How to avoid virtual bank apps hack when phone got stolen or misplaced

[SmartCharpa]

It's not new to us that the rate at which everyone uses banking Apps on their phone has grown rapidly due to the recent spike in digital banking like Opay, Palmpay, Kuda, Moniepoint and other related micro banks and this is due to their fast transaction unlike the commercial banks that sometimes delay payment, these banks save you when you want to make fast local transaction without having to wait, they are pretty fast and some don't charge for fees while some do but limit the free transfer you can do in every 24 hours.

There is a challenge with these Apps and one of them is when your phone is mislaced or stolen, the first thing they do with your phone is to find a way to unlock it if it's locked and if the phone is not passworded, they go straight to your mobile app to drain the account balance. This is how they do it and it's in two ways:

Accounts that are Tier 1: This is an account where KYC is not done or BVN is not requested and most of the time, the maximum balance you can have in your account is 300,000 naira and the daily transaction limit is 50,000. What they do when a phone is misplaced or stolen is they try to enter the app by forget password and request for one-time password(OTP) to set a new password, since KYC is not requested on this tier account, it will be easier for the person to recover the password from the sim and gain access to the account and transfer all the money on the account to another person until the account balance is empty, most of the time, they send it to POS person and collect cash.

Accounts that are Tier 2 and above: These accounts are usually KYC, BVN are been requested to use these accounts and above with daily transaction of #5M and unlimited max balance of Tier 3, and documents are required for the usage. When a phone is misplaced or stolen, anyone who finds the phone will try to get access to the mobile APP the same way as that of the Tier 1 through forget password by requesting for one-time password(OTP) through the sim card but even if the account is reset, BVN number will be requested but that doesn't stop anything. They can use *565*0# to request for the BVN to get the number and that's how easy it is to get into these virtual bank apps.

To verify, dial *565*0# and you will be charged #20 for your BVN, this is not magic, it is from Nigeria Inter-bank Settlement System(NIBSS)

How to prevent this from happening:
1. Make sure that your sim card is pin protected, this way it will be difficult to get access to your Sim when the phone is on, even if they are able to unlock the phone, the sim will remain locked and that gives you the advantage of making sure that your mobile wallet remains inaccessible.
2. Make sure to always password your phone, some phones are easily jail break but it is better than not having anything at all, this can give you time to do a welcome back before they get access to the phone.
3. Always have less money on this virtual app to protect yourself from this kind of emergency, this can help you in case the banks try to run away because there has been a lack of transparency from them, especially Opay and Kuda.

Stay safe, stay healthy.

[1714300947]

1714300947

[1714300947]

1714300947

[1714300947]

1714300947

[Charles-Tim]

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

2. Make sure to always password your phone, some phones are easily jail break but it is better than not having anything at all, this can give you time to do a welcome back before they get access to the phone.

The password should be long. Attacker can easily look at you while entering the password and memorize it. I can easily use 10 to 21 characters easily.

[Lorokan]

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

2. Make sure to always password your phone, some phones are easily jail break but it is better than not having anything at all, this can give you time to do a welcome back before they get access to the phone.

The password should be long. Attacker can easily look at you while entering the password and memorize it. I can easily use 10 to 21 characters easily.

Another option is to have a privacy screen protector on your phone; What does this glass does? The privacy screen protector blurs your phone from the immediate person closer to you either to the left or right; also, The privacy protector prevents people from a near distance from peeping directly into your phone screen.

[Abu-Naim]

How to prevent this from happening:
1. Make sure that your sim card is pin protected, this way it will be difficult to get access to your Sim when the phone is on, even if they are able to unlock the phone, the sim will remain locked and that gives you the advantage of making sure that your mobile wallet remains inaccessible.

You can also use separate phone for your main sim card that can be used to get any sensitive information about your account, BVN and others so that when sending OTP, it will be in a different phone not the same phone the bank application for example Opay is logged in.

