The Central Bank of Nigeria (CBN) has directed deposit money banks (DMBs) to implement anti-fraud solution on their cards management system and also ensure that from February 2015, only customers that expressly indicate their intention of travelling to non-EMV jurisdictions would have their cards default to the magnetic stripe and for the period indicated by the cardholder only.
The bank which explained that the move was part of efforts to tackle fraud on electronic banking platforms therefore charged banks to ensure that their customers are adequately educated.
The Director, Banking and Payments System Department, CBN, ‘Dipo Fatokun, via a document titled: “Circular on Nigerian Issued Card Present Fraud in Non-EMV Environment,” said banks are also required to carry out regular awareness campaign to cardholders on tips to avoid fraud in non-EMV environment as well to ensure strict compliance on PCIDSS and their vendors/partners involved in card processing activities.
“All the DMBs will be liable to make refund on the card fraud abroad. Please be guided and ensure strict compliance with the content of this circular,” it added.
According to the central bank, the occurrence of card present fraud in non-EMV environments is on the increase, especially when international hybrid cards issued by Nigerian banks are used in non-EMV environments like the USA.
In addition, it requested that “all DMBs should collate all their card frauds abroad and send to CBN not later than January 30, 2015. “Subsequently, all data on card fraud occurring abroad should be rendered on the NIBSS fraud portal.”
Meanwhile, in a separate circular titled:
“Circular on Implementation of Two Factor Authentication for Internal Banking Process,” also signed by Fatokun, the banking sector regulator argued that a major identified cause of fraud in the banking industry had been traced to increased insider abuse.
This abuse, according to the central bank, revolves around identity theft and abuse of authorisation.
It also noted that the increased use of automation in most banking payment processes had further escalated insider abuse in banks with weak authentication procedures.
It therefore directed all DMBs to implement a maker/checker control structure for all payment platforms, including account and database system maintenances on core banking systems.
“The risk appetite/capacity of individual banks will be a key factor in considering transaction limits for maker/checker roles. DMBs are expected to comply by December 31, 2015.
“Implement two factor authentication at login points for applications driving transfers, withdrawal, deposit, standing order, account maintenance and system maintenance processes. “An implementation plan should be submitted to the central bank by January 30, 2015 and all banks are expected to fully comply by December 31, 2015, failing which defaulting banks would incur a penalty of N50,000 daily.
“All payment processing gateways and third party processors should implement fraud-monitoring tool to check transfers from an account to multiple bank accounts by December 31, 2015.”