The National Information Technology Development Agency (NITDA) has advised Nigerians to avoid using public Wi-Fi networks when conducting financial transactions, warning that unsecured internet connections remain a significant vulnerability in the country’s rapidly expanding digital payment ecosystem.
In a public advisory addressing rising payment card fraud threats seen by Technology Times, the federal tech agency said cybercriminals are deploying increasingly sophisticated techniques, including malware, phishing kits and automated bots, to harvest card details and compromise online transactions. Public Wi-Fi hotspots and shared networks, it noted, rank among the highest-risk environments for transmitting sensitive financial data.
“Use secure networks only. Avoid public Wi-Fi when entering sensitive payment information,” the agency stated.
In a public advisory addressing rising payment card fraud threats seen by Technology Times, the federal tech agency said cybercriminals are deploying increasingly sophisticated techniques, including malware, phishing kits and automated bots, to harvest card details and compromise online transactions. Public Wi-Fi hotspots and shared networks, it noted, rank among the highest-risk environments for transmitting sensitive financial data.
Fraud risks amid digital payment surge
The warning comes as Nigeria’s digital payment landscape continues to scale at record pace. With electronic transactions becoming embedded in everyday commerce, from mobile banking and POS payments to online shopping, regulators say fraud patterns are evolving alongside growth.
Recent industry data released by the Nigeria Inter-Bank Settlement System (NIBSS) show that although reported fraud losses declined significantly in 2025 compared with the previous year, billions of naira were still lost to electronic fraud across banking channels. Internet banking and e-commerce platforms remain among the most targeted vectors.
The broader macro context underscores the urgency of NITDA’s advisory. Nigeria’s push toward a cashless economy, accelerated by regulatory reforms and digital banking innovation, has driven transaction volumes into trillions of naira annually. As digital throughput increases, the attack surface available to cybercriminals expands proportionately.
Public Wi-Fi: A structural vulnerability
Cybersecurity analysts say unsecured Wi-Fi hotspots are particularly attractive to threat actors because they often lack robust encryption protocols. In such environments, malicious actors can intercept unprotected traffic through so-called “man-in-the-middle” attacks or deploy rogue access points to mimic legitimate networks.
Users accessing banking applications or entering card details on shopping platforms over such networks may unknowingly expose credentials, one-time passwords (OTPs) and other sensitive data.
Global research reinforces these risks. A survey by cybersecurity firm Kaspersky found that a significant proportion of Nigerian users have encountered phishing scams while using digital payment platforms. According to the company’s findings, more than one-third of respondents in Nigeria reported financial losses linked to digital payment incidents, including fake websites impersonating legitimate financial institutions and social engineering attempts via calls and SMS.
These trends reflect a broader global pattern in which fraudsters increasingly rely on credential theft, automated attacks and deceptive digital interfaces to compromise victims.
Recent industry data released by the Nigeria Inter-Bank Settlement System (NIBSS) show that although reported fraud losses declined significantly in 2025 compared with the previous year, billions of naira were still lost to electronic fraud across banking channels. Internet banking and e-commerce platforms remain among the most targeted vectors.
Behavioural and technical safeguards
Beyond public Wi-Fi exposure, NITDA identified other common compromise vectors, including malicious code embedded in checkout pages and phishing emails crafted to resemble official bank communications. Fraudsters, the agency warned, frequently exploit urgency and fear to pressure victims into disclosing OTPs, PINs and card verification values (CVVs).
To mitigate risks, the agency advised Nigerians to:
- Verify website authenticity before entering payment details, ensuring URLs begin with “https://” and match legitimate bank or merchant domains exactly.
- Avoid sharing OTPs, PINs or CVV codes in response to unsolicited messages or calls, noting that financial institutions do not request such information through informal channels.
- Enable transaction alerts via SMS or mobile applications to detect unauthorised activity promptly.
- Activate multi-factor authentication (MFA) on banking and payment platforms to add an additional security layer beyond passwords.
Regulatory and policy implications
The advisory also highlights the policy dimension of Nigeria’s digital finance expansion. As electronic payments deepen across the economy, consumer protection, cybersecurity resilience and fraud intelligence-sharing are becoming central regulatory priorities.
Financial institutions have strengthened fraud monitoring systems and enhanced real-time transaction analytics. Industry stakeholders are also collaborating to improve early threat detection. However, experts maintain that consumer awareness remains a critical first line of defence, particularly in a market characterised by rapid onboarding of new digital users.
Digital transformation meets evolving cybercrime
NITDA’s warning reflects the intersection of two powerful forces: Nigeria’s accelerating digital transformation and the parallel sophistication of cybercrime tactics.
While improved detection systems and coordinated industry action have contributed to declining reported fraud losses, the persistence of sophisticated attacks, particularly those exploiting unsecured networks, underscores the need for sustained vigilance.
As millions of Nigerians rely daily on online banking, card payments and e-commerce platforms, the agency’s message is clear: digital convenience must be matched with disciplined cybersecurity practices in an increasingly connected economy.
Home