2. Make sure to always password your phone, some phones are easily jail break but it is better than not having anything at all, this can give you time to do a welcome back before they get access to the phone.

Using long password that will be very hard to memorize will also help because people close to you can easily memorize your password it they are short and easy to remember, but if your password is long, they will lose interest in memorizing the password.

3. Always have less money on this virtual app to protect yourself from this kind of emergency, this can help you in case the banks try to run away because there has been a lack of transparency from them, especially Opay and Kuda.

Stay safe, stay healthy.

I like them and I used opay always, but their security is not strong enough especially if you lost your phone because someone can easily get access quickly to your Opay account if they were able to unlock your phone, or even if they remove your sim and put it in another phone, they can log in successful because that your number will be the number they will use to get OTP, and BVN, and once they logged in, they can have access to changing trading passwords and swip your money.

[CryptoHeadlineNews]

When a phone is misplaced or stolen, anyone who finds the phone will try to get access to the mobile APP the same way as that of the Tier 1 through forget password by requesting for one-time password(OTP) through the sim card but even if the account is reset, BVN number will be requested but that doesn't stop anything. They can use *565*0# to request for the BVN to get the number and that's how easy it is to get into these virtual bank apps.

To be sincere, this is indeed one of the best phone security safety update I have ever heard since the beginning of this year my friend, because until this moment, I never knew hacking into one's mobile app in his/her phone could be this easy with the two scenarios you just gave @ O.P, and I'm really grateful for that as you have given is to have a different angle on phone security, and save people from losing fund as time goes on.

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

Please, can you elaborate more on this statement written above @ Sir Charles-Tim? Because I always thought since fingerprint can't be duplicated, it is one of the best security measures,  but your statement is kind of making me confuse, and I will love to hear why you said so.

[Broadanbig]

You have a good article for sensitization OP. I think any one who comes in contact with this article would be enlightened enough to know what to do when it comes to securing their funds while using banking apps. Of a truth these micro finance banks can not be trusted with our funds as virtually all of them are office-less  and their is every tendency that if they run away with funds now they can not be located that easily to get back a refund of customers funds. If you can, do away with keeping funds in your microfinance bank app or if possible a little token for emergency or transportation expenses. Although they are most sort after as a result of their speed in transactions but one needs be careful as well.

Sometimes,it is best one takes the risk of getting gadgets if possible or if their is availability of funds at disposals to secure your details and information. Separating your sims can best be done if you are majorly into online activities that requires otp.  Get a smaller phone without internet connection with your simcard so you could be receiving your otp there while you walk freely and lastly, mind the  way you press
 your phone in public places because you do not know who is watching you and possibly making you a target of attack.

[Marykeller]

When peso phone lost, wetin hackers d after na your sim card, no be your phone cos d know sae everly your phone go d locked, and for peso to get access to am na to flash am. So wetin dem go actually need na your sim card. Na through that your sim card dem go get access to your bank money.

Wetin the hackers go now do since they are in custody of your sim card, na to get to find out the banks wey d connected to your sim card. Ones dem don find out, na to start to d create mobile apps accounts for the banks connected to your sim card, putting in your BVN and account details into the mobile app downloaded for you. If you already don get mobile app for your phone, dem go request for forgetting password and the rest with your sim card. With that dem go receive the reset password and log in to your account to pull your money out to their Opay account wey no d link to BVN.

This is how I think sae the hackers hacked into peoples account with their lost phone through their sim card. Na why em be sae once peso phone lost na to find means to block em sim card asap before any other thing.

For peso to avoid this kasala for hackers hand toward em account, na to put em sim card for pin lock as you don suggest but make em make sure sae em get em sim pack within em reach to avoid changing phone or losing phone in the future.

[Doan9269]

Is not until you lost your device before you can be vulnerable for an attack, most of the victims of these kind experience would have done alot of mischievous task online making unnecessary downloads and visited some malicious links and websites, they would have accumulated a number of times these evading malwares unknowingly to them yet they will enter their personal information on google forms to give more accessibility for them to be attacked, while hackers in most cases may not need our device before they can steal from us, they can use our card or bank sensitive information to buy online shopping items with our details, some will also called they they will send us code to send it back to them, yet you will discover some users being tricked in this manners and got scammed.

