NAIJA CYBER LAWYER
Observations on cyberlaw/techno-legal and ICT issues which pertains specifically to Nigeria and occasionally on issues in other jurisdictions. The blog will also, from time to time, contain observations on law generally and sundry tips on computer use. Disclaimer: The views expressed are entirely that of the blogger and should not be substituted for professional advice.
Wednesday, 16 April 2025
Lawyer Sues Meta Over Unlawful Facebook Account Suspension
Saturday, 22 March 2025
Senator Ned Nwoko’s Data Protection Bill: A Wolf in Sheep’s Clothing?
The proposed Bill to Amend the Data Protection Act (SB 650, 2025), sponsored by Senator Ned Nwoko, has ignited fierce debate. While framed as a solution to tax evasion, unemployment, and digital accountability, critics argue the bill risks becoming a weaponized tool to stifle dissent and shield powerful elites—including its sponsor—from public scrutiny.
A History of Abusing Laws to Silence Critics
Nigeria already has a troubling track record of weaponizing laws like
the Cybercrimes Act 2015 and Criminal Defamation statutes to target
journalists, activists, and ordinary citizens. Recent examples include:
1 The activist and lawyer Dele Farotimi, was charged under the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (As
Amended) for alleged bullying and harassment and disseminating
false information for the purpose of causing breakdown of law and order,
through his online expressions .
2. Agba Jalingo’s Detention: The Cross River-based journalist was charged with
“cyberstalking” and treason after reporting on alleged corruption involving a
state governor. International outcry forced his release after months in
detention.
3. Abubakar Idris: The blogger, known as Dadiyata, vanished August 2, 2019 after criticizing Kaduna State politicians on social media. His whereabouts remain unknown.
4. #EndSARSCrackdown (2020): Authorities targeted protesters and supporters online,
freezing bank accounts and threatening social media users under “cyberbullying”
charges.
5. In September 2023, Chioma Okoli, a
Lagos-based entrepreneur, criticized Nagiko Tomato Mix on Facebook, calling it
overly sweet and suggesting it could be harmful. Her post garnered significant
attention, leading Erisco Foods to file a petition accusing her of defamation
and cyberbullying.
Subsequently,
Okoli was arrested by plainclothes police officers while attending church. She
was detained overnight in a cell with poor conditions before being transferred
to Abuja for further questioning.
The
manufacturer, Erisco Foods, accused her of defamation and cyberbullying. She
was arrested during church, detained overnight, and transferred to Abuja under
Nigeria’s Cybercrime Prohibition Act, facing up to three years in prison. The
case sparked public outrage, with Amnesty International condemning it as a
threat to free speech. While Erisco defended its actions, critics saw it as
corporate overreach and misuse of cybercrime laws to silence consumer opinions.
Okoli’s ordeal highlights the growing suppression of digital expression in
Nigeria.
These cases reveal how existing laws are abused to punish criticism, not
combat crime. Adding mandatory blogger registration and physical office
requirements risks amplifying this repression. As Amnesty International noted
in 2024, “Nigerian authorities increasingly conflate dissent with ‘fake news’
to justify censorship.”
The Hypocrisy of “Taxation” and “Accountability”
Senator Nwoko’s bill claims to target
“big tech tax evasion,” yet glaring contradictions undermine its credibility. The
alleged “$10
billion loss”
cited by Nwoko lacks verifiable data.
Major technology
companies such as Google, Meta (formerly Facebook), and others have been
contributing to Nigeria's tax revenues. According to a report by The Punch,
these companies paid approximately ₦3.85
trillion in taxes to the Federal Government during the first nine months of
2024. This amount includes both Company Income Tax (CIT) and Value Added Tax
(VAT), reflecting a 68.12% increase from the ₦2.29
trillion collected during the same period in 2023.
Similarly, the National Information Technology Development Agency (NITDA) reported that
foreign digital companies, including interactive computer service platforms and
internet intermediaries, contributed over ₦2.55
trillion (approximately $1.5 billion) in taxes in the first half of 2024.
