Despite warnings and social media campaigns by banks on the need for customers to protect their debit and credit cards, so many Nigerians still fall victim to card frauds which leaves them with nothing but debit alerts and a near-clean sweep or clean sweep on their accounts in some cases.
In this post, we will share some important tips on how to protect your debit card from fraudsters in Nigeria. We will also share some tips on what to do if you suspect you are a victim of card fraud.
1. Avoid using your cards(s) when dealing with PoS agents
The presence of mobile money shops or PoS agents on almost every Nigerian street has greatly contributed to the rise of debit card fraud, particularly in the past five years. Although this is not to say that mobile money shops in Nigeria are set up with the intent to steal from those who patronize them. However, there have been numerous reports about how mobile money shop agents/salespersons connive with street boys supposedly “Yahoo! boys” in sweeping clean, the bank accounts of customers who used their services, particularly those who made withdrawals. There have been reports that shop agents who sit behind desks are prone to engage in this illicit deal with fraudsters in exchange for some percentage.
In order for them to complete their fraud, all they need are your card details which consist of your 16 digit card number, your card validity details and Security (Card Verification Value) number. To get this in seconds, PoS agents have been reported to capture customers card details with their camera phones in less than 5 seconds while trying to help them initiate their original transaction then perpetrate their evil act immediately after the customers have left or most times, in the dead of the night when their victims are fast asleep and unaware of what was happening or about to. The latter is often executed by cybercriminals with sound knowledge of websites that do not require OTP to make purchases after which proceeds from the transaction will be shared based on the agreed percentage.
A report by Vanguard in November 2020 revealed how a woman got a debit alert shortly after patronizing a POS agent. An excerpt from the article reads:
Her words, “I was travelling to Ebonyi State and decided to do PoS withdrawal from an agent in Marina, Lagos. I used my Automated Teller Machine (ATM) card to withdraw N6,000. Throughout the next day, I started receiving debit alerts of sums ranging from N30,000 to N50,000. I called my husband if he was making any transactions from the account and he said no. I quickly remembered that I withdrew from a PoS agent in Lagos. ‘‘Luckily, I was with the printed slip. I called the Police and on getting to the agent stand in Lagos, the agent felled to the ground immediately he saw me. By then he had withdrawn N250,000 from my account. He returned my money and was arrested. Some of his victims were not lucky to get their money back.”
It is advisable not to use your ATM cards if you decide to patronize street mobile money agents. Options such as bank transfers and pay IDs or pay codes are less riskier compared to using ATM cards.
2. Avoid helping someone fund a betting account with your cards
Unfortunately, most compromised debit cards these days are often channelled into funding bet accounts which are untraceable, according to the debit alerts which are generated and sent to the victim’s phone. A common mistake many make is helping their friends, lovers or partners, neighbours and even family members in funding their betting accounts.
Unknown to many, most betting platforms are notorious for saving a card without the consent of the individual making the payment. While an OTP might be required the first time you are helping out, it won’t at other times if your card is saved and this means the individual can initiate several deposits into their betting account without requiring an OTP from your device. If you have fallen victim or received debit alerts claiming you funded a betting account, first find out if you had assisted someone in funding their betting account within the past three months.
3. Avoid linking your cards to unauthorized fintech apps
You are solely responsible for what happens to your debit cards and monies and this is why it is never advisable to link your cards to authorized fintech apps that either grant loans or allow you to save on their platform.
A linkage between your card and these apps means authorized transactions can be made from your bank account and your bank might not be able to help you when such withdrawals are made. If at all you link your ATM card with any of these apps, be sure to read what their company says about how they handle sensitive information such as debit cards, IDs and BVN numbers.
4. Regularly scan your phone for spyware
In an era where mobile applications can be downloaded from authorized and unauthorized sources, it is important that you periodically scan your mobile phone for spyware, particularly keylogger, which is “an insidious form of spyware”.
Spyware describes software with malicious behaviour that aims to gather information about a person or organization and send such information to another entity in a way that harms the user, according to Wikipedia.
If you have ever downloaded a mobile application outside of your phone’s authorized app place repository or you have had to turn off your phone’s security just to “install from unknown sources”, then you are at risk of having sensitive data, including your debit card details stolen.
5. Avoid using your card on cyber cafe computers or one that is not yours
Avoid using your cards on computers in cyber cafes, belonging to your friends or siblings. As unbelievable as it sounds, cyber cafes are still very much around and most people see nothing wrong with using their debit cards in making online payments for exams, professional courses or certifications.
While that in itself isn’t the problem, computers naturally save up sensitive information such as usernames, card details, passwords, etc., by storing up cookies which makes it easier to reuse later.
If you are tempted to use a public computer or one that is not yours, make sure you take of the sensitive details such as making payments on your phone first, save up your progress before switching to a computer, if you don’t have one, that is. However, be careful about the type of information you fill out in public.
6. Avoid saving cards on websites for automatic renewals
Most websites with eCommerce features allow users to save their card details when checking out in other to use them without having to enter the card details in the near future. This is a bad idea since doing this means transactions can take place on your bank account, whether or not you authorize them. Transactions such as automatic renewals, automatic upselling and cross-selling can take place without your consent and allowing this feature means you probably consented to it.
7. Periodically update your apps, PC, devices or mobile phone
Hackers find it easier to hack into outdated apps, computers with outdated software as well as mobile phones with outdated software since such outdated tools no longer get the latest security updates from developers or manufacturers.
If this is the case with you and you use your device to make transactions such as making payments, logging in to your bank accounts, etc., then you must, as a matter of urgency, update your devices.
8. Avoid sharing your card details & asking others to withdraw on your behalf
This grave error is mostly practiced by people in corporate environments who ask office assistants, company security officials, younger colleagues, colleagues, office cleaners and even strangers on a bank queue to help them withdraw from their cards. In doing this, they carelessly share their PIN, leaving them vulnerable but hinging on trust that the person won’t disappoint or hurt them.
Sharing sensitive details have gotten many people in grave trouble they never bargained for. Other than fraud, there is the likelihood of being set up and ganged up against.
9. Avoid sharing your card details with supposed telemarketers/bank agents
Scammers and fraudsters periodically pose as genuine bank representatives and randomly message unsuspecting victims about a possible account block over incomplete details. Almost anyone can see through their shenanigans at a glance but those with little or no knowledge of how banks operate often fidget and act under pressure. The endgame is always to get their victim’s debit card details in order to make illicit withdrawals from their bank accounts.