In response to the press release by the Central Bank of Nigeria dated the 6th of April, 2020 (www.cbn.gov.ng) bothering on Cyber-attacks by cyber-criminals taking advantage of the COVID-19 pandemic to defraud citizens by way of disguising offer of relief packages to steal sensitive information, phishing campaigns to gain unauthorized access to computers or mobile devises, it is apposite to draw the attention of the general public, the apex bank and all financial institutions to the relevant provisions of the Cyber Crimes (prohibition, prevention, etc.) Act 2015 as relating to the safeguard of sensitive information.
![](https://thenigerialawyer.com/wp-content/uploads/2024/04/Idrinstitute.jpg")
![](https://thenigerialawyer.com/wp-content/uploads/2024/03/2024.lidw_.jpg")
For ease of reference, Section 19 of the said Act provides thus:
(1) “From the commencement of this Act, no financial institution shall give posting and authorizing access to any single employee”
Subsection (3) also provides all “Financial Institutions must, as a duty to their customers, put in place effective counter-fraud measures to safeguard their sensitive information, where a security breach occurs the proof of negligence lies on the customer to prove the financial institution in question could have done more to safeguard its information integrity”
Also, in line with the duties of financial institutions, section 37(3) of the Cyber Crimes Act 2015 provides that: “Any financial institution that makes an unauthorized debit on a customers account shall upon written notification by the customer, provide clear legal authorization for such debit to the customers or reverse such debit within 72hours. Any financial institution that fails to reverse such debit within 72hours, shall be guilty of an offence and liable on conviction to restitution of the debit and a fine of N5,000,000.00.”
Against the above background, it is crystal clear that financial institutions are to safeguard, as of priority, the data of customers within their purview and in breach of such duties the financial institution shall be liable.
Without stating the obvious, one only wonders how on earth do fraudsters identify individual’s bank particulars and verified information by way of informing or directing the victim in clear terms of its precise details of a particular bank to say the least, save from personal negligence.
It will suffice to say that many citizens have at one time or the other fallen victim of the ATM viral scam by fraudsters, also to add that recently there are ongoing circulations of fraudsters taking advantage of the COVID-19 as a means to trick bank customers by way of asking people to click on links to register in order to get COVID-19 relief packages from the government or other organizations.
The Courts have in plethora of cases defined the relationship of financial institutions to its customers. In UBA PLC v. G.S. IND LTD (2011) 8 NWLR (PT 1250)590 it was held that a bank has a duty under its contract with its customers to exercise reasonable care and skill in carrying out its part with regards to the operations within its contracts with its customers. The duty to exercise reasonable care and skills extends over the whole range of business within the contract with the customers.
More importantly on the proof of indebtedness by a customer the court PER OGAKWU J.C.A IN UNITY BANK PLC V. RAYBAM ENGINEERING LTD (2018) 12 NWLR (PT 1633) 214 AT 234 the Court held that where there is a dispute on the indebtedness the party cannot just toss and dump before the Court the statement of account in proof of the indebtedness of the customer for the overall debit balance but the party must demonstrate through testimonial evidence given by an official who is familiar with the amounts how the debit balance was arrived at.
In line with the above judicial authorities it is imperative to notify all financial institutions of her contractual duty to customers by way of maintaining absolute secrecy concerning the customers’ account and other affairs just to mention a few.
This is by all means compelling all financial institution to review all internal policies guidelines relating to the custody of customers information and by way of extension, admonishing the apex bank under the leadership of Mr. Godwin Emefiele, to evolve an effective self-regulation that would ensure full compliance by its operators.
Also, to commend among others the Association of Bureau De Change Operators of Nigeria under the leadership of Alhaji (Dr.) Aminu Gwadabe, of its recent launching of its automation platform with the core objective of protecting members data from cyber-attacks and security threat.
Finally, I humbly advise fellow Nigerians to be cautious and sensitive in this challenging period especially concerning the release of private information to strangers and to also comply with precautions from Nigeria Centre for Disease Control (NCDC). Thank you.
Justinjide19@gmail.com, 08104173806
NIALS' Compendia Series: Your One-Stop Solution For Navigating Nigerian Laws (2004-2023)
Email: info@nials.edu.ng, tugomak@yahoo.co.uk, Contact: For Inquiry and information, kindly contact, NIALS Director of Marketing: +2348074128732, +2348100363602.