[Mate2237]

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

2. Make sure to always password your phone, some phones are easily jail break but it is better than not having anything at all, this can give you time to do a welcome back before they get access to the phone.

The password should be long. Attacker can easily look at you while entering the password and memorize it. I can easily use 10 to 21 characters easily.

I normally use fingerprint in my phone and I thought not is the best because fingerprint makes things easier and faster. And many when the phone is misplaced and got stolen by all those rogues, they would withdraw or transfer all the funds in the app and also use the app to borrow more money from app again and making the owner to pay un-necessary loan. There are other prevention one can take immediately ones the phone is stolen. And the faster you do the faster it can be secured.

Once your phone is stolen, take any person phone that close to you at the moment and call your sim y customer care service and told them to lock your sim card.
Step to lock your SIM card

On your phone, go to Settings.
Tap on Security.
Tap Set up SIM card lock or Lock SIM card.
Enter the default SIM PIN.
Enter your new PIN
Confirm your new PIN
Tap Okay.

For more information https://mobility.com.ng/how-to-lock-your-sim-card/

[Igebotz]

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

Please, can you elaborate more on this statement written above @ Sir Charles-Tim? Because I always thought since fingerprint can't be duplicated, it is one of the best security measures,  but your statement is kind of making me confuse, and I will love to hear why you said so.

Yes everyone has a unique finger print buy using your finger print for financial transactions/bank app is not a smart idea since anyone near to you can access your bank app or phone using your finger print while you're asleep or drunk. To confirm transactions, always use a pin code. Nobody can force your pin out of you while you're unconscious. That's what Charles was trying to elaborate

[CryptoHeadlineNews]

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

Please, can you elaborate more on this statement written above @ Sir Charles-Tim? Because I always thought since fingerprint can't be duplicated, it is one of the best security measures,  but your statement is kind of making me confuse, and I will love to hear why you said so.

Yes everyone has a unique finger print buy using your finger print for financial transactions/bank app is not a smart idea since anyone near to you can access your bank app or phone using your finger print while you're asleep or drunk. To confirm transactions, always use a pin code. Nobody can force your pin out of you while you're unconscious. That's what Charles was trying to elaborate

Well said Sir "Igebotz", and I appreciate your effort in elaborating on this, because, with your explanation now, I'm sure even a lay-man to get to understands what you meant when you advised people to avoid using fingerprints when living/staying around people they don't trust. Because it takes only an experienced member to know a potential hack, and you have just done one, which I'm sure will go a long way in enlightening whichever Newbie that happens to come across this thread. U be indeed Odogwu!!

[GiftedMAN]

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

Please, can you elaborate more on this statement written above @ Sir Charles-Tim? Because I always thought since fingerprint can't be duplicated, it is one of the best security measures,  but your statement is kind of making me confuse, and I will love to hear why you said so.

Yes everyone has a unique finger print buy using your finger print for financial transactions/bank app is not a smart idea since anyone near to you can access your bank app or phone using your finger print while you're asleep or drunk. To confirm transactions, always use a pin code. Nobody can force your pin out of you while you're unconscious. That's what Charles was trying to elaborate

Happy to have come across this thread and this useful explanation by@Igebots I have always believed that using my finger print as my password during financial transaction on my bank app is the most secured way for me since my phone and my fingers are my privacy but I have never thought of being asleep and someone and someone accesses my bank app using my finger print, this is a very good information I must say but how can the person access my bank app while am sleeping when the person has no password to my phone because personally I don't joke with my privacy and my phone is always on password.

Secondly, please I will like to know@Igebots is there a way that some one can decode the password of someone to have access to the phone of the person without knowing the security of the person? Is there a device that can be used to perform such criminal act.