These figures indicate a significant
increase in tax compliance and revenue from big tech companies operating in
Nigeria.
Forcing companies to open offices ignores
modern remote-work trends. Instead, Nigeria could adopt global models like the
OECD’s Digital Tax Framework, which ensures fair taxation without physical
presence mandates.
Meanwhile, the bill’s focus on bloggers—a loose term encompassing
millions of Nigerians—appears politically motivated. Requiring bloggers to
“register with a union” or maintain “verifiable addresses” creates bureaucratic
barriers that disproportionately affect small-scale creators and government
critics.
Ned Nwoko’s Personal Baggage and Motives
Critics allege Senator Nwoko’s bill is a retaliatory move to silence
online scrutiny of his lifestyle. The senator, married to actress Regina
Daniels (30 years his junior), has faced viral gossip about alleged affairs
with younger women, including actress Chika Ike. In 2025, blogs like
Instablog9ja amplified rumors linking him to Ike, sparking social media mockery.
Nwoko’s response? A fiery speech condemning “fake news” and “reckless bloggers.” Weeks later, SB 650 was tabled. When lawmakers rush to regulate speech after personal scandals, it reeks of vendetta, not public interest.
Better Solutions Exist
The misinformation crisis in Nigeria is real, but SB 650 is a dangerous
remedy. Alternatives include:
1. Public
Education Campaigns: Partner with the National Orientation Agency and civil
society to teach digital literacy, critical thinking, and fact-checking.
2. Strengthen
Existing Laws: Enforce penalties for proven defamation or incitement without
criminalizing free speech.
3. Incentivize
Big Tech Collaboration: Offer tax breaks for tech companies to establish local
hubs voluntarily, fostering jobs and cooperation on content moderation.
4. Protect Whistleblowers: By protecting and safeguarding citizens who expose corruption, the need for anonymous criticism would reduce.
Conclusion: A Democratic Backslide in Disguise?
Senator Nwoko’s bill risks entrenching authoritarianism under the guise
of “economic patriotism.” By conflating legitimate taxation goals with
oppressive registration schemes, it echoes tactics used by dictatorships to
mute opposition.
The digital space is the last frontier of free expression in Nigeria. Once regulated by
political interests, democracy itself is bound to collapse. For a nation already ranked 112th/180 on the Press Freedom Index, SB 650 could be the final nail in the
coffin.
Sunday, 15 December 2024
The Need to Narrow the Scope of Cybercrime Laws: Lessons from Dele Farotimi's Case
1.0 Introduction
Cybercrime
laws have become essential tools for combating crimes in the digital age,
addressing issues such as hacking, identity theft, and the spread of malicious software.
However, when these laws are broadened to include offenses that merely involve
ICTs (information and communication technologies) as a medium rather than a
direct target, they risk becoming instruments of overreach, censorship, and
abuse. The recent case of Nigerian activist and lawyer Dele Farotimi, charged
under the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (As Amended) for
alleged bullying and harassment and disseminating false information for the
purpose of causing breakdown of law and order, through his online expressions,
underscores why these laws should be restricted to core cybercrimes.
This
article examines the distinction between core cybercrimes and cyber-enabled
offenses, the risks posed by overbroad cybercrime laws, and the implications of
Farotimi's case for the future of digital rights and governance.
2.0 Understanding Core Cybercrimes
Core cybercrimes are offenses that inherently require ICT systems as both targets and tools. Without these technologies, these crimes would not exist. Examples of such crimes include spreading computer viruses, hacking a bank's servers to steal funds, or launching denial-of-service (DoS) attacks to disable websites are quintessential core cybercrimes. These activities are explicitly technological and could not occur without ICT systems. Without these technologies, these crimes would not exist. The Budapest Convention on Cybercrime, an international treaty regarded as the gold standard for defining cybercrimes, identifies five primary categories:
i. i. Illegal Access: Gaining unauthorized access to computer systems or networks.
ii. Illegal Interception: Eavesdropping
on communications without permission.
iii. Data Interference: Altering, deleting, or damaging data without authorization.
iv. System Interference: Disrupting the functionality of computer systems or networks.
v. Misuse of Devices: Creating or distributing tools (like malware) intended for committing cybercrimes.
