Você está na página 1de 9


Diffusion of Cybercrime in the Nigerian CashLess Economy: Using Double Level Authentication
Ndunagu Juliana Ngozi and Okunade Oluwasogo Adekunle School of Science and Technology National Open University of Nigeria, 14/16 Ahmadu Bello Way, Victoria Island, Lagos
AbstractThe Central Bank of Nigeria (CBN) Policy on the Nigerian Cash-less economy is aimed at reducing the high usage of cash, moderate the cost of cash management and encourage the use of electronic payment channels. This paper is geared towards designing a double level authentication (password and biometric authentication) for a credit card user in order to reduce the number of credit card frauds in the e-payments channels. A flowchart was designed and an algorithm was used to describe the steps of the process. The basic authentication (password) has three chances of trial, while the biometric (fingerprint) has only one chance of trial since fingerprint is unique to each individual and do not change over time. The double-level authentication will require some modifications in both the software and hardware of the existing devices, thereby; demanding the manufacturers of devices to include biometric (fingerprint scanning) structure in all their new products for fraud free etransactions. It is recommended that every transaction should go through double confirmation before a user will have a successful e-transaction. Index Terms Internet, Cybercrime, e-payment, Cheque, Gross Domestic Product (GDP), Credit Cards, Fingerprint, Password.


IGERIA is a country with a population of over 160 million people; it is the largest country in Africa and accounts for 47 percent of West Africas population. Nige- ria is also the biggest oil exporter in Africa, with the larg- est natural gas reserves in the continent. With these large reserves of human and natural resources, Nigeria is poised to build a prosperous economy, significantly re- duce poverty, and provide health, education and infra- structural services to its population needs. The Gross Domestic Product (GDP) is one of the primary indicators used to gauge the health of a country's econo- my. It represents the total dollar value of all goods and services produced over a specific time period - you can think of it as the size of the economy. Nigerian GDP was ranked as follows: 41 out of 182 countries with $238.9million [1], 44 out of 190 countries with $193.7million [2], 39 out of 191countries with $247.1million [3]. 2008 Review of World Development, the United Nations Development Programme (UNDP) ranked Nigeria 157 out of 177 in Human Development Index; it was also among the Least Livable nations [4].

Practitioners and analysts have noted that a healthy banking sector is one of the keys to unlocking Nigerias full growth potential [5]. With this, the Central Bank of Nigeria (CBN) Governor introduced a cashless economic policy in Lagos State Nigeria-as a a pilot scheme which will aid in alleviating the suffering of Nigerians, since every CBN step on monetary policy and the likes impact directly on the lives of the people. The new policy will go a long way in the cost reduction of minting or printing bank notes and handling of cash. En- hancement of electronic payment and Information tech- nology and Centralized back-office system will be among the benefits [5]. Cash-less economies will fast-track the transition to a full digital economy, thereby bridging the wide gap between Nigeria and the developing Countries. Sweden (a developed country, where cashless policy is already in use), for the second year in a row, ranked first in the Global Information Technology Report released at the World Economic Forum in January 2010. The Econo- mist Intelligence Unit also put Sweden top of its latest digital economy rankings, in 2010. Both rankings measure how far countries have come in integrating Information and Communication Technologies (ICT) in their econo-

2012 JICT www.jict.co.uk


mies. The shrinkage of the cash economy is already making an impact in crime statistics. The number of bank robberies in Sweden plunged from 110 in 2008 to 16 in 2011 the lowest level since it started keeping records 30 years ago. Less cash in circulation makes business safer, both for the staff that handle cash and for the public [6]. If people use more cards, they are less involved in shadow economic activities [7]. The flip side of the new policy is the risk of cybercrimes. Mobile Banking is also an area where Nigerians should be wary, given that approximately 80 percent of the people are unbanked and use mobile phones to handle financial transactions. Malware targeting mobile devices doubled between August 2009 and December 2010, according to a recent study by Kaspersky Lab. In 2010, over 65 percent more new threats targeting mobile devices were detected than in the previous year; and over 1,000 variants from 153 different families of mobile threats were included in Kaspersky Labs databases by the end of 2010, the study found. Something has to be done to raise the bar of security cer- tification and network authentication in electronic trans- actions because the form of security these portals have is not what they should have in this kind of payment sys- tem.[8].This paper is concerned with the diffusion of cy- bercrime in the Nigerian cash-less economy. 2.0 Literature Review 2.1 Determining GDP GDP can be determined in three ways, all of which should, in principle, give the same result. They are (i) the product (or output) approach (ii) the income approach (iii) the expenditure approach. The most direct of the three is the product approach, which sums the outputs of every class of enterprise to arrive at the total. The ex- penditure approach works on the principle that all of the product must be bought by somebody, therefore the val- ue of the total product must be equal to people's total ex- penditures in buying things. The income approach works on the principle that the incomes of the productive factors must be equal to the value of their product, and deter- mines GDP by finding the sum of all producers' incomes [9]. 2.1.1 Expenditure Approach: GDP = private consumption + gross investment + government spending + (exports imports), or 2.1.2 Production approach

