ABSTRACT
E-banking offers a number of advantages to financial institutions, including convenience in terms of time and money. However, criminal activities in the information age have changed the way banking operations are performed. This has made e-banking an area of interest. The growth of cybercrime – particularly hacking, identity theft, phishing, Trojans, service denial attacks and account takeover– has created several challenges for financial institutions, especially regarding how they protect their assets and prevent their customers from becoming victims of cyber fraud. These criminal activities have remained prevalent due to certain features of cyber, such as the borderless nature of the internet and the continuous growth of the computer networks. Following these identified challenges for financial institutions, this study examines e-banking risk management in the Nigerian banking sector; particularly the current nature, impacts, contributing factors, and prevention and detection mechanisms of cyber threat in Nigerian banking institutions.
This study adopts mixed research methods with the aid of descriptive and inferential analysis, which comprised exploratory factor analysis (EFA) and confirmatory factor analysis (CFA) for the quantitative data analysis, whilst thematic analysis was used for the qualitative data analysis. The theoretical framework was informed by Routine Activity Theory (RAT) and Fraud Management Lifecycle Theory (FMLT).
The findings show that the factors contributing to the increase in cyber threat in Nigeria include ineffective banking operations, internal control issues, lack of customer awareness and bank staff training and education, inadequate infrastructure, presence of sophisticated technological tools in the hands of fraudsters, negligence of banks’ customers concerning their e-banking account devices, lack of compliance with the banking rules and regulations, and ineffective legal procedure and law enforcement. In addition, the enforcement of rules and regulations in relation to the prosecution of financial fraudsters has been passive in Nigeria. Moreover, the findings also show that the activities of each stage of fraud management lifecycle theory are interdependent and have a collective and considerable influence on combating cyber threat. The results of the findings confirm that routine activity theory is a real-world theoretical framework while applied to cyber threat. Also, from the analysis of the findings, this research offers a new model for e-banking risk management within the Nigerian banking sector. This new model confirms that to have perfect prevention and detection of cyber threat there must be presence of technological mechanisms, fraud monitoring, effective internal controls, customer complaints, whistle-blowing, surveillance mechanisms, staff-customer awareness and education, legal and judicial controls, institutional synergy mechanisms of in the banking systems. Finally, the findings from the analyses of this study have some significant implications; not only for academic researchers or scholars and accounting practitioners, but also for policymakers in the financial institutions and anti-fraud agencies in both the private and public sectors.
CHAPTER ONE
INTRODUCTION
1.1 Background of Study
With the global use of progressively more sophisticated internet and information technology (Papazoglou, 2003), electronic banking is developing as a key channel for banking businesses (Wei et al., 2012). Globally, remote banking is regarded as a characteristic of the new economy, which involves electronic transactions between banks and their customers (Banstola, 2007). Electronic banking, generally referred to as ebanking, is the latest delivery channel for the banking system (Keivani et al., 2012). The term “e-banking” has been discussed in several ways by many researchers from diverse backgrounds, mostly because electronic banking involves quite a lot of banking activities through which customers can inquire for financial information and implement transactions by means of a digital television, telephone, mobile phone or computer (Hoehle, Scornavacca & Huff, 2012). Perkins and Annan (2013) describe electronic banking as the rendering of services and dissemination of information by banks to customers through various delivery channels that can be accessed with a personal computer or other electronic devices.
However, the banking sector is being reformed by globalization, innovation, customer needs and competition. Due to the development of a knowledge-built economy and the emergence of the latest information and communication technology, financial institutions particularly the banking industries have experienced thought-provoking changes during the last decade. According to the Wisdom (2012), Information and Communication Technology, the most significant factor in the forthcoming development of the banking industry, enhances banks’ ability to produce sophisticated products, to have superior market structures, to diversify their markets and to expand globally. Furthermore, Darlington (1999) states that over the past three decades, customers’ needs have changed significantly: customers are demanding simplicity in their daily banking services together with maximum security and safety.
Thus, the traditional banking system, which consists of physical branches, is now being threatened by information and communication technologies characterized by automated systems of interaction with customers (mobile banking, call centres, automated teller machines (ATMs), online banking), that include relatively minimal costs and permit customers to select from the alternative delivery channels (Keivani et al., 2012). Therefore, electronic banking has become a great business; the transformation from traditional banking to electronic banking has been a “Leap” change (Yazdanifard, WanYusoff, Behora, & Abu, 2011; Wang & Huang, 2011).
Globally, the electronic banking system addresses several emerging trends: it is very convenient and easy for electronic banking users to manage and access their bank accounts at any time and from anywhere in the world (Brar, Sharma & Khurmi, 2012). The banking sector has been strengthened by this development in recent years, since electronic banking saves vast amounts of resources in areas such as investments into ATMs, staff training, opening of branches and other operational costs (Chaturvedi & Meena, 2016). The internet has improved users’ experience of electronic banking operations dramatically (Abu-Shanab & Matalqa, 2015). Banking transactions can now be performed any place, anytime in the world through any bank delivery channel: ATMs, POS, Smart TV, personal computers, telephones are among the channels a customer might consider (Hoehle, Scornavacca & Huff, 2012).
