Content uploaded by Essien Essien
Author content
All content in this area was uploaded by Essien Essien on May 13, 2019
Content may be subject to copyright.
DOI: 10.4018/IJICTHD.2018010102
Volume 10 • Issue 1 • January-March 2018
Copyright © 2018, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
17
Essien D. Essien, University of Uyo, Uyo, Nigeria
This article examines the cyber security dimension of the global information Infrastructure which
has resulted in the attainment of remarkable milestones and unlimited opportunities. However, these
benefits notwithstanding, the cyberspace is increasingly under attack by cybercriminals, and the cost
and damages from such attacks are increasing alarming. This article therefore, sets out to examine the
ethical implications of cybersecurity phenomenon. Relying upon an extensive contemporary literature
on cyber security, this study examines the phenomenon using the protection motivation theory. The
article employs qualitative analysis of the current cybersecurity landscape in Nigeria. With an insight
provided into understanding the independent layers of cyber security in Nigeria, a criterion on what
should constitute appropriate procedure for cyber security is thus supplied. Findings posit that with
the vulnerability of cyberspace, cyber security phenomenon in Africa, mirrors the existing social
inequalities and widens the social division that is more apparent with the expansion of the ICTs.
Cybercrime, Cybersecurity, Cyberspace, E-Fraud, Ethics, Information Infrastructure, Nigeria, Techno-Social
Dilemma
The emergence of the internet as an international technological communication tool is one of the
most significant developments in the 21st century cyberspace landscape (Wada & Odulaja, 2012). But
behind this achievement is the question of ethics, values, and norms that transcends borders, creating
a variety of challenges in today’s interconnected society which have to be addressed (DeJoode, 2011).
There are no mincing words that the rise of the Internet and new media in particular and the digital
economy in general has brought to the fore the fact that Africa is the most marginalized and excluded
region of the world and she is facing a number of threats as her own share of the global insecurity
problem. Apparently, as part of the evolving trend, Africa’s territorial sovereignty and integrity is no
longer limited to its sea and land borders but its cyberspace (John, 2013). This explains why today’s
threats to security have been globalised while their impact has been localized. Nevertheless, the
world’s growing dependence on the internet has revealed that the cyber space is now as important as
the physical space and its vulnerability to disruption and attack, has highlighted the importance and
the necessity for a coordinated response for security at all sphere, be it national, regional or global
levels (Kumar, 2010).
Volume 10 • Issue 1 • January-March 2018
18
Additionally, these threats concern the well-being of an individual whose identity is rooted
in different socio-economic and cultural backgrounds. The security concern includes the rapidly
evolving threat landscape of the cyberspace which has heightened the extent to which cyberspace
vulnerabilities and limited capacities prevent Africa from maximising the benefits of the digital
economy (Cassim, 2011). Besides, the people are facing a growing number of uncertainties related to
the use of the digital environment such as the digital security threats and incidents that have increased
the financial, privacy, and reputational consequences, and in some cases, produce physical damage.
Although stakeholders are increasingly aware of these challenges raised by digital security risk, they
often approach the problem only from the technical perspective, and in a manner that tends to play
down on the ethical implications of the social cleavages in digital use and applications that accompany
information poverty and insecurity challenges (Cassim, 2011).
Even though recent scholarship has endeavored to articulate a more nuanced conceptualization
of the nature of global cyber security today which has changed and require different thinking and
responses. It lends credence to the fact that most of the global threats we face today are rooted in the
deeper issues of ethics and values in international relation, politics and interaction (Alexander, 2008).
A good example is the cyber security with a techno-social fissure that has splintered into a multitude
of cracks with a phenomenal impact on the nature and future of Africa’s growth, development and
existence. This polysemic socio-ethical condition no doubt has a profoundly contentious security
implication for Africa that are most dramatic and urgent (Atta-Asamoah, 2010). It threatens not only
the security of the region but the security of communities and/or the entire portions of the region’s
population. It is therefore a risk to both regional/national as well as the human security.
But despite the seeming pessimism of this development, the rhetoric of the discourse concerning
the emerging pattern of cyber activity in Africa today reveals that the digital divide is not only a
technological predicament; it is also an ethical crisis. This is so because the cyber security divide and
processes are redefining security in the 21st century (Chiemeke, Evwiekpaege & Chete, 2006). This
study therefore examines some of the numerous ethical issues/challenges posed by contemporary
information society and technology to several sections of African communities. It posits that
cybersecurity though a new issue with a global dimension, has an important developmental implication
for Africa (Atta-Asamoah, 2010). Therefore, breaking it apart into its ethical underpinnings will
provide a framework for effectively addressing cyber threats and digital vulnerability in Africa.