Market value of all final goods and services calculated during 1 year. "The production approach is also known as Net Product or Value added method. This method con- sists of three stages: 1. Estimating the Gross Value of domestic Out-

put in various economic activities; 2. Determining the intermediate consumption, services used

i.e., the cost of material, supplies and

to produce final goods or services; and finally 3. Deducting intermediate consumption from Domestic Out-

Gross Value to obtain the Net Value of put. 2.1.3 Income approach

Formula for GDP by the income method is: Where R : rents I : interests P : profits SA : statistical adjustments (corporate income taxes, divi- dends, undistributed corporate profits) W : wages 2.2 e-Payment

e- payment is a subset of an e-commerce transaction to include electronic payment for buying and selling goods or services offered through the Internet. Generally we think of electronic payments as referring to online trans- actions on the internet, there are actually many forms of electronic payments. As technology developes, the range of devices and processes to transact electronically contin- ues to increase while the percentage of cash and cheque transactions continues to decrease. The Internet has the potential to become the most active trade intermediary within a decade. Also, Internet shop- ping may revolutionize retailing by allowing consumers to sit in their homes and buy an enormous variety of


products and services from all over the worlds. Many businesses and consumers are still wary of conducting extensive business electronically. However, almost eve- ryone will use the form of e- Commerce in near future.

Figure 2.1: Process of e-payment 2.2.1 Types of e-payment The following are common types of electronic payments today: Cards Internet , Mobile Payments, Financial Service Kiosks Television Set-Top Boxes and Satellite Receiver Biometric Payments Electronic Payments Networks Person-to-Person (P2P) Payments


Figure 2.2: Types of e-payment and Initiatives


Computer crime refers to any crime that involves a com- puter and a network [10]. The computer may have been used in the commission of a crime, or it may be the target [11]. Netcrime refers to criminal exploitation of the Inter- net [12]. Cybercrimes are defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputa- tion of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommuni- cation networks such as Internet and mobile phones (Short Messages Service/ Multimedia Messages Service (SMS/MMS)) [13]. Such crimes may threaten a nations security and financial health [14] 2.3 Types of Cybercrime The following are some types of Cybercrime namely: Hacking, Credit Card Fraud, Phishing, Cyber Stalking, Cyber Defamation, etc 2.4 Credit Card Fraud. Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar pay- ment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft. The fraud begins with either the theft of the physical card or the compromise of data associated with the account, in- cluding the card account number or other information that would routinely and necessarily be available to a merchant during a legitimate transaction. The compro- mise can occur by many common routes and can usually be conducted without tipping off the card holder, the merchant or the issuer, at least until the account is ulti- mately used for fraud. A simple example is that of a store clerk copying sales receipts for later use. The rapid growth of credit card use on the Internet has made data- base security lapses particularly costly; in some cases, millions [15] of accounts have been compromised. Stolen cards can be reported quickly by cardholders, but a compromised account can be hoarded by a thief for weeks or months before any fraudulent use, making it difficult to identify the source of the compromise. The cardholder may not discover fraudulent use until receiv- ing a billing statement, which may be delivered infre- quently. Cardholders can militate against this fraud risk by checking their account frequently to ensure constant awareness in case there are any suspicious, unknown transactions or activities. Other types of fraud using credit cards are the following:

