8 minute read
Cybersecurity Threats And CBN PSV 2025 Strategic Plan
The Central Bank of Nigeria (CBN) recently launched its Payment System Vision (PSV) 2025 Strategic Plan to among other things address the growing cybersecurity Threats in the Nigerian financial sector.
A cyberattack is an intentional and malicious effort by an organization or an individual to breach the systems of another organization or individual. The attacker’s motives may include information theft, financial gain, espionage, or sabotage.
Advertisement
For instance, Kaspersky’s Financial Cyberthreats report released in 2022 revealed that attacks in the financial sector were becoming increasingly corporate-oriented and shifting away from consumers.
Kaspersky Security Network data shows that the number of financial phishing attempts in the African regions increased significantly from Q1 to Q2 of 2022. Banks, payment systems, and e-commerce websites were attacked.
Financial phishing is a deceptive way of stealing information and is gaining momentum in the region. Phishing is a type of online fraud where the scammer sends fake alerts from banks, e-pay systems and other organisations to trick consumers into sharing their financial details.
The alerts sent by the scammer can be related to loss of data, update credentials or system breakdown, which results in theft of passwords, credit card numbers, bank account details and other confidential information.
According to the Kaspersky telemetry, in Q2 of 2022 a total of 100,192 financial phishing attacks aimed at organisations were detected in Kenya, a 201% increase compared to Q1. The largest share of attacks was directed at e-commerce websites (58%), with banks (21%) and payment systems (also 21%) following.
For the same period in Nigeria a total of 61,344 financial phishing attacks aimed at organisations were detected, an increase of 79% compared to Q1. The largest share of attacks was directed at e-commerce websites (52%), with payment systems (42%) and banks (6%) following.
Emad Haffar, Head of Technical Experts at Kaspersky said, “a life without Internet is strange to us. So much so that our financial life is now digital. This is the magic of digitisation. But we also need to be aware of an unprecedented wave of challenges.
“Financial threats are one such challenge which is becoming more advanced in exploiting human behaviour and will only continue to grow. Businesses trying to stay ahead of such evolving, complex cyberattacks should make fraud prevention a focal point to control fraud transactions, eventually reduce fraud risk in the future and avoid reputation damage,” he said.
The CBN plan in this regard, was to provide a roadmap for the reform of the Nigerian payments system with the main goal of driving the adoption of electronic payments in different sectors of the economy and improving the resilience of the financial system.
The strategy was to address emerging issues and market realities related to risk management, compliance, governance and supervision.
Following the implementation of the initiatives in the PSV 2020, the Nigerian payments system has witnessed tremendous transformation underpinned by the rapid pace of digital innovation.
Consequently, the system recorded significant increases in the volume and value of electronic payments as well as a proliferation of products, channels and participants.
The payments system also contributed greatly to the increase in the financial inclusion rate, the reduction in the cost of financial services and improvement in quality of service, amongst others.
As expected, the PSV 2020 witnessed landmark achievements which would not have been possible without strong partnerships and collaboration by all ecosystem players –banks, payments service providers, regulatory authorities and other stakeholders in the public and private sectors.
These partnerships aided the crafting of business rules and regulations which not only created a conducive environment for product development but also supported seamless settlement and resilience of payments infrastructure.
In the PSV 2025, focus was shifted to critical stakeholders on contemporary developments that would drive digital innovations and payment in the future, such as contactless payments, big data, open banking, etc.
CBN urged all stakeholders to join hands with it to execute initiatives under the PSV 2025 towards fostering efficient and secure payments system in Nigeria.
With the PSV 2025 agenda, the CBN would continue to ensure that the Nigerian payments system is widely utilised domestically, supports government’s financial inclusion objectives and meets international standards whilst contributing to overall national economic growth and development of Nigeria.
In efforts to design a robust payments system in Nigeria, the CBN plays three critical roles, viz:
(i). As a Regulator
The Banks and Other Financial Institutions’ Act (BOFIA) 2020 and other enabling laws empower the CBN to regulate the banking and payments system towards ensuring a safe, stable and resilient systems. In this regard, the Bank licenses key operators in the payments system, maintains oversight on the participants and issues policies and regulations to support extant laws in enhancing payments system resilience. In performing this role, the Bank adopts a collaborative approach with other stakeholders.
(ii). As an Operator
The CBN operates the wholesale payments infrastructure, the Real Time Gross Settlement (RTGS) System. The system, being a key financial market infrastructure, operates in line with the Principles for Financial Market Infrastructure and local laws and regulations. This platform is key to ensuring an efficient and liquid settlement system.
(iii). As a Catalyst
The CBN, through the Payments System Vision (PSV) statements, helps in engendering innovation and wider adoption of electronic payments in different sectors of the economy. PSV 2020 was first issued in 2006 with the goal of driving the adoption of electronic payments across sectors and geographies in Nigeria.
PSV 2025 was recently issued as a guidepost for the payments system until 2025. Its main goal is to expand payment options available to customers and strengthen regulation of the payments system.
The CBN has continued to initiate and implement several programmes to drive innovation and meet emerging market needs in the payment system landscape. A key objective is the use of the payments system as a tool to achieve the financial inclusion goals of the country.