For Africa, cyber insecurity leads to social exclusion and questions the information economy that
generates consequences for social divisions, social insecurity, diversity and differences among the
already diversified African society (Longe & Chiemeke, 2008). Though scholarly investigation into the
ethical issues concerning cyber security in Africa has regrettably been modest and disproportionate,
the solutions to today’s cyber security problems have to take into account some ethical considerations
as well as the region’s and/or individual’s cultural and socio-economic background. The cyber
security phenomenon from an African perspective, mirrors the already existing social inequalities
and widens the social division that has simply become more apparent with the expansion of the ICTs
(Olasanmi, 2010).
Several studies have demonstrated that the level of negligence and ignorance in the Information and
Communication Technologies (ICTs) sector in Africa represents a serious threat for the entire continent.
The impact of cybercrime on the region is serious; this explains why forensic experts are claiming
cyber-crime poses the biggest challenge to the growth, development, integrity and sovereignty of
Africa. This study therefore, adopts the protection motivation theory which was propounded by R.
Rogers in 1975. The theory measures the coping behavior of a person, country and/or constituency
when informed or aware of a threatening event such as cyber-criminal activities (Rippetoe & Rogers
1987). This behavior is thus directly influenced by a commensurate coping response which indicates
Volume 10 • Issue 1 • January-March 2018
19
the idea of making provision for cyber security. The coping response in this regard is the net result
of the person’s evaluation of the threat appraisal and coping appraisal. Threat appraisal in this
perspective refers to a person’s assessment of the level of danger posed by the threat (Prentice-Dunn
& McCleandon, 2001). It consists of perceived vulnerability, perceived severity, and reward such as
the intrinsic and extrinsic rewards of not adopting a recommended coping response. A good example
of reward for cybercrime involves the psychological pleasure and peer approval (Prentice-Dunn &
McClendon 2001). The second idea revolves around the coping appraisal which has something to do
with an individual, nation or regional assessment of the capacity to cope with and/or avert the loss
and damage resulting from threats and/or danger of cybercrime. It is also made up of self-efficacy,
response efficacy, and response cost of adopting cybercrime behavior. In cybercrime for example,
self-efficacy refers to criminal’s confidence being involved in the act, response efficacy to the
consequence of the act, and the response cost to pull out or stop cybercriminality. For a continent
plagued by growing level of insecurity such as food insecurity, conflict and poverty, vulnerability
and dependency in technology and scientific advancement, averting cybercrime activities, as well as
developing effective response towards cyber threats in telecommunications issues warrants appropriate
attention and high precedence (Rippetoe & Rogers, 1987).
In today’s information-centric society, the securing of information for information communication
technologies (ICT) as well as ICT users has become a matter of overriding significance. For instance,
the Internet continues to be threatened by numerous risks, such as the exploitation of private
information (Riem, 2001; De Joode, 2011). Thus, Internet users are at risk of having their private
information compromised and misused. Consequently, different stakeholders in ICTs and society
especially in Africa have long acknowledged this, and have consequently implemented some level
of information security strategies. Unfortunately, many of these information security strategies are
innately flawed, as the components of such an information security strategy and its management
involves processes, technology and people (Atkinson, Furnell & Phippen, 2009). A good example is
a scenario where the most challenging attacks exploit human vulnerabilities rather than technological
ones, which are easier to remediate. Increasingly though, cybercrime organizations use information
gleaned from social-networking sites to craft highly targeted “phishing” attacks that entice individuals
or systems administrators to click on links that will install spyware on their laptop. Cyber criminals
exploit the vulnerability of millions of inexperienced users and dupe them with unsophisticated
or well-worn scamming techniques. Although processes and technologies can be created to be
theoretically secure, how accurately secure they are depends on the people involved in their use as
well as their implementation (Klimburg, 2012). This is because, in many of these cases, laypeople
especially in Africa with high illiteracy rate are not aware of the cyber danger surrounding them. They
are just happy that they can operate their gadgets and it would seem not enough is done to train and
educate them in using these gadgets safely. This however, confirms why Jensen express fears that,
“the availability of specialist training in telecommunications is currently extremely limited on the
continent of Africa” (Jensen, 2001). Furthermore, whether people use the technologies in a secure
manner and follow the secure processes completely and correctly can drastically affect the extent to
which these components are secure, because people can consciously and unconsciously become a
threat to any information security strategy (Thomson, Von Solms & Louw, 2006). As a result of this
failing, many scholars are of the opinion that communication, education and awareness is integral
part in cyber security culture and a critical enabler for cybersecurity governance.
According to Thomson, Von Solms and Louw (2006), many users lack awareness and knowledge;
consequently, they are ignorant of the need to protect their personal and confidential information.
