Whatever the cost, banks must, as a matter of urgency, invest more in protecting the data of their customers from the rising menace of electronic fraudsters, Abiola Bawuah, Chief Executive Officer of United Bank for Africa (UBA) Ghana has said.
“Data is the most important commodity in today’s world of online and internet banking. Protection of data should be the number one priority of banks,” she said at a breakfast forum organised by Digital Jewels, an ICT firm that focuses on Information Security.
“Whatever the cost is in protecting this data, it is worth the expenditure because it is much costlier losing it to fraudsters,” she said.
“Options”
The forum which featured a cross section of executives from the banking, telecoms and other sectors of the economy, focused on the increasing activities of electronic fraudsters and how organizations can halt their attacks on the financial system with the implementation of security standards like the Payment Card Industry Data Security Standard (PCI DSS) and ISO27001, a specification for information security management system.
“Electronic fraudsters are always seeking cardholder data. By obtaining the Primary Account Number (PAN) and other sensitive authentication data, a fraudster can impersonate the cardholder, use the card, and steal the cardholder’s identity.
The breach or theft of cardholder data affects the entire payment card ecosystem.
Customers suddenly lose trust in merchants or financial institutions with them losing credibility (and in turn, business), whiles also facing numerous financial liabilities,” she added.
With UBA having already implemented the PCI DSS security measures, Mrs. Bawuah, urged other banks vendors, processors, acquirers and retailers to take the payment card industry data security standard serious.
“Everyone needs to work together to make sure card data is being accepted, processed, transmitted and stored in the safest possible way,” she added.
According to the Bank of Ghana, electronic fraud constitutes more than 80 percent of all complaints and fraud cases that are reported at its Consumer Reporting Unit.
Millison Narh, First Deputy-Governor of the central bank, told bankers recently that the situation could cause “reputational damage”, not only to banks but “may have systemic implications that could even lead to blacklisting of the country by the outside world.”
With the Bank of Ghana directing all commercial banks to put in place measures to curb electronic fraud, several banks are in the process of adopting chip and PIN systems of authentication to replace existing Magnetic Stripe cards.
The directive also expects all banks, by 30th September, 2016, to adopt and enforce PCI DSS and ISO8583 with regard to the acceptance of payment cards, and storage, processing, and/or transmission of cardholder data.
Chief Executive Officer of Digital Jewels,Adedoyin Odunfa, said there is the need for massive public education to make sure that people are aware of the exposures and the necessary precautions they can take.
“Organisationsmust apply an approach that includes an adoption of best practice standards. The Ghanaian community must take standards like PCI DSS and ISO27001 seriously because they cannot really afford not to,” she added.
She added that government and institutions must take a holistic view to security which involves a focus on processes, people and technology.
She stressed that instead of re-inventing the wheel, organisations should look to adopt global best practice standards to put in place effective counter measures and therefore “improve their own security posture.”
“These standards have been developed overtime and are continuously advanced. So organisations must take advantage of what already exists. If you have a solution sitting on the table, why won’t you take it?”
Archie Hesse, CEO of Ghana Interbank Payment and Settlement System (GHIPSS), said there is the need for all banks and international institutions as well as merchants to achieve the standard to ensure confidence in the use of electronic payment systems.
“If you are moving from the usage of cash to electronic payment in the absence of these standards and fraudsters attack the system, there will be a loss of confidence. So while we are pushing for a cash-lite society we have to be mindful and ensure that the whole ecosystem, all banks actually embrace these standards,” he added.
Source: B&FT Online