Fraudulent Charges-Back schemes, Profit, losses and pun- ishment, famous credit fraud attack, Counter measures, compromised accounts. 2.5 Biometric authentication Computerworld - In this computer-driven era, identity theft and the loss or disclosure of data and related intel- lectual property are growing problems. We have multiple accounts and use multiple passwords on an ever- increasing number of computers and Web sites. Maintain- ing and managing access while protecting both the user's identity and the computer's data and systems has become increasingly difficult. Central to all security is the concept of authentication - verifying that the user is who he claims to be. We can authenticate an identity in three ways: by some- thing the user knows (such as a password or personal identification number), something the user has (a security token or smart card) or something the user is (a physical characteristic, such as a fingerprint, called a biometric). All three authentication mechanisms have drawbacks, so security experts routinely recommend using two separate mechanisms, a process called two-factor authentication. But implementing two-factor authentication requires ex- pensive hardware and infrastructure changes. Therefore, security has most often been left to just a single authenti- cation method. Passwords are cheap, but most implementations offer little real security. Managing multiple passwords for dif- ferent systems is a nightmare, requiring users to maintain lists of passwords and systems that are inevitably written down because they can't remember them. The short an- swer, talked about for decades but rarely achieved in practice, is the idea of single sign-on. . Using security tokens or smart cards requires more ex- pense, more infrastructure support and specialized hardware. Still, these used to be a lot cheaper than bio- metric devices and, when used with a PIN or password, offer acceptable levels of security, if not always conven- ience. Biometric authentication has been widely regarded as the most foolproof - or at least the hardest to forge or spoof. Since the early 1980s, systems of identification and au- thentication based on physical characteristics have been available to enterprise IT. These biometric systems were slow, intrusive and expensive, but because they were mainly used for guarding mainframe access or restricting physical entry to relatively few users, they proved work- able in some high-security situations. Twenty years later, computers are much faster and cheaper than ever. This, plus new, inexpensive hardware, has renewed interest in


biometrics. 2.5.1 Types of Biometrics A number of biometric methods have been introduced over the years, but few have gained wide acceptance, namely: Fingerprint, Signature, Iris, etc. 2.5.2 Authenticate a user through fingerprint bi- ometrics In theory, biometrics is a great way to authenticate a user: it's impossible to lose your fingerprint, you cannot forget it like you could a password, and it is unique to you. Fingerprints are unique to each individual and do not change over time. And because they are part of the individual, they can be accessed at any time without requiring the customer to carry an additional device or token. Once fingerprint is scanned it will give a unique data se- quence which if compromised is not exactly something you can change. Imagine having an option of only one password 'ever'. One loss and you are screwed [16]. As with all authentications, multiple factors increase the ef- fectiveness of the solution. Something you have (finger- print) combined with something you know (passcode) provides a stronger solution [16]. The good side of this double authentication is that the contents of any comput- er should be encrypted, and the access to its content se- cured by a password AND by biometrics. A biometric password is infinitely more difficult to recover using a brute force attack than a "normal" password [17] A complex passwords initially to thwart hacking, and secure access to the Windows log on, biometric, one-time password tokens or smartcards should be used because of the aforementioned reason.

3.0 Methodology 3.1 Flowchart: It consists of special geometric symbols connected by arrows $n= password counter



3.2 Algorithm: It is a step-by- step procedure for performing some task in a finite amount of time. Step 1: Let $passwordCounter = 0 Step 2: Display : Enter Password Step 3: Let $passwordCounter = $password- Counter+1 end Step 4: If $ passwordCounter > 3 Display: You have exceeded time al- lowed end Step 5: If $password = $dbpassword Display: Enter the Biometric Id Else Display: You have entered a wrong pass- word End Step 6: Let: $bioMetriCounter = $bioMetriCounter+1 Else Step 7: If $bioMetricId != $dbbioMetricId Display: You have entered wrong Bio- metric Id Else Display: You are welcome Dear $userName, Have a secure business transaction End Step 8: Have access to account database for transaction If you have more business transaction step 1 Else Stop End 3.3 Operational Sequence Step 1: Algorithm Initialize the counter for number of password attempt to be equal zero that is ($password- Counter = 0) Step 2: The algorithm requires the user to supply Pass- word Step 3: The password attempt will now increase by one (1) that is adding one (1) to the initial password counter value which was set to zero (0) initially, that is ($pass- wordCounter = $passwordCounter+1) Step 4: The number of password attempt will be check if beyond or within the specified range, that is if number of password attempt (>) greater than 3 times then the algorithm should display: You have exceeded time allowed then logout the user, otherwise Step 5: The user password will check against the already stored user password in the database, if the user supplied password is wrong compare to the already existing/stored user password in the database it will display to the user You have entered a wrong password then logout the user, otherwise