Moreover, users’ insecure online behaviour makes them easy targets for exploitation. The lack of
cyber-security awareness amongst adults negatively impacts their role of protecting the children
Volume 10 • Issue 1 • January-March 2018
20
in their care (Kortjan & Von Solms, 2013). In this regard, Kortjan and Von Solms (2013) further
argue that many parents are not knowledgeable of the threats apparent online; and therefore, they
are unable to teach their children about secure online behaviour. As a result, the safety of children is
also compromised. Lack of knowledge is viewed as an important factor that contributes to insecure
online behaviour by Internet users. As a result, people are seen as a severe threat to each other’s
security” (Mitnick & Simon, 2001). In addition, such lack of the relevant knowledge has made the
African population easy targets for hackers and botnet operators (Kritzinger & Von Solms, 2012). In
view of the consequences of the lack of knowledge, cyber-security and awareness therefore become
issues of fundamental importance.
Christensen (2003) affirms that promoting cyber-security awareness would contribute greatly
towards cyber-security culture and subsequently toward building a relevant and efficient cyber-security
governance system. Awareness and education can provide Internet users with the ability to recognise
and circumvent any risks that are apparent online (Kritzinger & Padayachee, 2013). Additionally,
education plays a critical part in cultivating a culture of secure behaviour amongst Internet users.
While the working class may be getting some form of cyber-security awareness and education from
industry, for home users and society at large, a national campaign for cyber-security awareness and
education is urgently required (Christensen, 2003). In this context, it is the role of the government
and other stakeholders to empower all levels of society by providing the necessary knowledge and
expertise to act securely online.
Ethical issues long preceded information communication technologies (ICTs). Nevertheless,
information communication technologies (ICTs) has heightened ethical concerns, taxed existing
social arrangements, and made some laws obsolete or severely crippled. Information technologies
and systems have also created new opportunities for criminal behavior and mischief (Cole, Chetty,
LaRose, Reitta, Schmitte & Goodman, 2008). There are four key technological trends responsible
for these ethical stresses. Cyber-attacks have the potentials of having powerful impacts on people’s
lives, as well as societies. Consequently, governments and other stakeholders are expected to have
responsibility to protect the citizens, as well as the economic activities that goes on in the society.
In short, we generally expect governments to act to protect the security of people and the society.
But as recent examples show, there is public concern about what state security agencies do in pursuit
of national security. Many potential cyberattacks and responses pertain to ethical trade-offs: security
vs. privacy, individual rights vs. an overall public good, the placing of burdens on particular groups
over others (Rowe, Reeves & Gallaher, 2009). In this regard, the critical reasoning tools found in
practical ethics play an essential role in identifying where value conflicts arise, and offer ways of
justifying responses that help to resolve such conflicts of interest in the digital environment.
Ethics implies the idea of acting as free moral agents. In this sense, one is expected to make
choices which will guide one’s behaviors. The corollary therefore is that information communication
technologies (ICTs) raise new ethical questions for both individuals and societies because they create
opportunities for intense social change, and thus threaten existing distributions of power, money,
rights, and obligations (Rein, 2001). Like other technologies, such as steam engines, electricity, the
telephone, and the radio, information communication technologies (ICTs) can be used to achieve
social progress, but it can also be used to commit crimes and threaten cherished social values. The
development of information communication technologies (ICTs) will produce benefits for many and
costs for others. Thus, ethical issues in information communication technologies (ICTs) have been
given new urgency by the rise of the Internet and electronic commerce (Tavani, 2006). Internet and
digital firm technologies make it easier than ever to assemble, integrate, and distribute information,
unleashing new concerns about the appropriate use of customer information, the protection of personal
privacy, and the protection of intellectual property. Service providers and some stakeholders with
Volume 10 • Issue 1 • January-March 2018
21
skilled and specialized understanding can manipulate the information communication technologies
(ICTs) systems by submitting phony records, and diverting cash, on a scale unimaginable in the
pre-computer era.
Other serious ethical issues raised by information communication technologies (ICTs) include
establishing accountability for the consequences of information systems, setting standards to safeguard
system quality that protects the safety of the individual and society, and preserving values and
institutions considered essential to the quality of life in an information communication technologies
(ICTs) society (Bullock, 2005). Anytime one is engaged with information communication technologies
(ICTs), it may be necessary to ask certain pertinent and salient questions, such as, “What is the ethical
and socially responsible course of action to take or expect?”
