• D.C.
  • BXL
  • Lagos
  • Riyadh
  • Beijing
  • SG
  • D.C.
  • BXL
  • Lagos
Semafor Logo
  • Riyadh
  • Beijing
  • SG


Nigerian fintech startups are working on a blacklist to stop rising fraud cases

Updated Mar 9, 2023, 8:51am EST
africa
Photo Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images
PostEmailWhatsapp
Title icon

The Scoop

Some of Nigeria’s largest fintech startups are quietly working on a joint strategy to tackle fraudulent transactions within their networks, starting with plans for a shared list of suspected criminals, three people with knowledge of the efforts told Semafor Africa.

The registry, tagged Project Radar, would enable companies to pool details, including banking and government identity data, of individuals and groups that have attempted or made fraudulent transactions.

Representatives of more than a dozen companies — including payments processor Flutterwave, digital banks Kuda and Branch, and savings app Cowrywise — joined a call on Monday (March 6), two people briefed on the matter said. Olugbenga Agboola, chief executive of Africa’s most valuable startup, Flutterwave, played a leading role in the conversation, the people said.

AD

Flutterwave did not comment. Kuda, Branch, and Cowrywise did not immediately respond to requests for comment.

The executives complained that fraudsters are getting more successful at taking advantage of  weaknesses in the financial system but companies were not sharing data with each other to identify such actors. “Most companies are happy to consume the data if it exists but not as willing to share theirs,” a note from the meeting, reviewed by Semafor Africa, read.

A demo of a blacklist registry is being created, one person said. Two people briefed said those leading the effort are speaking with the Nigeria Inter-Bank Settlement System (NIBSS), which operates a central switch for instant payments and is co-owned by Nigeria’s central bank and commercial banks, on how best to integrate with its existing fraud reporting system.

AD

The call happened days after news broke that Flutterwave was hacked for 2.9 billion naira ($6.3 million) in over 60 transactions in February.

Flutterwave denied the hack, saying an “unusual trend of transactions on some users’ profiles” triggered a review of its systems. But court documents show it filed a suit in Lagos against 16 commercial banks to freeze over 100 accounts suspected of receiving proceeds of the reported hack.

Title icon

Alexander’s view

NIBSS operates a portal where Nigerian financial institutions can report fraud cases but two of the people Semafor Africa spoke to said those who participated in the call wanted to bolster the current tool that was built for banks.

AD

The move comes against the backdrop of a surge in digital payments following a cash scarcity forced by a fumbled banknote redesign by Nigeria’s central bank. But the startups leading the effort also have an interest in protecting their business reputations and valuations with investors. Venture capitalists have invested $2.5 billion into Nigerian fintech startups between January 2019 to February 2023, according to The Big Deal, which tracks the data.

If left unaddressed, repeat instances of fraud in fintech risk painting the startups’ apps as being no better than banks they claim to disrupt, undermining user acquisition, expansion and fundraising efforts. Flutterwave in particular talked up plans for a Nasdaq initial public offer last year but a string of stories about fraud on its systems could undermine any potential listing.

One issue the fintech companies might face is whether the data-sharing service being built will require clearance from privacy regulators, as raised in the Project Radar notes. Depending on how and with whom the companies want to share and process the data, they may end up needing the consent of the account holders they suspect of fraudulent transactions, according to a lawyer with fintech experience in Nigeria.

Fraud attempts in Nigeria increased 186% across mobile and web channels between the first three quarters of 2019 and the same period in 2020, according to the most recent data from NIBSS, the payments switch. Fraudsters were successful with 91% of over 46,000 attempts in the first nine months of 2020, stealing 5 billion naira ($10.9 million) in the process, NIBSS said. Most attempts are by manipulating victims to give up sensitive personal information.

At the time, NIBSS said it expected fraud attempts to increase as Nigerians use more electronic payment methods. Nigeria’s instant payment transactions underwent a more than four-fold increase between September 2019 and January 2023 to 38 trillion naira ($82.6 billion), NIBSS data shows.

Title icon

Room for Disagreement

Adedeji Olowe is skeptical that the registry will take off because “fintechs in Nigeria mostly talk but never collaborate.” His company, Lendsqr, provides a service for digital lenders to manage operations and has its own blacklist for clients.

“What they are trying to do is the simplest thing from a technical point of view but it is never going to succeed. When it is time to contribute data you will start hearing excuses about privacy policies,” Olowe told Semafor Africa, citing previous failed attempts.

Title icon

The View From Uganda

As in Nigeria, there had been a feeling in Uganda that fintech startups failed to rally around common goals, “each trying to serve its niche within the financial services space,” said Dare Okoudjou, chief executive of payments company MFS Africa.

The Financial Technologies Services Providers’ Association (FITSPA) was formed in 2017 as an umbrella body for fintechs to exchange information in the fight against fraud. “The rapid exchange of information by members ensures that all threats are dealt with timely,” Okoudjou said.

Title icon

Notable

  • Project Radar comes as regulators in Nigeria become more concerned about data breaches in the financial system. The Nigeria Data Protection Bureau said last month that it is investigating Zenith, and Guaranty Trust — two of Nigeria’s top banks  — for breaches that allowed unauthorized third party access to bank records.
AD