3.0 Cyber-Enabled Offenses: A Different Domain
In
contrast, cyber-enabled offenses are traditional crimes carried out using ICTs
as a medium. Crimes like fraud, harassment, defamation, and even terrorism can
occur both online and offline. For example, using social media to harass
someone is a digital extension of harassment that does not require specialized
cybercrime laws to address. Similarly, spreading misinformation online is akin
to traditional defamation.
By
conflating these offenses with core cybercrimes, many nations have crafted
overly broad cybercrime laws, making it easier for authorities to exploit them
for political or oppressive purposes. For example, in Turkey, provisions of its
cybercrime legislation have been used to suppress online dissent and silence
critics of the government under the guise of combating cyber-related threats.
4.0 Dele Farotimi: A Case in Point
Dele
Farotimi faces multiple counts charge under the Cybercrimes (Prohibition, Prevention,
etc.) Act 2015 (As Amended), for statements made during YouTube interviews and
press conferences about his book "Nigeria and its Criminal Justice
System." The charges stem from his criticisms of alleged corruption in the
judiciary and his commentary on specific legal cases. Notably, these charges
primarily invoke Section 24(a) and 24(1)(b) of the Cybercrimes Act, which deal
with cyberstalking and false information dissemination. The charges appear to
target his online statements rather than any activity that constitutes a core
cybercrime.
Farotimi's
case demonstrates the dangers of conflating core cybercrimes with cyber enabled
crimes and the problematic expansion of cybercrime laws beyond their legitimate
scope:
i. Nature of the Activity:
Farotimi's actions - expressing opinions about the judiciary and sharing his
experiences - are traditional forms of speech that happen to use digital
platforms. They don't constitute inherently technological offenses.
ii. Platform vs. Crime: The only
"cyber" element in these charges is the use of YouTube as a
communication medium. The underlying activities (criticism, commentary,
allegations of corruption) are traditional forms of expression that predate the
internet.
5.0 Legal Discrepancy in Dele Farotimi's Cybercrime Charges
5.1. The Charges as Filed
5.1.1 Section 24(a) - Bullying and Harassing
Several
charges allege that Farotimi's statements were made "with the intention of
bullying and harassing" named persons. These statements include: (i)
comments about legal proceedings, (ii) observations about judicial conduct in
specific cases, (iii) criticisms of alleged corruption in the justice system
and (iv) expressions of opinion about systemic issues in the legal or justice
system.
5.1.2 Section 24(1)(b) - False Information
Other
charges claim his statements "contained false information for the purpose
of causing breakdown of law and order." The contested statements include:
(i) claims about corruption in the judiciary, (ii) discussions of specific
court cases and their handling, (iii) commentary on his personal experiences
within the legal system and (iv) analysis presented in his book "Nigeria
and its Criminal Justice System".
5.2. The Actual Law
Section
24(1): A person who knowingly or intentionally sends a message or other matter
by means of Computer Systems or Network that-
(a)
is pornographic; or
(b)
he knows to be false, for the purpose of causing breakdown of law and order,
posing a threat to life or causing such message to be sent: commits an offence
under this Act and is liable on conviction to a fine of not more than
N7,000,000.00 or imprisonment for a term of not more than 3 years or both.