Ethical choices are decisions made by individuals who are responsible for the consequences
of their actions. Responsibility is a key element of ethical action in information communication
technologies (ICTs) environment (Essien, 2015). Responsibility means that you accept the potential
costs, duties, and obligations for the decisions you make. Accountability is another feature of
information communication technologies (ICTs) systems and social institutions. This however
means that mechanisms must have tobe put in place to determine who took responsible action, who
is responsible, etc (Nissenbaum, 2005). The information communication technologies (ICTs) systems
and institutions in which it is impossible to find out who took what action are inherently incapable
of ethical analysis or ethical action. Similarly, liability extends the concept of responsibility further
to the area of laws. Liability is a feature of political systems in which a body of laws is in place that
permits individuals to recover the damages done to them by other actors, systems, or organizations.
In addition to that is the concept of due process in which some feature of law governs the societies
and is a process in which laws are known and understood and there is an ability to appeal to higher
authorities to ensure that the laws are appropriately applied (Himanen, 2001). These basic concepts
form the underpinning of an ethical analysis of information communication technologies (ICTs) as
well as those who manage it.
It is pertinent to note that, information communication technologies (ICTs) are filtered through
social institutions, organizations, and individuals. In earnest, information communication technologies
(ICTs) do not have impacts by themselves. Whatever impacts of information communication
technologies (ICTs) that exist are the products of institutional, organizational, and individual actions
and behaviors. Similarly, responsibility for the actions, inactions, and the consequences of the usage
of information communication technologies (ICTs) clearly falls on the institutions, organizations, and
individual that manages and uses these technologies. The process of using information communication
technologies (ICTs) in a socially responsible manner means that you can and will be held accountable
for the consequences of your actions (Borge, 2002).
Cybersecurity has become a big menace in Nigeria. This is specially so because of the weak
infrastructure, poor legal framework, inadequate security facilities, derisory manpower, and deficient
resource base. Nonetheless, the fight against cybercrime requires coordinated effort among all
stakeholders such as government bodies, educational institutions, business organisations and law
enforcement authorities (Wada & Odulaja, 2012). It is worth mentioning that digital developments
in Africa in general and Nigeria in particular are already moving at a faster pace and the society
is changing profoundly. However, new challenges arise alongside this growth tempo just as the
increasing technological exposure poses its own vulnerabilities and risks. For instance, it is argued
that the volume of threat in Nigeria is massive, with 286 million different virus samples counted (783,
562 samples per day; 32, 648 samples per hour; 544 samples per minute and about nine samples per
second) on a yearly basis (Longe & Chimeke, 2008). Figure 1 shows the lifecycle of Cyber Security.
Volume 10 • Issue 1 • January-March 2018
22
This presents a very dangerous portrait as hackers could invade the airport control tower and
release information that could compromise weather and traffic signals to pilots in-flight. In this
situation, the dire consequences are that planes may disappear just as it was popularly suspected that
the Malaysian flight MH370 that departed from Kuala Lumpur International Airport on 8 March 2014
and got missing enroute to Beijing may have been a victim of cyber terror attack (Agboola, 2006).
The consequences could also be disastrous if hackers invade the defence, oil and gas, banking and
telco sectors. Considering the borderless nature of cybercrime and emerging cybersecurity threats in
contemporary time, the only viable way forward in fighting cybercrime is through multi-stakeholder,
inter-agency, bilateral and multilateral collaboration and cooperation.
Today, the challenges of information communication technologies (ICTs in Nigeria on achieving
a level of technological security in order to prevent and control risks; contribute to the economy and
guarantee access to information to individuals while at the same time creating a climate of confidence
and trust in ICTs and protecting rights and freedoms is quite enormous (Ahmed, 2008). On the
appendage of this development, the Global tracking of cyber-attacks in Africa indicate that Nigeria is
among countries with high cases of software piracy, intellectual property theft and malware attacks.
This situation presents a serious challenge to the country’s resolve to take advantage of the enormous
opportunities that Internet brings, while balancing and managing its associated risks. Table 1 shows
the Nigerian Cyber Security Threat Landscape.
This is however manifest in the 2014 Annual report of the Nigeria Deposit Insurance Corporation
(NDIC), which shows that, between 2013 and 2014, fraud on e-payment platform in the Nigerian
Figure 1. Cyber Security Lifecycle
Volume 10 • Issue 1 • January-March 2018
23
banking sector increased by 183 per cent. Similarly, a report published in 2014 by the Centre for
Strategic and International Studies, UK, estimated the annual cost of cybercrime in Nigeria to be about
0.08 per cent of our GDP, representing about N127 billion (about 402,855 million US Dollars) (Essien,
2015). Cybersecurity no doubt has become a part of our day-to-day lives in contemporary society and
it is something that can have a momentous negative impact on both individuals and organizations.
