Nigeria’s fight against payment fraud fight has entered the real-time era

Nigeria’s payment ecosystem has become one of Africa’s most remarkable digital success stories. Every day, billions of naira move instantly across mobile banking applications, POS terminals, internet banking platforms, agent networks, and real-time payment rails. But while payments have become faster, fraud has evolved even faster.

Nigeria’s payments system now moves money at a speed fraud teams cannot afford to trail behind. A scam can begin with a phone call, move through a compromised account, pass through mobile banking or a POS terminal, and cash out before a manual review has properly started.

Central Bank of Nigeria data shows 22.42 billion e-payment transactions worth ₦1.56 quadrillion, with internet, POS, mobile-app, and instant-payment channels carrying huge volumes of daily financial activity. Internet transfers alone reached 11.64 billion transactions worth ₦825.5 trillion, while POS transactions hit 6.4 billion, and mobile-app transfers reached 3.49 billion.

Digital payment fraud losses fell 51% to ₦25.85 billion in 2025, from ₦52.26 billion a year earlier, according to the Nigerian Inter-Bank Settlement System (NIBSS). The drop is welcome, but it should not make banks comfortable. The 2024 figure was heavily distorted by one ₦31.1 billion incident involving a single entity, while e-commerce, internet banking, POS, mobile and web platforms remain exposed to social engineering, insider abuse, SIM swap fraud, account compromise and phishing. Industry data shows fraud losses increasing by 13% between Q4 2025 and Q1 2026, rising from ₦4.08 billion to ₦4.59 billion.

Fraud has evolved into a sophisticated and highly organised ecosystem, continuously adapting its methods faster than many traditional control frameworks can respond.

For Nigerian banks, fraud prevention has to work across the full chain, rather than only at the point where the loss appears. A customer may be deceived outside the bank, the account may be accessed through a device or SIM change, and the money may move through a channel that looks legitimate in isolation. By the time the complaint reaches a fraud desk, the funds may already have been broken up, moved through mule accounts or withdrawn through an agent network.

Fraud no longer stays in one channel

Nigeria’s payments infrastructure has created reach that few markets can match. POS and agent networks have taken financial services deeper into everyday commerce. Mobile banking apps and instant payments have made digital transactions part of normal daily behaviour, while internet banking and web payments continue to facilitate high-value transfers.

That growth has widened the attack surface. Fraudsters do not need to defeat every control within a bank; they only need to find the weak join between channels, teams or processes. A rule that works for card fraud may miss an account takeover. A mobile-banking alert may not see what is happening in an agent network. A transaction that appears normal on its own may look very different when linked to a new device, recent beneficiary change or known mule pattern.

FITC’s fraud and forgery reports offer a banking-sector view, because its members include the Central Bank of Nigeria, the Nigeria Deposit Insurance Corporation and licensed banks. FITC recorded 18,000 cases in Q4 2024, followed by 12,347 cases in Q1 2025 and 14,697 in Q3 2025. The amounts involved and actual losses moved sharply across those quarters, showing why banks need to understand attempted fraud as well as completed losses.

Loss figures alone connect relevel whereattacks are forming, where controls are holding or how fraudsters are adapting their methods. Effective fraud prevention requires visibility into the entire fraud journey.

Insider risk belongs in the same model

External scams attract the most attention, but insider risk remains part of the same fraud environment. NIBSS has repeatedly highlighted insider involvement and the risk associated with staff linked to fraudulent activities moving between institutions when incidents are not properly reported.

Recent cases have kept that issue visible. In May 2025, Nigeria’s EFCC arraigned two Premium Trust Bank employees and others over an alleged attempted cyberattack involving server and domain credentials.

Banks, therefore, need fraud controls that look beyond customer transactions. Privileged access, unusual staff behaviour, data changes, internal approvals and links between employees and external actors all belong inside the monitoring picture. This does not mean treating every employee as a suspect. It means recognising that internal access can become part of the fraud route, especially when payments move instantly.

Regulation is moving in the same direction

The Central Bank of Nigeria has already signalled the kind of control environment it expects. Its reform programme includes migration of licensed payment systems to ISO 20022, alongside tighter requirements around payment terminals, agent banking, transaction monitoring and fraud response.

POS terminals are now being geo-tagged with exact GPS coordinates and connected to the National Central Switch. Acquirers, processors and payment terminal service providers are being required to connect to both NIBSS and UPSL. Reviewed agent-banking rules are also bringing more attention to agent location, oversight and exclusivity, which matters in a market where cash-out routes can be as important as the initial fraud event.

Banks have also been directed to reduce fraud response times to under 30 minutes, while baseline standards require automated monitoring capable of real-time detection, analysis and reporting of suspicious activity.

These measures are pushing the market towards richer data, better traceability and faster intervention. ISO 20022 should improve the structure of payment messages. POS geolocation should make merchant and agent activity easier to supervise. Real-time monitoring standards raise the bar for how quickly institutions spot and act on suspicious behaviour.

The message for banks is practical: combating evolving fraud in a fast digitalising payment ecosystem involves fraud prevention and controls that are adaptive and move closer to the payment flow.

What banks need now

For Nigerian banks, the next stage is enterprise-level fraud prevention. Internet banking, mobile, POS, agents, cards, instant payments, branches and internal systems cannot be treated as separate control environments when fraud is moving between them.

KYC also has to become more active. Onboarding checks are only the start; banks need to keep testing whether behaviour still matches the customer, account, device, merchant, agent or staff profile they expect to see.

Behavioural analytics can help banks understand what is normal for a customer, account, device, merchant, agent or staff user. Link analysis can show how accounts, devices, beneficiaries, employees and merchants relate to one another. AI and machine learning can help detect anomalies at speed, but only when they sit inside a controlled fraud operation with rules, analyst feedback, case management and governance.

In our work with banks and payment providers, the conversation has moved beyond whether a fraud platform can produce more alerts. The value is whether it can connect signals quickly enough to act while the transaction is still live: a suspicious login, a new beneficiary, an unusual POS cash-out pattern, staff access to account data and links to known mule activity.

That is the role BPC’s SmartVista is built to play: real-time monitoring, AI and rule-based scoring, behavioural analytics, link analysis and case management across internal and external fraud risks. For Nigerian institutions operating across switches, card networks, agent banking channels, branches and digital channels, the value is in seeing the transaction in context, not as an isolated alert.

The old model of putting one fraud tool around cards, another around digital banking and another around internal controls is becoming too slow and too narrow. Modern fraud prevention requires a unified view of customer, transaction, device, employee action and network relationship together.

Nigeria’s payment growth has been built on speed and reach. Fraud prevention now has to match both.

The future of fraud prevention will not be defined by how many alerts institutions generate after an event occurs. It will be defined by how effectively they can identify, assess, and disrupt fraudulent activity while transactions are still live. In a payment ecosystem measured in seconds, fraud management must operate in milliseconds.

Oladapo Adeosun is the Country Director for Nigeria, BPC.