governance Officer, Omoruyi Ihiere, urged Nigerians to adopt stronger habits: “We strongly encourage users to enable two-factor authentication (2FA), switch from SMS OTPs to authenticator apps or tokens, and activate SIM locks from their telcos,” he advisedly.

Security experts further recommended that Nigerians set strong and unique passwords for banking and email accounts, enable biometrics and device encryption, activate transfer approvals and whitelists where possible, and immediately report theft to both telco and bank hotlines, insisting on a fraud alert being placed on the account.

As one analyst put it: “In a country where mobile phones are the gateway to money, losing your SIM can be as bad as losing your ATM card  and sometimes worse.”

For Onyebukwa, Shekoni, and Obogo, that warning has already played out in devastating fashion. They did everything they thought was right, but still ended up paying the price for systemic lapses that criminals continue to exploit. Until regulators and banks deploy stronger protections, millions of Nigerians remain just one stolen phone away from financial ruin.