Skip to main content

Protecting Customers' Information: Will operators embrace global standards ?

There are people who have vowed never to have anything to do with electronic payment again, no matter the preaching about the benefits. They are bank customers who have fallen victim to electronic payment fraud or e-fraud, and lost huge sums of money in the process.

Their bitterness is aggravated by the callous manner some banks usually respond to their plight. “Oh you must have compromised your PIN (personal identification number) by giving it to somebody or by allowing somebody to access it”, these banks tell such people.

It is not peculiar to Nigeria, e-fraud popularly known as ATM fraud is a global phenomenon. The amount lost to this fraud by customers and electronic payment services run into billions of dollars.

The first step to successful perpetration of this kind of fraud is to have access to the information of the customer, including the PIN, account number etc. The information is then used to produce a duplicate ATM card of the customer which is then used to access and steal his/her money.

The information can also be used to access the money to make purchases or transfers via the internet and Point of Sale terminals (PoS). That is why e-fraud thrives during transition from cashless to electronic payment dominated economy, as Nigeria is doing.

For most of part of the transition, most people are not yet familiar with the operations of electronic payment channels, and also their vulnerability to fraudsters vis-a-vis handling of their cards and PIN. Also because it is a new system, there are loopholes, vis-a-vis regulation and infrastructure that can be easily exploited by fraudsters.

Globally, so much effort has been devoted to checkmating these fraudsters, and much of the effort is channelled towards preventing them from accessing customer information. This is done by ensuring that electronic payment systems and operations have the necessary security measures for protection of customers’ information.

The aim is to ensure that no one can illegally access these systems and channels to steal information of customers transacting businesses over them. This effort have over time culminated to what is called Payment Card Industry Data Security Standards (PCIDSS).

PCIDSS is the global minimum standard for protecting customers or users of electronic payment services from e-fraud. Any electronic payment system or channel that does conform to this standard is highly vulnerable to fraud. Unfortunately, only one per cent of electronic service providers in Nigeria have systems that conform to this standard.

Consequently, 60 per cent of the electronic payment system infrastructure in Nigeria is vulnerable to fraud. Very disturbing! This is despite the directive by the CBN that all operators comply with this standard by December 31, 2012.

This embarrassing vulnerability of e-payment to fraud in Nigeria and the need to conform to PCIDSS was the focus of two major industry gatherings last week. The first was a workshop on PCIDSS and the Cashless Nigeria organised by Phillips Consulting International and the Central Bank of Nigeria (CBN). The Second was the meeting of the Nigeria E-Fraud Forum (NEFF).

In her remarks at the NEFF meeting, Managing Director, Standard Chartered Bank, Mrs. Bola Adesola, said that every new system has its vulnerability and this should be addressed. “There is a lot of collaboration internationally to fight against fraud and Nigeria cannot afford to be left out,” she said.

At the workshop on PCIDSS, Mr Musa Itopia, Head of Payments System Oversight Office of CBN said that there are three major reasons why electronic payment operators in Nigeria have not conformed to PCIDSS and hence the high level of vulnerability to fraud.

The first is lack of management buy-out, the second is budgetary constraint and the third is dearth of Qualified Security Assessors (QSAs) to help them upgrade their system to conform to the standards. The way forward according to Emmanuel Obaigbon, Chairman, NEFF is collaboration and sensitisation.

He said: “The new standard, PCIDSS, will aid the security of electronic payment in the country, as it is associated with the management of privileged identities and controlling insiders and administrators from accessing sensitive data. “The move is a proactive process towards enlightening Nigerians, especially those in the financial sector on measures to mitigate fraud associated with electronic payments.”

According Mr. Emeka Emuwa, Chairman, Enterprise Bank, the industry needs to be ahead of fraudsters. “We must also be sure that fraudsters will follow the new form of payment both physically and logically. As the fraudsters are planning, we need to develop our skills and plan.”

Encouraging operators to embrace the standard, Mr Adewale Obadare, Managing Director, Digital Encode Limited, a security solution company, said: “Compliance with PCIDSS helps to mitigate risks associated with prevalent use of banks’ cards and payment channels. There is a growing cloud community of fraudsters hoping to hack new electronic payment platforms. With this trend, PCIDSS has been mandated for all merchants or banks that store, process and or transmit cardholder data.

“Managing and monitoring access to the electronic payment environment while locking down administrative privileges is crucial to protecting sensitive data within this expanded threat environment. Many organisations are still trying to catch up on PCI 2.0 requirements, and those exploring virtualisation will now need to fully understand new hurdles to meeting audit requirements and protecting sensitive customer data and financial information”.

Comments

Popular posts from this blog

HOW TO IDENTIFY AND AVOID BITCOIN SCAMS

Bitcoin is attractive to scammers for the same reason it's appealing to you; it's fast,it's international and it's irreversible. So as Bitcoin usage has grown, we have seen more and more scams. The following are some of the most persistent Bitcoin scams. Bitcoin Ponzi, HYIP or MLM schemes These schemes promise sky-high returns and low fees. They often rely on existing investors signing up new ones, which is the only source of revenue or growth. As with all ponzi schemes, early investors get paid with the money from later investors. Inevitably when new investors stop signing up and depositing, the scheme collapses, since no more funds can be paid out. What to look out for These are some of the warning signs that you might be dealing with  an illegal scheme: * Promises of very high returns/interest * Guarantees that you can't lose money * Little verifiable information on company and owners * Difficulties in withdrawing  your funds * ...

DO NOT MISS THIS AUDCOINS FREE MONEY

If you never make free money, please read and get some here, BECAUSE THIS MIGHT BE YOUR OPPORTUNITY TO CHANGE YOUR STORY. Do not joke with this  free earning opportunity because you might wake up one day to see it becomes the big thing and you won't forget missing this. I am happy to announce that Aussie Digital airdrop has finally launched. The Aussie Digital project has been designed to help, not hinder the growth of small to medium business online. The trading exchange (TRADEDO TRADING EXCHANGE) itself looks very professional and smooth. Nothing less than you would expect from a professional company like Aussie Digital. You can create your own online store with Tradezy a cryptocurrency supported e-commerce platform that enables the small scale business owners to hopen their online store at affordable price. The Aussie Digital will launch its ICO on 27th may 2019. It means, before the arrival of ICO date you have great opportunity to earn free AUDcoins without ...

NCC Warns Nigerians On Two New Ways Hackers Steal Information Through Phone Charging And Facebook

  The Nigerian Communications Commission’s Cyber Security Incident Response Team (NCC-CSIRT) has independently identified two cyber vulnerabilities and advised Nigerian telecom consumers on the measures to be taken to get protected from the cyber-attacks. The CSIRT, in its first-ever security advisories less than three months after its creation, has solely identified the two cyber-attacks targeting the consumers and proffer solutions that can help telecom consumers from falling victims to the two cyber vulnerabilities. The first is described as Juice Jacking, which can gain access into consumers’ devices when charging mobile phones at public charging stations and it applies to all mobile phones. The other is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System. According to CSIRT security Advisory 0001 released on January 26, 2022, with Juice Jacking, attackers have found a new way to gain unauthorized entry into unsuspecting mobile ph...