Through these programmes, the CBN has successfully repositioned the Nigerian payments system to be highly competitive and acclaimed as one of the most innovative globally. Thus, many payment products that abound in the country are not readily available in some other countries. These include instant payments, QR codes and Central Bank Digital Currency, i.e. the eNaira.
These efforts have culminated into a significant increase in the total volume of transactions on Electronic Payment Channels. While the use of cash and cheques continued to diminish, web-based transactions such as POS, NIP, ATM and MMO have increased substantially. For instance, between 2021 and 2017, the volume of transactions via electronic channels such as ATM, POS, WEB, MMO and NIP increased by 99.76, 1,775.72, 35,502.58, 2,413.44 and 836.50 percent, respectively. eNaira - The advent of the Corona Virus pandemic (COVID-19) no doubt triggered rapid advancements in financial technology leading to speedy digitisation of money and finance. The CBN took advantage of the opportunity by launching the eNaira in October 2021. The eNaira was developed to broaden the payment possibilities of Nigerians, foster digital financial inclusion, with potential for fast-tracking intergovernmental and social transfers.
Since its launch, the CBN has continued to modify its features to make it more accessible to a wide range of users. Today, one does not need a smartphone to use the eNaira as it has become compatible with all generations of mobile devices (old and new). Till date, over 1.4m transactions have passed through the eNaira platform.
Open banking - Another initiative of the Bank is open banking aimed at expanding the cache of customer data warehoused in the financial sector for use in developing innovative products to service the needs of the public. The CBN will ensure that the data exchange will be done in a way to safeguard the privacy and concerns of the customers who own the data in the first place.
The opportunities presented by open banking are diverse and it serves to enhance financial inclusion and encourage healthy competition in the financial services space as well as promote efficiency.
Regulatory Sandbox - The Bank also initiated the Regulatory Sandbox to provide the opportunity for innovators to test their ideas and products to regulators in a controlled environment where the risks and potential of the products could be assessed. The Bank recently opened the first cohort of the sandbox. Startups with innovative ideas are invited to apply to the sandbox.
Cardless and other contactless payment options - The industry is quickly evolving towards cardless and other contactless payment options, including QR Codes, NFC etc. In this regard, the Bank has issued robust regulations to standardise operations of contactless payments in Nigeria. Through contactless payments, financial transactions can be consummated without physical contact between the payer and acquiring devices. It is an innovative payment option for safe and efficient conduct of low-value, large-volume payments.
Bank Verification Number (BVN) - The BVN has continued to feature in our KYC requirements as part of plans to ease the constraint associated with poor identification of banking customers. We have continued to support the aggressive enrollment of prospective banking customers in the informal sector onto the BVN system.
With a total enrollment of 57,431,355 as at 31st March 2023, the BVN is supporting the development of credit profiles for banking customers, which will assist in improving access to credit for credit-worthy borrowers by banks.
The BVN has also helped the industry in investigating fraud and other related crimes. Some of the extant challenges faced by the Bank in implementing these initiatives: i. Weak social infrastructure – Effective operation of payment platforms is highly reliant on stable telecommunication networks and power infrastructure. These are currently not optimal in Nigeria, thus, impacting the stability and resilience of the payments system. ii. Activities of Unlicensed Entities – Some entities have continued to exploit access to information technology to engage in regulated activities without the appropriate licenses and authorisation. iii. Cyber Threats and Fraud – The activities of fraudsters continue to threaten the resilience of the payment platforms. The confidence of the public is impacted by these activities. However, the collaborative effort between the Central Bank of Nigeria and other players in the industry is helping to curtail the nefarious activities of these fraudsters.
24. In response to the challenges posed by cyber threats, the CBN has put the following initiatives in place: i. The Nigeria Electronic Fraud Forum (NeFF): consists of all relevant stakeholders, to proactively address challenges and safeguard the integrity of the e-payment channels. ii. Payment Card Industry Data Security Standard: mandatory for any entity that processes, stores/saves or transmits payment card data. iii. The Financial Industry Cybersecurity Fusion Centre: serves as a sectoral Computer Security Incident Response Team (CSIRT) for the Nigerian Financial Services Industry.
25. Other Initiatives against cybersecurity and fraud in Nigeria include: i. Cybercrime Acts’ enacted in 2021 to address National Cybersecurity Policy and Strategy ii. Endorsement of the SWIFT Sanction Screening Service & SWIFT Cross-border payments security (ISO20022 Standard) for banks. iii. Risk-based Cybersecurity framework for Payment Service Providers (PSPs) and Deposit Money Banks (DMBs) iv. Enforcement of Two-factor Authentication(2FA) requirement on all electronic banking products v. Enforced the Installation of AntiSkimming Device on ATMs
With these initiatives in place, the CBN has demonstrated irrevocable commitment to ensuring the stability and safety of the Nigerian payment system. Accordingly, we shall continue to deepen our oversight of the activities of operators in the payments system as well as ensure full compliance with regulations. In this regard, examiners and supervisors would continue to ensure that services delivered by participants meet required security standards.
The Bank will also continue to adopt a collaborative approach to achieve minimal cybersecurity threats in the payments system. A holistic mechanism for addressing cybersecurity threats requires policy and operational actions by all stakeholders. As you are aware, effective January 2023, the Bank issued a Risk-Based Cyber-Security Framework and Guidelines for Other Financial Institutions, to ensure their operational resilience in the face of cyber-security threats.
