Risk governance & control: financial markets & institutions / Volume 4, Issue 2, 2014 ELECTRONIC FRAUD (CYBER FRAUD) RISK IN THE BANKING INDUSTRY, ZIMBABWE Shewangu Dzomira* Abstract The paper explores forms of electronic fraud which are being perpetrated in the banking industry and the challenges being faced in an attempt to combat the risk. The paper is based on a descriptive study which studied the cyber fraud phenomenon using content analysis. To obtain the data questionnaires and interviews were administered to the selected informants from 22 banks. Convenience and judgemental sampling techniques were used. It was found out that most of the cited types of electronic fraud are perpetrated across the banking industry. Challenges like lack of resources (detection tools and technologies), inadequate cyber-crime laws and lack of knowledge through education and awareness were noted. It is recommended that the issue of cyber security should be addressed involving all the stakeholders so that technological systems are safeguarded from cyber-attacks. Keywords: Electronic Fraud, Cyber Fraud, Cyber-Crime, Internet Banking, Electronic Banking * Post-Doctoral Research Fellow, CEMS, Department of Finance, Risk Management & Banking, UNISA Email: [email protected] or [email protected] 1. Introduction Kadleck (2005), as more businesses and customers launch their money into cyberspace, opportunities for In modern times banks are not so often robbed 21st century tech-savvy thieves also increase. because money is not only kept in bank vaults. In While on the one hand, financial institutions in modern computer technologies and data networks a Zimbabwe are coping with global developments in lot of money exists in cyber space. Banks have to technology, on the other hand cyber fraud adapt to modern trends of doing business perpetrators are on the look-out. E-banking fraud is electronically and at the same time protect themselves an issue being experienced globally and is continuing against cyber-crimes. The first recorded “cyber- to prove costly to both banks and customers (Usman crime” took place in the year 1820! That is not et al., 2013). According to Shinder (2002), e- surprising considering the fact that the abacus, which commerce, on-line banking and related technologies is thought to be the earliest form of a computer, has have resulted in millions of dollars of financial been around since 3500 BC in India, Japan and transactions taking place across network connections China. The era of modern computers, however, began and as banks expand their array of online services to with the analytical engine of Charles Babbage (Khan, clients, the risk of internet computer fraud (ICF) 2011). In Zimbabwe almost all banks to date have increases and the risk landscape changes. Financially implemented electronic banking and/or cyber banking motivated high-profile attacks have been observed in one way or the other. across the globe with the growing patronage of e- According to Dube et al. (2009), the first visible banking services and its anticipated dominance in the form of electronic innovation in Zimbabwe was in the near future. Some of the known factors that contribute early 1990s when Standard Chartered Bank and the to the acute problem of security must be addressed Central African Building Society (CABS) installed (Usman et al., 2013). automated teller machines (ATMs). (Kass, 1994 cited According to Mushowe (2009), the Zimbabwean by Goi, 2005). Electronic banking in Zimbabwe has government had plans to come up with legislation to grown significantly in recent years. According to curb cyber-crime in the country in view of its Gono (2012), fifteen banking institutions have increasing threat to world economies. Given the already introduced mobile banking products in threats posed to global economies by cyber-crime, partnership with mobile operators and the number of there was a need to come up with measures to combat banking institutions venturing into mobile banking this crime. In addition to that, Kabanda (2012) posits are on the increase. The, volume of mobile payment that incidences of cyber-crime in Zimbabwe were on transactions and the volumes of internet transactions the increase and need to be quantified through also increased substantially. However, according to research. The prevalence of cyber-criminals is a 16 Risk governance & control: financial markets & institutions / Volume 4, Issue 2, 2014 worrying development as Zimbabwe grows more afforded new levels of efficiency for financial reliant on ICTs. More so, Moyo (2012) adds that, institutions and greater convenience for consumers, it people cannot redefine fraud because it has been also creates new opportunities for fraud, as committed through cyberspace and further mentions transactions are faster, do not require any human that due to the fact that most victims of cybercrime intervention, and are often “anonymous” (Oracle, are high-profile bank customers, they were reluctant 2012). Due to the pivotal roles of banks in the growth to announce or admit in public that they have been and economic development of any nation, it has successfully defrauded by some cyber-criminal. become very necessary to protect these institutions The Zimbabwean criminal codification act does from the antics of fraudsters (Ikechi & Okay, 2013). not, at any point mention computer aided crimes or According to the World Economic Forum’s cyber criminology directly as a crime but this does Global Risks (2014), cyberspace has proved resilient not mean that cyber criminology is exempted. While to attacks, but the underlying dynamic of the online there is so much online activity masked in anonymity world has always been that it is easier to attack than and plasticity, tracing online criminals can be to defend. On that note, the contemporary approach at impossible or arduous, Muleya (2012)). all levels on how to preserve, protect and govern the Although research have been carried out on common good of a trusted cyberspace must be adoption and use of internet banking, and security developed, since the growth of the information strategies in terms of online banking in Zimbabwe, society is accompanied by new and serious threats. the author found no research that specifically The rising of such threats at various stages is because addressed the cyber fraud and the challenges faced by of the explosion of online banking coupled with the banking institutions in trying to combat this kind of acceptance by consumers to disclose sensitive risk. information over internet. Electronic fraud is In view of the above background, the paper committed in different ways. intends to attain the following objectives: to examine electronic frauds perpetrated in Types of e-frauds the banking sector in Zimbabwe; and to explore the challenges faced by banks in Electronic fraud could be classified into two an endeavour to combat cases of electronic categories namely, direct and indirect frauds. Direct fraud in Zimbabwe. fraud would include credit/debit card fraud, employee The following sections of this article outline the embezzlement, and money laundering and salami literature review, methodology, analysis of the attack. Indirect fraud would include phishing, findings, conclusions and recommendations. pharming, hacking, virus, spam, advance fee and malware. 2. Literature Review Credit card/debit card fraud and identity theft are two forms of e-fraud which are normally used Electronic fraud (cyber fraud) interchangeably. It involves impersonation and theft of identity (name, social insurance number (SIN), At global level ICT advancement has immensely credit card number or other identifying information) contributed to economic development including to carry out fraudulent activities. It is the unlawful finance and banking. The internet is one of the use of a credit/debit card to falsely obtain money or fastest-growing areas of technical infrastructure belongings without the awareness of the credit/debit development. Today information and communication card owner. (Williams, 2007; Njanike, Dube & technologies (ICTs) are omnipresent and the trend Mashanyanye, 2009; Saleh, 2013). Theft of towards digitization is growing (Gercke, 2012). Due someone’s identity can be done through different to the pivotal roles of banks in the growth and ways. According to Barker, D’Amato & Sheridon economic development of any nation, it has become (2008), skimming involves stealing information off a very necessary to protect these institutions from the credit card during a legitimate transaction. This type antics of fraudsters (Ikechi & Okay, 2013). However, of scheme usually occurs in a business where the it is the same ICT systems used by the banks which patron’s credit card is taken out of sight while the are negatively utilized by perpetrators of fraud. The transaction is being processed. The fraudster will increased use of ICT such as computers, mobile swipe the card through an electronic device known as phones, internet and other associated technologies are a “wedge” or skimming device, which records all the routes which gave rise to lot of constructive work information contained on the magnetic strip (ACFE, as well as destructive work. The destructive activities 2007, p.1.104) cited by Barker et al. (2008). To are considered as ‘electronic crime’ which includes obtain credit card details, offenders may employ spamming, credit card fraud, ATM frauds, money sophisticated method such as hacking into merchants’ laundering, phishing, identity theft, denial