What should I do if my phone is stolen?

Immediately use another phone to call your bank and block your account. Then call your network provider to block the SIM card.

Is it safe to save my password in the browser?

No. Never save banking passwords in Chrome or Safari. Use a dedicated Password Manager or memorize it.

Can I get my money back if I am scammed?

It is difficult. If you gave out your PIN/OTP, the bank is usually not liable. If it was a system hack, the bank must refund you. Report to the bank immediately.

Digital Fortress: A Guide to Safe Online Banking in Nigeria - CACBLAZE

The Convenience vs. The Risk

Online banking has made life easier. No more queuing in banking halls for hours. But with this ease comes risk. "Yahoo Boys" and scammers are evolving. They don't just use juju; they use social engineering and tech vulnerabilities. Your phone is now your bank branch, so you must guard it like one.

Locking Your USSD (737 etc)

USSD banking (like *737#, *901#, *919#) is fast but risky. If your phone is stolen, a thief can empty your account in minutes using USSD, even if the phone is locked.

Action Steps:

Enable a SIM PIN: Go to your phone settings and set a PIN for your SIM card. If the thief puts your SIM in another phone, they can't use it.
Use "USSD Lock": Most banks allow you to disable USSD transfers completely or lower the limit to ₦0. Do this if you primarily use the App.

App Security Best Practices

Your banking app is generally safer than USSD, but you must add layers of defense.

Do This:

Enable Biometrics: Use Fingerprint or FaceID. It's harder to fake than a 4-digit PIN.
Hide Your Balance: Most apps have an "eye" icon to hide your balance. Keep it hidden so prying eyes (or thieves) don't see your worth at a glance.
Transaction Notifications: Ensure you get email AND SMS alerts for every transaction. Speed matters when reporting fraud.

Spotting Fake Emails & Calls

Rule #1: Your bank will NEVER call you to ask for your PIN, BVN, or Token.

Common Scams:

"Your account is blocked": They send an SMS asking you to click a link to "unblock" it. DO NOT CLICK.
"Upgrade your account": A caller claims to be from "Head Office" helping you upgrade to a Gold account. Hang up.

If you are unsure, hang up and call the number on the back of your ATM card.

Hard Token vs. Soft Token

For large transfers, you need a Token code.

Hard Token: A physical device. It is the safest because it cannot be hacked online. Keep it at home; don't carry it around.
Soft Token: An app on your phone. It is convenient but risky if your phone is compromised.

The Danger of Free Wi-Fi

Never log into your bank app while connected to free Wi-Fi at an airport, mall, or hotel. Hackers can intercept the data. Use your mobile data (4G/5G) instead; it is encrypted and much safer.

Digital Fortress: A Guide to Safe Online Banking in Nigeria

Table of Contents

The Convenience vs. The Risk

Locking Your USSD (737 etc)

App Security Best Practices

Spotting Fake Emails & Calls

Hard Token vs. Soft Token

The Danger of Free Wi-Fi

David Ojo

What should I do if my phone is stolen?

Is it safe to save my password in the browser?

Can I get my money back if I am scammed?

Digital Fortress: A Guide to Safe Online Banking in Nigeria

Table of Contents

The Convenience vs. The Risk

Locking Your USSD (*737* etc)

App Security Best Practices

Spotting Fake Emails & Calls

Hard Token vs. Soft Token

The Danger of Free Wi-Fi

David Ojo

Locking Your USSD (737 etc)