The Central Bank of Nigeria (CBN) may have raved up its anti-electronic fraud campaign with the emergence of a two-factor authentication for internal banking.
The initiative was scripted as a foil to the spate of electronic fraud in recent times, which facilitating factor has also been traced increased insider abuse.
The apex bank, in a circular titled: “Implementation of Two-Factor Authentication for Internal Banking,” pointed out that the abuse revolves around identity theft and abuse of authorization.
It also noted that the increased use of automation in most banking payment processes has further escalated insider abuse in banks with weak authentication procedures.
Given the developments, CBN said it has become necessary to reassess and issue new directives to all Deposit Money Banks (DMBs) in the country.
The bank therefore, directed DMBs to implement a “Maker/Checker” control structure for all payment platforms, including account and database system maintenances on core banking systems.
“The risk appetite/capacity of individual banks will be a key factor in considering transaction limits for maker/checker roles and DMBs are expected to comply by December 31, 2015,” the circular noted.
“DMBs should also implement a two-factor authentication at login points for applications driving transfers, withdrawal, deposit, standing order, account maintenance and system maintenance processes.
“However, an implementation plan should be submitted to the apex bank by January 30, 2015, with full compliance to the plans by December 31, 2015, with a penalty of N50,000 daily for defaulting banks.
Also, the CBN said all the payment processing gateways and third party processors are to implement fraud-monitoring tool to check transfers from an account to multiple bank accounts, with December 31, 2015, deadline.
Meanwhile, the Director, Banking and Payments System Department, CBN, ‘Dipo Fatokun, said the occurrence of Card Present Fraud in non-EMV environments is on the increase, especially when international hybrid cards issued by Nigerian banks are used in non-EMV country like the United States of America.
According to him, as a measure to finding solutions to the challenge, the apex bank has directed all the DMBs to collate all their card frauds abroad and send to CBN not later than January 30, 2015, while subsequent card fraud occurring abroad should be rendered on the Nigeria Inter-Bank Settlement System (NIBSS) fraud portal.
“They should also implement anti-fraud solution on their cards management system, not later than January 30, 2015, as well as ensure that from February 01, 2015, only customers that expressly indicated their intension of travelling to non-EMV jurisdictions, would have their cards default to the magnetic stripe and for the period indicated by the cardholder only”, he stated.
“All the DMBs must ensure strict compliance to the Payment Card Industry Data Security Standard and their vendors/partners involved in card processing activities.
“However, all the DMBs will henceforth be liable to make refund on the card fraud abroad, unless they have implemented the anti-fraud solution on their cards and comply with PCIDSS, alongside their vendors/partners”, he added.