Its implications have the capacity to touch on human factors, legal and compliance, leadership and
governance, information risk management and business continuity. This explains why in May 2015,
the cybercrime bill was signed into law in Nigeria by erstwhile President Goodluck Jonathan. The
implications of this to individuals and corporations are that cybercrime is now properly defined and
legal consequences are attached to any defiance of this law.
Relatedly, several initiatives directed at protecting the interests of Nigerians in cyberspace have
been put in place, such as the National Information Technology Development Agency (NITDA),
Nigerian Communications Commission (NCC), Economic and Financial Crimes Commission (EFCC)
and more, while laying the requisite groundwork for Information and Communication Technologies
(ICTs) that would foster development and aid growth in the Nigerian society, have also been made
working (Olasanmi, 2010). In the same vein, agencies have been created to work towards curbing
the menace of cybercrime. They include a number of Ministries, Departments and Agencies (MDAs)
established to undertake various stratagems toward bringing the problem of cybercrime under control.
Some notable cybercrime initiatives include setting up a National Cybercrime Working Group
(NCWG) that had stakeholders drawn from the law enforcement agencies, the financial sector and
ICT professionals; and a scheme of Computer Emergency Response Team (CERT) center by NCWG
and NITDA (Olasanmi, 2010).
However, what is particularly intriguing about cybersecurity and its challenges is the way and
manner in which the cyber-attacks are carried out and/or sponsored. This perhaps is due to the fact
that by the nature of cyberspace, which does not have define jurisdiction by air, sea or by land,
the perpetrators of cybercrimes do not only remain ubiquitous but dangerous. A good example of
cybersecurity and its challenges in Nigeria in particular and Africa in general is the incident in August
2012, when Boko Haram, the insurgent group responsible for several thousands of deaths, kidnaps
and bombings in Nigeria reportedly hacked the personnel records and databases of the Directorate
of Secret Service, the Nigeria’s secret police popularly known with the acronym DSS or SSS. Boko
Haram group were able to successfully compromise the covert personnel data system of the DSS
(Essien, 2015). This however, culminated into database breach revealed the names, addresses, bank
information and family members of current and former personnel assigned to the country’s undercover
policy agency.
Rationalizing the show of aggression on the security outfit, the Boko Haram group held that
the security breach was carried out in order to get back at the government and protest the Nigerian
Table 1. Nigerian Cyber Security Threat Landscape
Target Sectors of the Cyber crime in
Nigeria
1. Government Agencies, Nigerian Think Tanks
2. Nigerian Media, Communication service providers
3. Various Sectors of the Nigerian economy (Financial, Petroleum/Oil and
gas, Retail, Power and energy, ICT, etc.)
4. High Profile Government Websites
5. Industries, parastatals and private establishments etc
Tactics adopt by cybercrime fraudsters
in Nigeria
1. Spear Phishing
2. Software Hijacking
3. Specific Nigerian Firewall and AV Targeting
4. Malware, Spyware and Adware
5. DDOS
6. Colluding With insiders
Volume 10 • Issue 1 • January-March 2018
24
government handling of issues involving the insurgents especially the none release of their members
detained in various prisons across the country. Interestingly, this case scenario obviously depicts
the facts that no nation is strictly speaking immune from cyberspace attacks irrespective of status.
But the preponderance swings heavier in developing economies such as Nigeria (Longe, Mbarika,
Kourouma, Wada & Isabalija, 2009).
Though cybercrime encompasses a broad range of illegal activities perpetrated electronically, it can
be generally divided into five broad categories with detachments such as intrusive offences, content-
related offences, copyright and trademark-related offences, computer-related offences, and combination
offences. However, the complexity in types and forms of cybercrime increases the difficulty to fight
back and/or provide commensurate security. According to Symantec corporation, there are several
contributing factors that attract cybercriminals to operate in specific countries and regions of the world
such as access to broadband connections and/or uninterrupted internet connectivity. Nonetheless,
the cybercrimes landscape in Nigeria can be categorised into two segments for easy comprehension
as indicated in Figure 2.
There is an endless list of possible crimes that can occur through the use of the Internet and
computer. Worldwide, the predominance of electronic pathways in most payment system has made
them ready targets for fraudsters. This study attempts a description of a good number of the widespread
forms of electronic fraud technique common in many countries especially developing countries like
Nigeria.
Identity theft is a form of fraud where a person using another person’s personal information to engage
in fraudulent activities. It can take many forms, from fraudulent credit card use, to your entire identity
being used to open accounts, obtain loans, and conduct other illegal activities. Be suspicious if anyone
asks you for your personal information. Scammers use convincing stories to explain why you need
to give them money or personal details.