E-banking is the significant application of the internet for banking activities, and bank sectors have upgraded their business strategies with the assistance of the internet. Banks have provided their services via the internet and thereby electronic transactions have increased speed in the banking industry worldwide (Mahdi, Rezaul & Rahman, 2010). The advancement of electronic transactions gives a tremendous prospect for benefits to consumers and financial institutions (Singh & Singh, 2015).
Corroborating this, the emergent modern technologies have resulted to significant transformation of banking approaches and techniques. Bank branches have started to lose ground to computer-generated banking as the use of distant banking services has been augmented (Hoehle, Scornavacca & Huff, 2012). Globalization, transforming social trends, competition and particularly information and communication technology advancements have brought intense reform of the banking system (Loonam & O’Loughlin, 2008). Generally, information infrastructure is considered worldwide as an opportunity for introducing innovative electronic distribution channels for bank products and services.
On the contrary, banking represents the mediator of the economy; fraudulent acts have brought enormous losses that are affecting all the performing activities (Sahin &Duman, 2010). Equally, banking development, from traditional banking to electronic banking, is not only challenging in terms of managing bank risk, but also with international and national irregularities (Saranya & Gunasri, 2013; Chaturvedi & Meena, 2016; AbuShanab & Matalqa, 2015).
Conversely, the findings also supports the issues that the factors contributing to the increase in cyber threat in Nigeria include ineffective banking operations, internal control issues, lack of customer awareness and bank staff training and education, inadequate infrastructure, presence of sophisticated technological tools in the hands of fraudsters, negligence of banks’ customers concerning their e-banking account devices, lack of compliance with the banking rules and regulations, and ineffective legal procedure and law enforcement. In addition, the enforcement of rules and regulations in relation to the prosecution of financial fraudsters has been passive in Nigeria. Theses also corroborated with diverse types of security threats for both the electronic banking users and the banks – such as distributed attacks, phishing, identity theft, brute force attacks, spamming, credit card frauds, ATM frauds, hacking and unauthorized access, theft of service frauds, online money laundering, denial of service attacks, creation and distribution of malware attacks and other related online frauds – are challenging issues.
However, cyber threat has created an aggressive presence in the banking sector and therefore, security cognizance is required in order to bring behavioural transformation, minimize employees’ vulnerability and guard against the prospective risk of fraud; and to create strong detection and prevention of fraud using electronic technology, adoption of fraud awareness and other new sophisticated anti-fraud approaches. Hence, to cover these gaps there is a need to examine the natures, contributing factors, preventive and detective mechanisms of cyber threat.
1.2 Research Problem
The banking sector globally plays an essential role in advancing the smooth growth of economic activity (Sruthi & Prasanna, 2016). As intermediaries between users and suppliers of funds, banks are successfully placed in a continuum that controls the pulse of the economy (Rampini & Viswanathan, 2015). Globally, the incapability of the banking sector to effectively perform its functions as intermediary and inability to control financial challenges that are experienced hitherto have been a crucial concern (Gertler & Nobuhiro, 2010). Equally, Rampini and Viswanathan (2010) state that the main attribute of banking industry businesses is to perform as deputized monitors and adviser of borrowers on behalf of legitimate depositors.
However, in this special association with borrowers and depositors, banks need to protect the confidence and trust of their various clients (Wei et al., 2012). The failure of banks to satisfactorily perform their role resulted from the numerous risks they are exposed to which are not appropriately controlled (Papazoglou, 2003). One of these risks which are progressively becoming a cause of burden is the banking risk related to fraud (Sruthi & Prasanna, 2016). Furthermore, fraud, which literally means an intentional act of deception that makes society suffer damage, either by monetary or physical asset losses, is now a global menace to the entire banking industry (Ramamoorti, Morrison & Koletar 2013).
Respectively, it is truly bothersome that while the banking sector is persistently trying to contend with the demands of monetary authorities to recapitalize up to the required minimum standards, fraud perpetrators are always at work decimating and threatening banks’ financial base (Mahdi, Rezaul & Rahman, 2010). Also, the worrisome issue in Nigeria is the extent of involvement in the act of cyber threat by bank management staff and collusion with outsiders, as well as the ease with which many elude detection, hence inspiring many others to cooperate in perpetrating fraud (Usman & Shah, 2013).
However, their studies examine only causes of credit card frauds and not mobile fraud, online fraud, computer base fraud and telephoning fraud, which are major channel services of electronic banking, even without discussing the prevention and detection aspects of fraud. Also, most studies done earlier in Nigeria on fraud have employed secondary data and did not consider the use of primary data, while employees were the main focus of those studies. Thus, an innovative approach is required to mitigate cyber threat. Therefore, these acknowledged gaps provide the motivation for this present study.
