CBN Governor, Sanusi Lamido Sanusi
The Central Bank of Nigeria (CBN) has advised banks and other service providers in the electronic payment business to upgrade their security systems in compliance with new Payment Card Industry-Data Security Standards (PCI-DSS) so as to guard against fraud in the industry.
The PCI-DSS is a set of standards and security due diligence practices issued by a global information technology security regulatory body to help ensure the safe handling of payment card data.
Speaking at the July forum of the Nigerian Electronic Fund Forum (NEFF) in Lagos at the weekend, Deputy Director, Domestic Payment Division, Central Bank of Nigeria (CBN) and Chairman of the Forum, Mr Emmanuel Obaigbona, said compliance with the new security measure would deepen the cash-less initiative.
Obaigbona who was the chairman of the forum, also said the PCI-DSS is also associated with management of privileged identities and controlling insiders and administrators from accessing sensitive data in organisation.
He said: “The move is a proactive process towards enlightening Nigerians, especially those in the financial sector on measures to mitigate fraud associated with electronic payments. We need to do something to prevent fraudsters that come our way.
“A lot of fraud is moving from Lagos to places where there is no use of electronic payment systems. We need to fight this fraud and also be proactive about it.”
Managing Director, Standard Chartered Bank, Mrs. Bola Adesola, noted that every new system had its vulnerability, even as she stressed the need for collaboration to fight against fraud.
On his part, Managing Director, Digital Encode Limited -a security solution company, Mr Adewale Obadare, said: “Compliance with PCI-DSS helps to mitigate risks associated with prevalent use of banks’ cards and payment channels. There is a growing cloud community of fraudsters hoping to hack new electronic payment platforms. With this trend, PCI-DSS has been mandated for all merchants or banks that store, process and or transmit cardholder data”
“Managing and monitoring access to the electronic payment environment while locking down administrative privileges is crucial to protecting sensitive data within this expanded threat environment.”