Card skimming involves the illegal use of a skimming device to copy, capture and collect data from
magnetic stripe and PIN on credit and debit cards. The captured card and PIN details are encoded
onto a counterfeit card and used by an identity thief to make fraudulent account withdrawals and
transactions in the name of the actual account holder. Skimming can occur at any bank ATM or via
a compromised POS machine. Usually, fraudsters would attach false casing and PIN pad overlay
devices on genuine existing ATMs, or they can attach a disguised skimming device onto a card
reader entry used in tandem with a concealed camera to capture and record PIN Entry. This has
resulted numerous fraudulent activities across many countries especially in developing countries and
particularly in Africa with Nigeria in the forefront. That explains why the Central Bank of Nigeria
reported recently that the Nigerian banking sector lost over ₦20bn through internet fraud and the
impact on the nation’s cashless policy is significant (TNB, 2015). Table 2 breaks down the reported
fraud by volume and value.
Although the volume of fraud cases reported in 2015 and 2014 had increased by 78% and 70%
respectively relative to cases reported in 2013: the value of attempted fraud cases reported in 2014
and 2015 decreased by 60% and 50% respectively. The actual loss associated with fraud cases reported
in 2015 and 2014 increased by over 1000% relative to 2013 loss. Similarly, actual fraud loss as a
percentage of attempted fraud increased to 80% and 85% in 2014 and 2015 respectively from 3% in
2013. Table 3 shows the distribution of actual loss through Cyber Fraud.
Volume 10 • Issue 1 • January-March 2018
25
Phishing is a form of social engineering that attempts to steal sensitive information such as usernames,
passwords, and card numbers usually for malicious reasons, by disguising as a trustworthy entity
in an electronic communication. A fake website is created to look similar to that of a legitimate
organization, typically a financial institution such as a bank or insurance company. An email or SMS
is sent requesting that the recipient accesses the fake website and enter their personal details, including
security access codes. The page looks genuine but users entering information are inadvertently sending
their information to the fraudster.
Figure 2. Categories of Cybercrimes prevalent in Nigeria
Table 2. Reported fraud by volume and value
Year Attempted Fraud (Volume) Attempted Fraud (Value) Actual Loss (Value)
2013 882 19,148,787,069 486,194,350
2014 1,461 77,501,527,748 6,215,987,323
2015 1,912 85,412,253,761 7,546,339,281
Source: Nigeria Inter-Bank Settlement System (NIBBS) E-Payment Fraud
Volume 10 • Issue 1 • January-March 2018
26
Viruses and Trojans are harmful programmes that are loaded onto computers without the owners’
knowledge. The goal of these programmes may be to obtain or damage information, hinder the
performance of your computer, or flood you with advertising. Viruses spread by infecting computers
and then replicating. Trojans appear as genuine applications and then embed themselves into a
computer to monitor activity and collect information.
Spyware and adware is an injurious programme used by cyber criminals to attack unsuspecting
individuals and their system devices. When clicking on pop-up advertisements – ones that “pop up”
in a separate browser window – it’s possible you are also downloading “spyware” or “adware”. These
programmes often come bundled with free programmes, applications or services you may download
from the Internet. Spyware or Adware software covertly gathers your user information and monitors
your Internet activity, usually for advertising purposes.
In the emerging software-driven information society, it is difficult for any nation or institution to
shut itself out of the cyberspace. The internet as the world knows it has given birth to e-government,
e-health, e-commerce, e-education, e-agriculture, e-learning, online music, and e-banking, online
banking, and all sorts of convenience in the society. Therefore, the management and security of the
cyberspace is of paramount concern to the multi-stakeholders, driving the process, from the public to
the private entities. This is because cybercrime is costing the continent of Africa billions of dollars.
Cybersecurity exposes the limitlessness of the cyberspace and erodes the national borders. This
constitutes some of the features of the new technology which represents one of the most serious
economic and security challenges facing every nation today, Nigeria inclusive.
Today, the negative frontiers of cyberspace that Africa like the rest of the world has to contend
with as the negative outcome of cyber threats such as malware, cyber harassment, Spoofing, Phishing,
Spam, Pharming, Hacking, Viruses, Trojans, Worms, Child Online pornography and spyware. The
ubiquitous cyberspace is fast turning a danger zone in spite of the huge successes and positive attributes
that the digital environment has introduced as an integral part of the modern information society.