(2)
A Person who knowingly or Intentionally Transmits or causes the Transmission of
any communication through a Computer System or Network-
(a)
to bully, threaten or harass another person, where such communication places
another person in fear of death, violence or bodily harm to another person;
(b)
containing any threat to kidnap any person or any threat to harm the person of
another, any demand or request for a ransom for the release of any kidnapped
person, to extort from any person, firm, association or corporation, any money
or other thing of value, or
(c)
containing any threat to harm the property or reputation of the addressee or of
another or the reputation of a deceased person or any threat to accuse the
addressee or any other person of a crime, to extort from any person, firm,
association, or corporation, any money or other thing of value, commits an
offence under this Act and is liable on conviction-
(i)
in the case of paragraphs (a) and (6) of this sub-section, to imprisonment for
a term of 10 years or a minimum fine of N25.000,000.00 and
(ii)
in the case of paragraph (c) of this subsection, to imprisonment for a term of
5 years or a minimum fine of N15,000,000.00.
5.3.
Misapplication of Section 24(2)(a)
The
charges cite "Section 24(a)" for harassment whereas under the Act,
there is no Section 24(a). The actual Section 24(1)(a) deals with pornography.
The relevant harassment provision is in Section 24(2)(a).
While
there was indeed a technical error in citing "Section 24(a)" instead
of the correct Section 24(2)(a) for harassment, this error does not invalidate
the charge or warrant setting aside the conviction if Dele is convicted. This
is because established case law holds that when an offense known to law is
properly disclosed, the penalty is prescribed in existing law, and neither the
accused nor counsel were misled by the incorrect citation, the conviction should
stand absent any miscarriage of justice. See the case of ADONIKE v. STATE(2015) LPELR-24281(SC) Per John Inyang Okoro, JSC at Pp 20 - 21 Paras B – E.
Furthermore,
Section 220 of the Administration of Criminal Justice Act, 2015 explicitly
provides that such errors in stating particulars are not material unless the
defendant was actually misled by the error.
Therefore,
unless it can be demonstrated that the Dele Farotimi was materially misled by
the incorrect section citation or suffered prejudice as a result, the technical
error in citing the wrong section number should not affect the validity of the
proceedings or the ultimate conviction.
6. The Risks of Overbroad
Cybercrime Laws
Farotimi's
case raises serious concerns about the intent and application of cybercrime
laws. By prosecuting Farotimi for his expressions, the Nigeria Police Force has
blurred the lines between protecting against cyber threats and stifling
dissent. This misuse of cybercrime laws sets a dangerous precedent, suggesting
that such laws can be weaponized against political opponents, activists, and
ordinary citizens.
The
overreach of cybercrime laws has far-reaching consequences, both for
individuals and for society at large.
6.1. Suppression of Free Speech
Cybercrime
laws with vague language can easily be used to target individuals exercising
their right to free expression. Farotimi's case is just one example of how
online speech can be criminalized under the guise of combating cybercrime. This
trend threatens to silence dissenting voices and erode democratic principles.
6.2. Overburdening Legal
Systems
Overly
broad cybercrime laws place significant pressure on already strained legal and
enforcement systems. When cybercrime laws expand to include offenses that are
not inherently technological—such as online defamation, harassment, or even
activism—it can lead to several systemic challenges:
6.2.1. Diverted Focus from
Genuine Threats
Expanding
the scope of cybercrime laws forces law enforcement agencies to handle a wide
range of cases, many of which do not require specialized cyber expertise. For
example, prosecuting an online comment as cyber harassment requires
investigative resources that could have been better directed toward identifying
and mitigating core cybercrimes like hacking, unauthorized debits from customer bank accounts or ransomware attacks. This
misallocation weakens the overall effectiveness of cybersecurity measures.
6.2.2. Complexity of Digital
Investigations
Investigating
cyber-related offenses requires significant expertise, advanced tools, and
collaboration with international entities. When law enforcement is forced to
deal with a high volume of cases, many of which may involve non-criminal online
behaviour, they risk becoming bogged down in cases that do not contribute to
cybersecurity. This inefficiency not only overburdens legal systems but also
reduces public trust in their ability to address critical digital threats.
