CBN moves to secure USSD mobile transaction platform
Central Bank of Nigeria (CBN) has come up with an exposure draft to secure the Unstructured Supplementary Service Data (USSD) code for mobile transactions, which is becoming increasingly more popular among banks in Nigeria.
Laja Shorunke, Group Head, IT& E-banking control at United Bank for Africa, disclosed this when he spoke at the Hackcess cyber security conference 2017, held recently in Lagos.
All the banks in Nigeria today, have the short USSD transaction codes that make it easier for criminals to attack the finances of unsuspecting customers through the use of mobile phones, especially with relatively easy subscriber identification module (SIM) swap processes.
According to Shorunke, “the CBN has come up with an exposure draft for USSD as part of its efforts to secure the channel, especially with the increase of malware on mobile devices as well as SIM replacement challenges.
“One of the first things that they have said is that all USSD channels must have a password for transactions. There are a whole lot of securities requirements that have been put in place for the exposure draft, which we believe will come out soon as a directive. This will solve a lot of issues and directives on the USSD.”
Also speaking as a panellist, Benedict Anyalenkeya, chief information office, Accion Microfinance Bank Limited, said, “Banks have been asked to make sure that they have authentication in the process, especially with enrolment.
You must have a PIN authentication so that someone cannot just enrol USSD with just an account number. Now, you have a PIN code that is sent to the phone number that is tied to the account on the core-banking database.
“So, for you to be able to enrol an account for USSD, you must know the phone number dedicated to that current or saving account of the customer, you must also know the account number and the pin. These are layers that are compulsory and any bank that has not adopted that must pay for any loss that happens to any customer.
“At other levels, banks are also reducing the transaction limit cap to ensure that even if you are defrauded and you receive the alert once, you can easily send a message to block your account.”
On how the telcos are helping the banks to secure mobile transaction channels, Elliot Zvoushe Dhliwayo, security manager (Network Group) at MTN Nigeria, said, “The culture for security needs to change, whether it is through awareness or whether it is through some kind of technology out there.
“ A lot of people are not careful with their smartphones, which hold so much data including their applications, social media accounts, contacts and so many other things. People should start by first securing the mobile phones by putting a security pass code on their phones.”
Stories by Motolani Oseni