[sokani]

<snip>

Nice one op. I just wan add say if dem steal your phone or you lost am, weda na torchlight phone or android phone wey you dey use, as long as di sim dey linked to your bank account, boys go do you strong thing. No loose guard, just rush call your service provider make dem block your sim immediately, you fit always do welcome back anytime, the safety of your funds na im matter di most.

This is how I think sae the hackers hacked into peoples account with their lost phone through their sim card. Na why em be sae once peso phone lost na to find means to block em sim card asap before any other thing.

Same here, because wen dem flash di phone all di installed apps go disappear as well as di information wey dey di phone. Even if dem fit get access to di phone and successfully open di bank mobile app or digital bank app, dem go still need to enter PIN or use fingerprint to initiate a transaction. So e no easy like dat to use app collect person money, na di sim card be di most important thing.

[Hyphen(-)]

Avoid using fingerprint, especially if you are around or living with people that you do not trust.

Please, can you elaborate more on this statement written above @ Sir Charles-Tim? Because I always thought since fingerprint can't be duplicated, it is one of the best security measures,  but your statement is kind of making me confuse, and I will love to hear why you said so.

Most Android phones that support fingerprint do give access for adding more than one fingerprint, as a result of that if someone who know your phone password is aiming to scam you or to move your money, they can easily add their fingerprint in your phone so that they can easily have access to everything that you enable fingerprint to unluck which is very dangerous.

[Asiska02]

Another option is to have a privacy screen protector on your phone; What does this glass does? The privacy screen protector blurs your phone from the immediate person closer to you either to the left or right; also, The privacy protector prevents people from a near distance from peeping directly into your phone screen.

I have been using this privacy screen guard for a while now and works perfectly just as you said. If the person close to you does not have a direct contact into your phone, they can’t see what is displaying on your screen. This privacy also protects your eyes from direct screen light from the phone’s screen. Although, it is not that cheap like other screen guards but security of funds is more important.

Most Android phones that support fingerprint do give access for adding more than one fingerprint, as a result of that if someone who know your phone password is aiming to scam you or to move your money, they can easily add their fingerprint in your phone so that they can easily have access to everything that you enable fingerprint to unluck which is very dangerous.

Exactly, most smartphone users don’t waste their time enabling only passwords to access an application. For faster access, fingerprints are enable which can be very dangerous in a case of a stolen phone. If someone have known your password earlier, they can easily add fingerprint to it without your notice. Your funds can even be sweep away without a case of stolen phone. Privacy and security should be paramount in this technological age.

[Adams0001]

How to prevent this from happening:
1. Make sure that your sim card is pin protected, this way it will be difficult to get access to your Sim when the phone is on, even if they are able to unlock the phone, the sim will remain locked and that gives you the advantage of making sure that your mobile wallet remains inaccessible.

This is a very good method to secure your wallet online, I have never thought of this before and it will really help secure the account more in a case of intruder trying to get access to the account. Doing accessibility of one’s account by the intruder, with a locked sim, the OTP code can’t be accessible for them and their efforts will become abortive.

2. Make sure to always password your phone, some phones are easily jail break but it is better than not having anything at all, this can give you time to do a welcome back before they get access to the phone.

Some android phones are easily jailbreak when stolen but the level at which the security of the phones are being built this day, they are not easily accessible like before and will need extra effort and time or they end up formatting the phone all and not having access to bank accounts.

3. Always have less money on this virtual app to protect yourself from this kind of emergency, this can help you in case the banks try to run away because there has been a lack of transparency from them, especially Opay and Kuda.

Stay safe, stay healthy.

With the way people dey trust dis online banks ehn, e dey shock me sef. Some people trust am pass their other banks wey dem dey use before which e no suppose be so. Na d the fast in transaction processing na him make people believe dem pass their normal bank wey dem don dey use before. To leave small money for inside d accounts na him be the best for anybody.

[CryptopreneurBrainboss]

3. Always have less money on this virtual app to protect yourself from this kind of emergency, this can help you in case the banks try to run away because there has been a lack of transparency from them, especially Opay and Kuda.