1.3 Aim of the Study
To examine cyber threat detection and prevention mechanisms in Nigerian banking sector.
1.4 Research Questions
The following research questions have been framed to address the research aim:
1. What are the cyber threat risks that are of high concern in the Nigerian banking sector?
2. What are the perceived factors that have considerable influence on the increase in cyber threat in Nigeria?
3. What are the current significant mechanisms for cyber threat prevention in the Nigerian banking industry?
4. What are the current significant mechanisms for cyber threat detection in the Nigerian banking industry?
1.5 Scope of the Study
This study concentrates on the deposit money banks (commercial banks) in the Nigerian economy; the research questions were used to ascertain the effect of cyber threat on banks’ stockholders, and its prevention and detection. The study covered the activities of both internal and external stakeholders of commercial banks in the Nigerian economy, since the core function of both internal and external stakeholders is to ensure an effective use of the e-banking system. Data were collected from accountants, internal auditors, external auditors, managers, and directors who are working in the head offices of Nigerian commercial banks and also customers within the banking premises by the use of questionnaires and direct interviews. The selection of the head offices is to facilitate the study by covering those internal and external bank stakeholders who have common experience within the financial sector of the Nigerian economy.
This study was carried out to show detailed appraisal of cyber threat detection and prevention and to enable the researcher to provide appropriate answers to the fundamental questions raised in this section, which subsequently form the basis of the research objectives. However, there are also difficulties with the gathering of dependable historical data of fraud occurrences, where most incidences of fraud go undetected (Wells, 2014). Thus, the scope of this research is constrained to only licensed deposit money banks in Nigeria at the time of this research.
1.6 Significance of the Research
The current research has significance for theories and empirical applications in the areas of policymaking and financial institutions. Theoretically, the submission of prevailing theories of frauds, such as routine activity theory (RAT) (Cohen & Felson 1979; Williams, 2016) and fraud management lifecycle theory (FMLT) to the Nigerian ebanking risk management context will generate more information about whether these theories can be applied worldwide or whether they depend on cultural or local structures.
The research can likewise be projected to expose some of the prerogatives that are claimed in the academic and theoretical literatures regarding the understanding of fraud in the financial context and its connotation. Given the application of present theories along with other information from the research concerning the Nigerian banking sector, this can be regarded as significant research from this viewpoint.
There are also substantial practical applications of this study. The Nigerian banking sector can use the information generated from this study to modify its practices of combating fraud, and in addition to identify areas that are performing well. Investors and customers are the major users of this information in a practical mode. One of the challenging factors is overseas investment fraud (Broadman & Isik, 2007). However, to some degree, financial risk is essential in almost all financial institutions. Understanding the level of risk and the specific factors that will need to be overcome will be tremendously significant for investors to make suitable decisions.
Finally, even though several studies have been conducted on cyber threat in various parts of the world, particularly in the United Kingdom and United States of America, no broad study has been done in Nigeria, where the information that exists is piecemeal. It is therefore expected that this study will contribute significantly to the literature of the existing body of knowledge on cyber threat and on the developing economy.
1.7 Structure of the Research
The structure of the thesis is presented as follows:
Chapter 1 comprises an introduction to the study. It sets out the background of the study, the aims and research questions. It also presents the scope, rationale and significance of this study.
Chapter 2 presents the literature review of the thesis. The thesis focuses mainly on an examination of cyber threat detection and prevention in Nigerian financial sector. The chapter discusses the contextualisation of the Nigerian banking system, history of Nigeria banking system and constructs of electronic banking, it also elucidates the impact of cyber threat, e-banking attacks and techniques and the contributing factors to the increase of cyber threat. The discussion also includes cyber threat detection and preventive mechanisms while ending with a summary.
Chapter 3 explains the methodology and methods adopted for the research design by discussing research in philosophy which involves the epistemological position, the ontological position, axiology positions and postmodernism. It extensively describes the application of triangulation in this research design. It also explains population, sampling strategy, research instruments design and testing data collection procedure for this study. Data preparation and analysis, procedure factor analysis, structural equation modelling (SEM) validity, ethics in research and a summary are obviously discussed also.
Chapter 4 discusses quantitative analysis, which elucidates the outcomes of the survey analysis that was conducted, the major purpose of conducting the survey, factors for the increase in cyber threat, and current prevention and detection mechanisms in the Nigerian banking system. It includes the demographic information of the respondents.
Chapter 5 is all about conclusions and recommendations. It elucidates the practical and theoretical contribution made in this study, summarizing the major findings in respect of the research questions, explaining contribution to literature, theory, and knowledge, revealing policy implications and providing recommendations. Finally, this chapter concludes with the explanation of limitations to the study and discussion of areas for upcoming research.
================================================================
Item Type: Project Material | Size: 63 pages | Chapters: 1-5
Format: MS Word | Delivery: Within 30Mins.
================================================================
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.