6.2.3. Erosion of Trust Between
Law Enforcement and the Public
When
the Nigeria Police Force uses the Cybercrime Act to prosecute individuals for
online speech or activism, it creates an impression of the Police being complicit
in political suppression or subjugation. This perceived misuse of resources can
undermine public trust in the justice system and foster resentment against the
Police.
Here
are some recent examples of cybercrime incidents in Nigeria that underscore the
importance of focusing cybercrime laws on core offenses:
Nigerian
banks reported a series of fraud-related cybercrimes over the years, with
billions lost to hacking and phishing schemes. For instance, a 2022 report
detailed how N523 million was stolen from a single account through a
coordinated cyber-attack that funnelled money across hundreds of bank accounts.
In
2024, Hope Payment Service Bank reported a massive cyberattack resulting in a
loss of over ₦10
billion. The funds were transferred across multiple accounts, prompting an
investigation and court orders to freeze over 800 implicated accounts. This
highlights the need for law enforcement to prioritize complex cyber fraud cases
over less critical cyber-enabled offenses.
Similarly,
Guaranty Trust Bank (GTBank) faced a significant security breach in August
2024, where its website was compromised by hackers. This incident raised fears
of customer data theft and caused major disruptions in online banking
operations.
In
another case, a syndicate hacked into a bank's server to create fictitious
credits worth N1.87 billion. This demonstrates the advanced techniques used by
cybercriminals and the necessity of robust cybersecurity measures.
These
examples show the increasing sophistication of core cybercrimes in Nigeria, and
why the Nigeria Police Force should focus its resources and expertise towards
preventing, detecting, investigating and prosecuting such crimes using the
Cybercrimes Act instead of prosecuting online criticism or defamation using the
Cybercrimes Act.
6.3. Chilling Effect on Digital
Activity
The
"chilling effect" refers to the discouragement of legitimate online
behaviour due to fear of legal repercussions. When cybercrime laws are overly
broad or ambiguously defined, they create uncertainty about what constitutes
criminal behaviour, leading to self-censorship and reduced participation in
digital spaces.
6.3.1. Impact on Free
Expression
People
may refrain from posting opinions, criticisms, or controversial content online,
fearing that their statements might be interpreted as cyber harassment,
defamation, or other offenses. In environments where authorities use cybercrime
laws to target dissent, individuals are less likely to engage in public
debates, reducing the vibrancy and diversity of digital discourse.
6.3.2. Stifling Activism and
Advocacy
Activists
and advocates who rely on digital platforms to organize campaigns, raise
awareness, or criticize policies are particularly vulnerable to chilling
effects. If they perceive a risk of prosecution under cybercrime laws, they may
avoid using these platforms, weakening their impact and ability to mobilize
support.
6.3.3. Hindering Journalism
Journalists
such as Fisayo Soyombo, often use digital tools to investigate and publish
stories on issues of public interest. However, the threat of cybercrime charges
for reporting on sensitive topics can lead to self-censorship. For example,
journalists may avoid exposing corruption or misconduct if they fear being
accused of spreading false information or defaming individuals under
Cybercrimes Act.
6.3.4. Economic Consequences
The
chilling effect can also impact businesses and entrepreneurs. Startups and
companies that depend on open digital communication may face challenges if
their employees or users are hesitant to engage freely online. This hesitation
can stifle growth, collaboration, and the sharing of ideas, ultimately
hindering economic progress in the digital space.
The
combined effect of overburdening legal systems and creating a chilling effect
on digital activity is a weakened digital ecosystem. Legal systems are less
effective in addressing real cyber threats, while individuals and organizations
become less willing to engage in online activities that drive progress,
innovation, and civic engagement.
Therefore,
restricting cybercrime laws to core offenses ensures that law enforcement can
focus on genuine cyber threats, while the public can participate freely in
digital spaces without fear of unwarranted prosecution. By refining these laws,
governments can strike a balance between maintaining cybersecurity and
protecting fundamental rights, preserving the integrity of the legal system and
the vibrancy of the digital age.