Very nice, simple and informative thread. I go like response on some of your tips dem. No go dey expect transparency from centralized service providers dem, your local banks no get transparency so wetin come dey give you idea say all this online banks go get. Sha not having large sum of money in those apps na the surest protections wey you fit give yourself. Make your money dey your local banks and you dey transfer am to online banks dem when you wan spend am. To add more security, no dey hold money for banks self, store dem for your crypto wallet and the trade to naira whenever you need funds. Of course emergency funds go dey your account but no dey store much as you dey lose self if you dey hold Naira as dis one wey be say dollars just dey grow anyhow.

2. Make sure to always password your phone, some phones are easily jail break but it is better than not having anything at all, this can give you time to do a welcome back before they get access to the phone.

Password only no go do, if the apps get 2FA protection add am join so people no go fit access even when dey mistakenly guess your password. Also take ur protection a step further and hide ur bank apps for your phone, no make an easy for dis thief dem atleast make dem work for am before dem fit steal anything. If you no get phone wey get double space wey be say you fit move all your important apps dem to the second space den download those apps wey dey help hide apps for fone and hide your banks apps. E no go only save you incase you misplaced your phone but e go help you avoid unwanted extortion from all this uniform man wey dey worry boys everywhere.

[knowngunman]

Nice one op. I just wan add say if dem steal your phone or you lost am, weda na torchlight phone or android phone wey you dey use, as long as di sim dey linked to your bank account, boys go do you strong thing. No loose guard, just rush call your service provider make dem block your sim immediately, you fit always do welcome back anytime, the safety of your funds na im matter di most.

Na the best way be this but unfortunately some people are still using sim card not registered with their details. Even with the introduction of NIN to register sim, some people are still buying registered sim for reason best known to them. In a case like this, if you are using sim not registered in your name you don enter one chance already because even if you managed to block the Sim card by calling the service providers, retrieving the Sim card by welcome back will never be easy for you.

I believe we too like soft thing and sharp sharp for 9ja but make we dey consider implications too sometimes to avoid regret later. If you are still using sim card not registered in your name please visit any of registration center with your NIN and other details to update the Sim card information to your own.

[Fivestar4everMVP]

Well, this is really a good advice and one I thi0nk we should all adhere to, I myself have been using visual bank apps for quite some time now, I have actually been using opay for over two years now without any issues since I rarely lose or misplace my phone, but still, I perfectly u understand the risk involved with usage of such banks, this is why I only keep a tiny amount of money on my opay account, and this money is always money that I am ready to spend in few hours or the next day, I have account on major banks where I save tangible amounts..

But then, a little observation here, for many of us who use banking apps for transfers and confirmation of received money on our phones, if we misplace our phones or lose it, and it is not passworded or locked, can't the person who picked the phone use the same process used in accessing the visual banking apps, to access the major banking apps on our phones?

I think the safest thing here is to never leave your phone unpassworded or unlocked, this helps in the sense that when we lose it, and the picker of the phone is not able to guess the password to unlock it, he or she will have no choice but to flash the phone which will automatically delete everything in the phone leaving the picker with no access to our major and important information.

[Franctoshi]

Security on sim cards (pin) and 2FA authentication on those Apps are very important in this case because that is mostly where they would run most of the shit if they gain access to your phone.

Aside from being hacked when you lost your phone,  The issue with most of these online Apps is they are not that secure, and Based on the increasing number of hacks I have seen recently I don't even fucking keep funds in those Apps because I don't trust them and I could get drained at any time despite the level of security you got.  

Even the traditional banking Apps upon the level of security they have when you approach the customer service unit you would see several complaints about funds being hacked, so I only use them to carry out transactions and at the end of the day move my funds back.

Mostly these hack issues are a result of inside jobs, The people working inside the bank or with these money firms leak customers' details to those hackers out there hence increasing the rate of hacks experienced in Nigeria.