Eugene Juwah, NCC CEO

Emma Okonji

Facts have emerged that a lot of online financial transactions by banks may be insecure and vulnerable to attack for lack  of standard information technology (IT) security compliance.

The situation became worrisome with the cashless initiative being driven by the Central Bank of Nigeria (CBN).

Web-jurist, an independent website assessor, told THISDAY in Lagos that only one out of the 19 operating banks in Nigeria, had been certified with the Payment Card Industry Data Security Standards (PCI-DSS) by the US-based Payment Card Industry Standard Security Council (PCI-SSC)- a global IT security regulatory body- setting the pace for security standards.

Web-jurist further revealed that switching companies like Interswitch and eTransact were also PCI-DSS compliant, including Phillips Consulting, the driver of Web-jurist in Nigeria.

Confirming the situation, Vice President of Wini Group, Mr. Tim Akano, stressed that banks must be PCI-DSS compliant in order to build the desired security confidence in their customers and to avoid modern-day online attacks by hackers, which could not only lead to loss of huge sums of money, but could also ground any financial institution with weak infrastructural base. 

THISDAY authoritatively gathered that the CBN had given directives to all banks to become PCI-DSS compliant as quickly as possible giving them up till 2013 to make adequate preparations for the certification.

Although most banks have commenced the process of certification of PCI-DSS, some of the banks that were yet to get the certification have assured their customers of safe and secure network for online transactions.   

According to Head of eBusiness at First Bank, Mr. Chuma Ezirim, the network remained robust, secure and safe to transact online business at any time.

“We are deploying Fundamo, one of the leading mobile money solution platforms in the world. The robustness and security of the platform led to the acquisition of the company by Visa International last year. Visa International controls over 60 per cent of the card market in the world and is a major player in the enforcement of PCI- DSS in the ePayment industry. Our platform is therefore, PCI- DSS certified,” Ezirim said.

Most of the banks claimed that their switching companies like Interswitch and eTransact, were PCI-DSS compliant and that every transaction on their networks was safe and secure.

But Akano argued that every bank and all insurance companies, needed the certification in order to upgrade their network and provide the double security expected of today’s online transactions, especially in the era of cashless economy.

THISDAY checks revealed that Phillips Consulting, the first Payment Card Industry Qualified Security Assessor (PCI-QSA) was collaborating with the banking and payment system department of the CBN to commence a two day workshop on PCI-DSS and Cashless Nigeria. The workshop  was aimed at acquainting Automated Teller Machine (ATM) card issuers, merchants, acquirers and service providers with the information required to prepare for, and achieve PCI-DSS compliance within a reasonable period and budget, as well as to enlighten stakeholders on relevant compliance solutions, required resources, and roles of management and boards in achieving compliance.