7. International Perspectives
on Cybercrime Laws
The
global debate over cybercrime laws highlights the importance of specificity and
restraint. The draft UN Cybercrime Convention has been criticized for its
overly broad scope. Advocacy groups like the Electronic Frontier Foundation
(EFF) and CIVICUS, a global alliance dedicated to strengthening civil society,
argue that the convention risks criminalizing acts that are not inherently
harmful, such as security research or whistleblowing.
In
their critique, the organizations emphasize that cybercrime laws should focus
exclusively on core cybercrimes. Core cybercrimes comprise offenses in which
ICTs are the direct objects as well as instruments of the crimes; these crimes
could not exist at all without the ICT systems. A useful reference for the
types of crimes that are inherently ICT crimes can be found in Articles 2-6 of
the Budapest Convention: illegal access to computing systems, illegal
interception of communications, data interference, system interference, and
misuse of devices. For example, spreading a computer virus in the wild; using a
password logger to steal someone else's password and access their email or
photos; breaking into the computer system of a bank to steal money; using
malicious software to delete all the data of a former employer's systems.
8. Lessons for Nigeria and
Beyond
Farotimi's
case offers a crucial lesson for policymakers in Nigeria and other nations: the
need to align cybercrime laws with international best practices and democratic
values. This includes:
8.1. Restricting Cybercrime
Laws to Core Offenses
Cybercrime
laws should address crimes that directly target ICT systems, such as hacking,
malware distribution, and data breaches. Cyber-enabled offenses should be
handled under existing laws for fraud, harassment, or defamation.
8.2. Safeguarding Free
Expression
Cybercrime
laws should explicitly protect freedom of expression. Activists, journalists,
and ordinary citizens should not face legal repercussions for sharing opinions
or engaging in peaceful dissent online.
8.3. Building Capacity to
Address Genuine Threats
Law
enforcement agencies should focus on developing expertise to combat core
cybercrimes effectively. This includes training, resources, and partnerships
with international organizations.
9. Conclusion
The
case against Dele Farotimi is a stark reminder of the dangers posed by overly
broad cybercrime laws. It highlights the need for policymakers to draw a clear
line between core cybercrimes and cyber-enabled offenses, focusing on crimes
that inherently involve ICT systems.
By refining cybercrime laws to be specific, narrow, and proportional, nations can uphold justice, protect freedoms, and create a safer digital environment. Farotimi's case should serve as a wake-up call, prompting governments worldwide to reconsider the scope and application of their cybercrime frameworks. In doing so, they can strike a balance between security and liberty, ensuring that the digital age remains a space for innovation, expression, and democratic engagement and cybercrime laws serve their intended purpose, i.e. enhancing cybersecurity, without compromising fundamental rights..
Sunday, 1 September 2024
The FBI's Exaggerated Claims of Going Dark: A Closer Look
While encryption is an important tool for
protecting privacy, the FBI's assertions of going dark have been criticized as
exaggerated.
The FBI argues that encryption impedes
investigations into serious criminal activities, from terrorism to child
exploitation. They suggest that tech companies' refusal to create backdoors for
law enforcement is creating a significant barrier to solving these crimes. This
stance has fueled public debates and legislative efforts to mandate decryption
capabilities.
However, critics argue that the FBI's claims are
overstated. For one, there's little evidence that encryption has directly
prevented major investigations. Many successful cases have been solved without
requiring direct access to encrypted communications. One of such cases is the
recent indictment of Seth Herrera for transportation, receiving and possession of
child pornography.