Nonetheless, with the exponential growth in digital connections on the African continent and the
Table 3. Distribution of Actual Loss in NGN through Cyber Fraud
Channel 2013 –value 2014 –value 2015-Value % change
ATM 54,99,829.00 2,688,669,292.00 7,744,472,198.00 4788.50%
POS 5,851,443.00 157,610,831.00 183,542,663.00 2593.54%
Across counter 13,851,780.00 140,813,927.00 162,778,429.00 916.58%
Web 109,295,898.00 1,031,239,284.00 1,473,178,246.00 843.53%
Internet banking 271,762,696.00 2,120,881,512.00 2,762,664,835.00 680.42%
E-Commerce 13,948,390.00 58,994,920.00 64,785,895.00 322.95%
Mobile 6,787,544.00 13,328,957.00 19,759,663.00 96.37%
Cheques 8,693,770.00 4,448,600.00 5,623,744.00 48.83%
Total 485,191,350.00 6,215,987,323.00 12,416,805,673.00
Source: Nigeria Inter-Bank Settlement System (NIBBS) E-Payment Fraud
Volume 10 • Issue 1 • January-March 2018
27
potential growth trajectory for cybercrime related incidence, analysts have called for improved cyber
security throughout Africa, from personal computers to corporations and indeed government digital
networks. A number of experts have however argued that the fissure between the growth in cybercrime
in Africa and cyber security awareness can be best addressed in a comprehensive multi-sectoral policy.
This will nevertheless involve the perspective of good legislation, technical measures, institutional
structures, cyber security education and international multi-stakeholder cooperation mechanisms.
Though the magnitude of cybersecurity challenges in the African continent in general and Nigeria in
particular is enormous, the capacity to win the fight against cybercrime is an overriding concern of all.
Volume 10 • Issue 1 • January-March 2018
28
Agboola, A. A. (2006). Electronic Payment Systems and Tele-banking Services in Nigeria. Journal of Internet
Banking and Commerce, 11(3). Retrieved 30 April, 2016 from http://www.arraydev.com/commerce/jibc
Ahmed, I. (2008, October 28). Nigeria: N10 Billion Lost to Bank Fraud in 2007 – NDIC, Daily Trust.
Akuta, E., Ong’oa, I., & Jones, C. (2011). Combating Cyber Crime in Sub-Sahara Africa; A Discourse on Law,
Policy and Practice. Journal of Peace, Gender and Development Studies, 1(4), 129–137.
Alexander, H. (2008). National collective action and economic performance. International Studies Quarterly,
5(3), 24–39.
Atkinson, S., Furnell, S., & Phippen, A. (2009). Securing the next generation: Enhancing e-safety awareness
among young people. Computer Fraud & Security, 12(4), 13–29. doi:10.1016/S1361-3723(09)70088-0
Atta-Asamoah, A. (2010). Understanding the West African cyber-crime process. African Security Review, 18(4),
105-114. Institute for Security Studies. Retrieved 15 February 2016 from http://www.tandfonline.com/doi/s/10.
1080/10246029.2009.9627562?journalCode=rasr20#.Uu9NOPtdx8E
Bullock, J. (2005). Introduction to Homeland Security (1st ed.). Butterworth: Heinemann.
Cassim, F. (2011). Addressing the growing spectre of cybercrime in africa: evaluating measures adopted by South
Africa and other regional role players. Comparative and International Law and Justice South Africa, 44, 123–138.
Chiemeke, S. C., Evwiekpaefe, A., & Chete, F. (2006). The Adoption of Internet Banking in Nigeria: An Empirical
Investigation. Journal of Internet Banking and Commerce, 11(3).
Cole, K., Chetty, M., LaRose, C., Rietta, F., Schmitte, D. K. & Goodman, S. E. (2008). Cybersecurity in Africa:
An Assessment. Retrieved 12/2/2016. from http://s3.amazonaws.com/zanran_storage/www.cistp.gatech.edu/
ContentPages/43945844.pdf
DeJoode, A. (2011). Effective corporate security and cybercrime. Network Security, (3), 16-28.
Essien, E. D. (2015). The Challenges of Public Administration, Good Governance and Service delivery in
the 21st Century. International Journal of Civic Engagement and Social Change, 2(2), 55–66. doi:10.4018/
IJCESC.2015040104
Himanen, P. (2001). The Hacker Ethic: A Radical Approach to the Philosophy of Busines. New York: Random
House.
Jensen, M. (2001). ICT in Africa. Retrieved 22/02/2016 from http://goo.gl/mYhTR
John, H. (2013). An Epic Year For Data Breaches With Over 800 Million Records Lost. Naked Security. Retrieved
07/03/2016 from http://nakedsecurity.sophos.com/2014/02/19/2013-an-epic-year-for-data-breaches-withover-
800-million-records-lost
Klimburg, A. (Ed.). (2012). National Cyber Security Framework Manual. NATO CCD COE Publicaions.
