The Effectiveness of Two-Factor Authentication in Preventing Online Banking Fraud in Nigeria

Authors

  • Grace Egenti National Open University of Nigeria Author
  • John Ajayi Ojo Venite University, Iloro Ekiti, Ekiti State, Nigeria Author

DOI:

https://doi.org/10.70882/noun-ijcea.2026.1119

Keywords:

Artificial intelligence, Banking fraud detection, Biometric authentication, Cybersecurity, Digital banking, Multi-factor authentication

Abstract

This research evaluates the effectiveness of two-factor authentication (2FA) in the context of fraud in online banking in Nigeria. A mixed-method approach combining statistical data from 2019 to 2024, banking security experts' opinions and a challenge-response authentication system prototype evaluation is utilised to understand the effectiveness of the existing 2FA security mechanisms against online banking fraud in Nigeria. The findings show that fraud cases decreased by about 10-15% after the proliferation of 2FA while there was a reduction in the compromise rate to 0% for app-based authentication compared to 4% for SMS-OTP. The findings suggest that despite reducing the rate of low-level fraud by approximately 10-15%, 2FA has a minimal impact on financial losses, which is escalating because of sophisticated attacks such as phishing and SIM-swap fraud. Qualitative findings emphasise the numerous loopholes in SMS-based 2FA, such as latency, vulnerability to interception and dependency on unsafe fallback mechanisms; biometric and app-based authentication methods appear more practical, faster and secure and have been confirmed by the prototype evaluation with a drastic reduction in the compromise rate and improvement in user experience in app-based 2FA, especially against complex attack scenarios. Hence, it recommends the use of a combination of security measures such as advanced authentication systems, real-time fraud detection mechanisms (using artificial intelligence), and user education awareness programmes, as 2FA alone is not sufficient to defend against the increasing threats, thus it would be of interest to banking institutions and regulators hoping to improve security frameworks within developing digital economies.

Author Biography

  • John Ajayi Ojo, Venite University, Iloro Ekiti, Ekiti State, Nigeria

    Department of Computing Science, Venite University, Iloro Ekiti, Ekiti State, Nigeria
    Ojo John Ajayi,
    john.ajayi@veniteuniversity.edu.ng

References

Ama, I., Onwubiko, C., & Nwankwo, U. (2024). Social engineering attacks in digital banking systems. Nigerian Journal of Information Security, 5(2), 88–102.

Anzor, P., Okeke, T., & Nwosu, C. (2024). AI-driven fraud detection in Nigerian banking systems. Journal of Artificial Intelligence Research, 18(4), 201–215. https://doi.org/10.1613/jair.1.15234

BusinessDay. (2021). Rising SIM swap fraud and phishing attacks in Nigerian banking sector. https://businessday.ng

Budiningsih, I., Soehari, T. D., & Irwansyah. (2019). Dominant factor for improving information security awareness. Cakrawala Pendidikan, 38(3), 490–498. https://doi.org/10.21831/cp.v38i3.25626

Central Bank of Nigeria. (2023). Risk-based cybersecurity framework and guidelines for financial institutions. https://www.cbn.gov.ng

European Union Agency for Cybersecurity. (2021). Guidelines on secure authentication and multi-factor authentication. https://www.enisa.europa.eu

Ezugwu, A., Nwankwo, P., & Obi, C. (2023). Adoption of two-factor authentication for improved banking security in Nigeria. International Journal of Information Security Research, 13(4), 201–214.

Fatoki, O. (2023). Electronic fraud trends in Nigerian banking sector. African Journal of Finance, 15(2), 66–81. https://doi.org/10.4314/ajf.v15i2.5

Grassi, P. A., Garcia, M. E., & Fenton, J. L. (2021). Authentication and lifecycle management in digital identity systems. Journal of Cybersecurity, 7(1), 1–12. https://doi.org/10.1093/cybsec/tyab012

Ibanibo, S., Eyidia, U., & Abidde, S. (2025). Reducing SIM swap fraud through multi-layered authentication systems. Nigerian Journal of Cybersecurity, 7(1), 33–48.

International Telecommunication Union. (2021). Global cybersecurity index. https://www.itu.int

Jain, A. K., Sahoo, S. R., & Kaubiyal, J. (2021). Online social networks security and privacy: Comprehensive review and analysis. Complex & Intelligent Systems, 7(5), 2157–2177. https://doi.org/10.1007/s40747-021-00409-7

Khader, M., Karam, M., & Fares, H. (2021). Cybersecurity awareness framework for academia. Information, 12(10), 417. https://doi.org/10.3390/info12100417

Koyeda, R. (2025). Multi-factor authentication adoption and cybersecurity resilience in financial institutions. International Journal of Information Security and Privacy, 19(2), 45–60.

Meyers, T., Clark, R., & Benson, J. (2023). Evaluating authentication applications against phishing attacks. Computers & Security, 128, 103146. https://doi.org/10.1016/j.cose.2023.103146

Mijalkovic, D., & Arezina, N. (2024). Mixed-methods approaches in cybersecurity research. International Journal of Information Security, 23(1), 55–70. https://doi.org/10.1007/s10207-023-00685-4

Momoh, E., & Ogbeide, S. (2025). Human and technological factors affecting two-factor authentication effectiveness in Nigerian banking systems. Journal of Information Assurance, 14(1), 44–59.

Mustapha, A., & Sinha, P. (2024). Evaluating authentication mechanisms in emerging banking systems: A usability-security perspective. Journal of Financial Cybersecurity, 6(1), 22–38.

National Bureau of Statistics. (2024). ICT and digital economy report. https://www.nigerianstat.gov.ng

National Institute of Standards and Technology. (2022). Digital identity guidelines: Authentication and lifecycle management (SP 800-63B). https://doi.org/10.6028/NIST.SP.800-63b

Nigeria Inter-Bank Settlement System. (2024). Fraud reports and statistics. https://www.nibss-plc.com.ng

Nigeria Inter-Bank Settlement System. (2025). Annual fraud landscape report. https://www.nibss-plc.com.ng

Ofoegbu, G. (2024). AI-based fraud detection systems in financial services. Journal of FinTech Innovation, 8(3), 120–135. https://doi.org/10.1108/JFI-2024-0032

Ogunrinde, T. (2025). Vulnerabilities of SMS-based authentication systems. Journal of Cyber Risk, 9(1), 44–59.

Olelewe, C., & Onwumere, J. (2024). Online banking vulnerabilities and fraud escalation in Nigeria. African Journal of Cybersecurity Studies, 11(2), 77–92.

Onyeama, C. (2024). Anomaly detection in financial transactions using autoencoders. Journal of Machine Learning Applications, 10(2), 77–92. https://doi.org/10.1016/j.jmla.2024.100245

Ponemon Institute. (2023). State of cybersecurity in financial services. https://www.ponemon.org

Torkaa, A., Bello, M., & Yusuf, H. (2024). Challenge-response authentication systems for secure banking applications. African Journal of Information Systems, 16(3), 89–104.

Waliullah, M., Rahman, A., Karim, M., & Hasan, S. (2025). Enhancing fraud detection using artificial intelligence and multi-factor authentication. Journal of Financial Technology, 12(2), 101–120. https://doi.org/10.1016/j.jft.2025.100198

Downloads

Published

2026-04-30

Issue

Vol. 1 No. 1 (2026): April 2026

Section

Articles

License

Copyright (c) 2026 Grace Egenti, John Ajayi Ojo (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.