According to Nate Anderson who writes for Ars
Technica:
“I've
never seen anyone who, when arrested, had three Samsung Galaxy phones filled with
"tens of thousands of videos and images" depicting CSAM (child sexual
abuse material), all of it hidden behind a secrecy-focused, password-protected
app called "Calculator Photo Vault." Nor have I seen anyone arrested
for CSAM having used all of the following: Potato Chat ("Use the most
advanced encryption technology to ensure information security.") Enigma
("The server only stores the encrypted message, and only the users client
can decrypt it.") nandbox [presumably the Messenger app] ("Free
Secured Calls & Messages.") Telegram ("To this day, we have
disclosed 0 bytes of user data to third parties, including governments.") TOR
("Browse Privately. Explore Freely.") Mega NZ ("We use
zero-knowledge encryption.") Web-based generative AI tools/chatbots”
The indictment did not state in details exactly
how Seth’s criminal activities were discovered. However, according to the
indictment, Seth’s criminal conduct was finally uncovered after he tried to
access a link containing apparent CSAM.
This link described CSAM
depicting prepubescent minor
females around the
same age as Seth’s
young daughter.
Anderson also observed that: “Presumably, this "apparent" CSAM
was a government honeypot file or web-based redirect that logged the IP address
and any other relevant information of anyone who clicked on it. In the end,
given that fatal click, none of the "I'll hide it behind an encrypted app
that looks like a calculator!" technical sophistication accomplished much.”
Despite Seth’s use of encrypted messaging applications
such as Potato Chat, Enigma, nandbox, and Telegram, he was still found out by
law enforcements presumably using honeypot file or web-based redirect that
logged the IP address and any other relevant information of Seth Herrera when
he clicked on it.
Therefore, Seth’s indictment clearly shows that in
spite of the use of encryption messaging applications by criminals, there are still
many other ways of unearthing their criminal activities without breaking
encryption, therefore the “going dark” claim by the FBI can be said to be an
exaggeration of the true state of affairs.
Also, the prosecution being cagey in the
indictment, about exactly how the alleged criminal acts of Seth were discovered, reminds me of the Nigerian Police Force who,
when announcing the arrest of some notorious criminals, would simply say they
acted on "credible intelligence". They would rarely disclose the
details of how and what was done that led to the arrest with the use of credible
intelligence.
Tuesday, 18 June 2024
UNITY BANK SUED FOR UNAUTHORIZED DEBIT OF N324,000
Tersugh Wuese Nelson, a customer of Unity Bank, has filed a lawsuit against the bank, alleging unauthorized debits to the tune of N324,000 from his account. On Saturday, August 26, 2023, Tersugh woke up and discovered 12 debit transactions on his account through email notifications. These debit transactions occurred in quick succession, with 10 of them happening within two minutes on Friday, August 25, 2023, at about 11:51pm, while the other two happened at about 2:49am on Saturday 26th August, 2023.
Upon discovering the debits, Tersugh immediately emailed the bank, stating that he did not initiate or authorize the transactions. After several email exchanges, Unity Bank informed him in October 2023 that their investigation revealed the disputed transactions were web-based, conducted using his ATM card details (PAN, PIN, expiry date, and CVV) via the Flutterwave platform as detailed below:
The bank stated that the transactions were authenticated using Tersugh’s ATM card PIN, which only he knew, and that their review of the card activity logs did not indicate any PIN tries or changes prior to the transactions. This, the bank argued, indicated that the person conducting the transactions knew Tersugh's PIN. Unity Bank further claimed that they had reached out to Flutterwave for a possible refund, but Flutterwave declined, stating that the value was given to the cardholder.
Consequently, the bank concluded that, in
accordance with CBN regulations on liability shift regarding card and PIN
usage, it was not liable for the unauthorized transactions, as Tersugh's ATM
card details and PIN were used to validate the transactions.
Rejecting the bank's findings, Tersugh has
filed a case at the High Court of Justice in Makurdi, Benue State (Case No.: MHC/215/2024: Tersugh Wuese
Nelson v. Unity Bank Plc.). He alleges that the bank was negligent in
protecting his funds by failing to implement behavioral monitoring systems and
robust fraud monitoring tools to detect and block suspicious transactions in
real time, as required by CBN regulations.
Tersugh is requesting that the court order
Unity Bank to refund the N324,000 debited from his account without
authorization. Additionally, he is demanding N10 million in damages from the
bank.