Kortjan, N., & von Solms, R. (2013). Cyber security education in developing countries: A South African
perspective. In e-Infrastructure and e-Services for Developing Countries (pp. 289–297). Springer.
Kritzinger, E., & Padayachee, K. (2013). Engendering an e-safety awareness culture within the South African
context. In Proceedings of AFRICON. IEEE.
Kritzinger, E. & von Solms, S. H. (2012). A framework for cyber security in Africa”. Journal of information
assurance and cybersecurity, 12(2), 37-51. doi:10.1109/AFRCON.2013.6757708
Kumar, N. (2010). Africa Could Become the Cybercrime Capital of the World. Retrieved 17 March, 2016 from
http://www.psfk.com/2010/04/africacould-become-the-cybercrime-capital-ofthe-world.html
Leeuw, F. L., & Leeuw, B. (2012). Cyber society and digital policies: Challenges to evaluation? Evaluation,
18(1), 111–127. doi:10.1177/1356389011431777
Longe, O. B. & Chiemeke, S. C. (2008). Cybercrime and Criminality in Nigeria- What roles are internet Access
Points in Playing. European Journal of Social Sciences, 6(4).
Volume 10 • Issue 1 • January-March 2018
29
Longe, O. B, Mbarika, V., Kourouma, M., Wada, F. & Isabalija, R. (2009). Seeing Beyond the Surface:
Understanding and Tracking Fraudulent Cyber Activities. International Journal of Computer Science and
Information Security, 6(3), 124-135.
McQuade, S. (2005). Understanding and Managing Cybercrime. Allyn & Bacon.
Mitnick, K. D., & Simon, W. L. (2001). The art of deception: Controlling the human element of security. John
Wiley & Sons.
Nissenbaum, H. (2005). Where Computer Security Meets National Security. Ethics and Information Technology,
7(2), 61–73. doi:10.1007/s10676-005-4582-3
Olasanmi, O. O. (2010). Computer Crimes and Counter Measures in the Nigerian Banking Sector. Journal
of Internet Banking & Commerce, 15(1). Retrieved 12/03/16. from http://www.arraydev.com/commerce/jibc/
Prentice-Dunn, S., & McClendon, B. T. (2001). Reducing Skin Cancer Risk: An Intervention Based on
Protection Motivation Theory. Journal of Health Psychology, 6(3), 321–328. doi:10.1177/135910530100600305
PMID:22049376
Reid, R., & Van Niekerk, J. (2014). Towards an Education Campaign for Fostering a Societal, Cyber Security
Culture. Plymouth: Centre for Security, Communications & Network Research Plymouth University.
Riem, A. (2001). Cybercrimes of the 21st Century. Computer Fraud & Security, 18(4), 12–35. doi:10.1016/
S1361-3723(01)00417-1
Rippetoe, S., & Rogers, R. W. (1987). Effects of Components of Protection-Motivation Theory on Adaptive
and Maladaptive Coping with a Health Threat. Journal of Personality and Social Psychology, 52(3), 596–604.
doi:10.1037/0022-3514.52.3.596 PMID:3572727
Rogers, R. W. (1975). A Protection Motivation Theory of Fear Appeals and Attitude Change. The Journal of
Psychology, 91(3), 93–114. doi:10.1080/00223980.1975.9915803 PMID:28136248
Rowe, B., Reeves, D., & Gallaher, M. (2009). The Role of Internet Service Providers in Cyber Security. Institute
for Homeland Security Solutions. Retrieved 13/2/2016 from https://www.ihssnc.org/portals/0/PubDocuments/
ISP-Provided_Security_Rowe.pdf
Tavani, H. T. (2006). Ethics and Technology: Ethical Issues in an Age of Information and Communication
Technology. John Wiley & Sons, Inc.
Thomson, K. L., von Solms, R., & Louw, L. (2006). Cultivating an organizational information security culture.
Computer Fraud & Security, 7(3), 17–31.
Wada, F., & Odulaja, G. O. (2012). Assessing Cyber Crime and its Impact on E-Banking in Nigeria Using Social
Theories. African Journal of Computing and ICT, 5(1), 69–82.
Volume 10 • Issue 1 • January-March 2018
30
Essien D. Essien is an Ethicist. He holds a doctorate degree in Social and Comparative Religious Ethics from
University of Ibadan, Ibadan, Nigeria. He currently teaches Social, Christian and Comparative Religious Ethics
in University of Uyo, Uyo, Nigeria. His area of research interest includes Environmental Ethics, Political Ethics,
Community and Religious Ethics. He is a member of many professional bodies and Associations. Dr. Essien has
published two books, six book chapters, and many journal articles in peer reviewed scholarly journals.