Step 6: The system will further request from the user to supply the Biometric Id and having supplied the Bio- metric Id Step 7: The system will check for the correctness of the user supplied biometric Id, if correct with the already stored users biometric Id in the database the system will display to the user You are welcome Dear $userName (that is your supplied user name), Have a secure business transaction then you can now proceed with your busi- ness transaction, this will enable you to have access to the account database for credit/debit transaction. Step 8: Having completed the initial transaction the sys- tem will ask if you have another transaction to make and if your answer is yes it will take you to the initial stage where you can start another transaction fresh but if oth- erwise the system will then logout the user entirely. 4.0 Discussion One of the objectives of the new policy on the Nigerian Cashless economy is to encourage the use of electronic payments channels [5]. In addition, practitioners and ana- lysts have noted that the new policy can unlock the na- tions potentials [5]. However, the flipside of the policy is the risk of Cybercrime, which can threaten a nations Se- curity and financial health [14]. Again, millions of credit cards on the internet have been compromised [15]. The design and implementation of a double level authen- tication confirmation by this paper for the Nigerian Cash- less economy will avert the threat on the e-payment channels since biometric authentication has been widely regarded as the most foolproof and at least the hardest to forge[15]. There will be need for new structure in hardware, that is, manufacturers of devices will need to include biometric structure in their new products for transactions in order to accommodate some of the ideas in this paper, specially, a structure for fingerprint scanning. 5.0 Conclusion Without a double level authentication confirmation of e- payment channels in Nigerian Cash-less economy, the new policy will not realize its dream of boosting the na- tions economy, since a single cybercrime can wipe the countrys economy, a company, families savings or in- vestors billions of Naira.

[1] "Court filings double estimate of TJX 2007.http://www.securityfocus.com/news/11493. breach".



[3] [4]

[5] [6]

[7] [8]

[9] [10] [11]

[12] [13]

[14] [15]

David Mann And Mike Sutton (2011-11-06). ">>Net- crime".Bjc.oxfordjournals.org.http://bjc.oxfordjournals.org/cgi/c ontent/abstract/38/2/201. Retrieved 2011-11-10. David T. (2010), Pros and Cons of biometric Authentication Help Net Security. Dike V.E. (2010) Review of The Challenges Facing The Nigeri- an Economy: Is Jonathan The Answer? Journal of Sus- tainable Development in Africa (Volume 12). Field listing - GDP (official exchange rate), CIA World Factbook. 2010 Fraudwatch: (2011) A Threat to a Cashless Economy: Associa- tion for Financial Professionals, Inc. Published: 2011- 12-29. . Guardian (2012), The myths and facts of cash-less economy April 18. Halder, D., & Jaishankar, K. (2011) Cyber crime and the Victim- ization of Women: Laws, Rights, and Regulations. Hershey, PA, USA: IGI Global. ISBN: 978-1-60960-830-9 Internet Security Systems. March-2005 Karlsson P. (2012) Sweden moving towards cashless economy CBSNEWS World . CBSNEWS.COM Moore, R. (2005) "Cybercrime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: An- derson Publishing. Schneider F. (2012) Sweden moving towards cashless econo- my CBSNEWS World . CBSNEWS.COM Warren G. Kruse, Jay G. Heiser (2002). Computer forensics: inci- dent response essentials. Addison-Wesley. p. 392. ISBN 0201707195 World Bank. (2010). World Economic Outlook Database April 2012 International Monetary Fund. Data refer mostly to the year 2010.

teacher, He had attended many Seminars and Workshops, his Research Interest is in the area of Cyber Crime (Spam mail filtering) and Programming languages. He resides in Lagos, Nigeria.

[16] World Bank, Statistical Manual >> National Accounts >> GDPfinal output, retrieved (October 2009) "User's guide: Background information on GDP and GDP deflator". HM Treasury.http://www.hm-treasury.gov.uk/ data_gdp_backgd.htm. "Measuring the Economy: A Primer on GDP and the National Income and Product Accounts" (PDF). Bureau of Economic Analysis. http://www.bea.gov /national/pdf/nipa_primer.pdf. [17] Zeljka Z. (2010), Pros and Cons of biometric Authentication Help Net Security.
Biographies of Authors Ndunagu Juliana Ngozi is a Nigerian, the following are her qualifications: B.Sc (Mathematics) from University of Nigeria, Nsukka, M.Sc (Computer Science) from Enugu State University of Science and Technology, PGDE from National Teachers Institute, Kaduna and P.hD (Computer Science) from Ebonyi State University, Abakalikki. She is presently a lecturer at the National Open University of Nigeria, Lagos. Dr. Ndunagu has attended many seminars and workshops on Information and communication Technology (ICT), her research interest is on ICT and e-learning. She is happily married with three children. OkunadeOluwasogoAdekunle obtained his B.Sc. (Computer Science) from University of Ilorin, Nigeria and M.Sc. (Computer Science) From University of Ibadan (The Nigeria Premier University) Nigeria. He has taught Computer Science subjects at The Polytechnic Ibadan, Nigeria. He is presently a Lecturer II at the National Open University of Nigeria, Lagos, Nigeria. A logically sound and experienced