Nigeria’s digital economy is evolving, but cybersecurity firms are wary of relying on the country’s fraudulent past. This could have severe consequences.
A Nigerian computer programmer was arrested in November 2021 for urging American company employees to spread ransomware on their internal enterprise servers.
There has been an increase in cyber cafe establishments in Nigeria, leading to a high unemployment rate. Many people were also without national social security so they resorted to gig work or cybercrimes. The Nigerian Police Force has been steadily arresting local cybercriminals, and the EFCC has recently reported an increase in bogus requests for reward points and money.
Nigerian scammers have been running rampant, stealing up to two and a half-billion dollars in the US alone. They’ve become so successful that they can make any story believable to their target audience. They’re on the Most Wanted list of six cybercriminals in the United States, listed as “John Smith” or “Jane Jones” depending on which form of identification they use. Companies use these services to prevent theft and crime before it happens, which has sparked an industry of cybersecurity products such as Abnormal Security and Proofpoint.
New technology has created new ways to internationalize one’s business, but it also comes with more pressure and a higher potential for mistakes.
Making fraud detection services more efficient can help to avoid false positives. When creating an email system, regulation engines and deep learning models must detect fraudulent activity patterns. To be accurate, like the Nigerian prince scam, certain rules need to be in place. However, this type of attack can create fraudulent transactions that are not flagged as fraudulent due to similar characteristics to genuine instances.
Companies lack the resources to find Nigerian scammers. One solution is blocklisting, which is ineffective and also prevents Nigerian users from receiving payments. Another option is training models with limited data that are biased against Nigerians. PayPal has historically banned Nigerian users too (which was in 2021).
International perceptions of Nigerian scammers are preventing Nigerians in tech from making international financial transactions, using bank drafts and checks as payment, and using emails.
The Bureau of the National Intelligence revealed in their study that Russia hired disinformation tactics from Nigerian hackers. This is something that Camille Stewart, a former senior policy adviser for the Department of Homeland Security and a Russian disinformation expert, agrees with.
International fraud response has gone beyond precaution. People who discriminate against Nigerian users may save businesses from actual criminal conduct, but it came at the expense of subjecting innocent people to extensive examination, which frequently involves their data and financial records. This feedback loop is self-sustaining. Data generated for training models can be considered useful as long as a company’s fraud detection model has a high recall (the proportion of identified true attacks out of all true assaults).
Nigeria and technology have both seen significant changes. In Africa, data centers are spreading rapidly. The main one was acquired by Equinix in 2021. Mobile broadband is being extended to 60% of the unconnected population via this company. Freelancing is now possible with gig-economy industries like Uber and Airbnb. There are also many Nigerian online businesses, with over 716,000 African software developers.
The Nigerian government has had a suspicion of those who aspire for more for many years. For example, law enforcement in Nigeria would often stop and interrogate these people based on their activities online.
The SARS, or the Serious and Organized Crime Unit, was founded in 1992 to investigate violent criminals. In 2000, when cybercrime became an increasing problem, their focus changed to prosecuting potential cybercriminals.
Researchers at Amnesty International found the group guilty of 82 illegal stop and frisks, arrests, sexual harassment, and extrajudicial killings. Young Nigerian men between the ages of 17 and 30 were at the highest risk of extortion.
On October 3, 2020, a video was taken of a SARS police officer shooting and killing an unarmed young Nigerian man in Ughelli after an altercation. Caught on camera, the video begins showing the victim walking across the street when he is confronted by an officer. The officer accuses him of cybercriminal activity and shoots him in cold blood. Angry at their policies, some young tech workers demanded that their government investigate and prosecute all police misconduct. As a response to this protest, the SARS police force was decommissioned as well as several other tactical forces.
Despite the Nigerian government’s efforts, many believe that this is not enough. Individuals like Medayedupin do make arrests, but you also have to focus on solving the cybercrime problem at large.
A single criminal doesn’t bring as much impact as identifying bigger networks. This is not unlike the problem of a person forgetting their umbrella one day, but it reflects how a drop in the ocean could make a difference long term.
Nigeria is an important market, but Binance can’t keep Nigerian accounts.
With the rapid growth in Nigeria’s tech ecosystem, more lucrative opportunities are available to young Nigerians than ever before. However, cybercriminals remain focused on fraud as a heuristics-based problem.
Though some companies have done a good job at fraud detection, many more are not attentive to non-suspicious activity and the difference between Nigerian accounts and those of scammers.
Setting undue focus on crime prevalent in Nigeria for a short-term advantage won’t work. It’ll be easier to adhere to heuristics rather than focusing on what’s minimally necessary, but this method isn’t sustainable in the long run. Companies will lose out on customers from Africa if they simply react with quick fixes.
One might argue that the bias within the industry is played out through a lack of diverse leadership. This means few incentives to change the status quo, but it must change regardless because it stretches systemic racism by doing the unjust surveillance of African and African sub-cultural (out of the region) individuals.