CYBER FRAUD: BANKS MEET NOV. DEADLINE; DEPLOY N950million to SECURE NETWORKS AGAINST ATTACKS.
Owing to widespread electronic and cyber frauds in the nation’s financial system, cash and liquidity deposit banks in the country have so far spent some N950 million to secure their networks against external intrusions to checkmate criminals.
Making the revelation known, money market experts noted that majority of the money were spent on the certification of Payment Card Industry Data Security Standards (PCI DSS) version 3.1, the latest security measure aimed at waging off hackers from networks.
PCIDSS is a framework for ensuring that critical information assets are protected from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Investigations show that each of the 19 banks involved, spent about N50 million in implementing all controls needed for certification of PCIDSS inclusive of consulting fee.
Recall that the CBN had directed all deposit money banks, Switches and Processors to be PCIDSS certified, on or before November 30, 2014, while the version 3.1 is an upgrade to the existing implemented standard was released in January this year.
Oluseyi Akindeinde, chief technical officer, Digital Encode, a company that assist banks and other organizations to achieve PCI DSS certification, said though there is no deadline by CBN to Banks on this version, it is however mandatory for banks to upgrade to this version as a security measure to protect their customers against external fraud.
He disclosed that, PCI DSS Version 3.1 is just an update to the already existing PCI DSS version 3.0 pointing out that as at today all banks are now PCIDSS certified.
“It was brought about by the ever evolving and changing sphere of information security. It has updated a few of the objectives and added new controls in line with the current landscape of payment systems threats and risks.
“There are quite a number of advantages. One is that it makes application security testing a very key component of the overall process. Other key advantages include systems component inventory, third party and vendor relationships, advanced persistent threats and malware as well as physical access and point of sale security”, he said.
Emphasizing on why it will be highly beneficial for all banks to get certified to this new standard, he said “The PCI certification audit is a yearly process and as such it only makes sense to make adjustments where needed as it relates to the new version”.
In the meantime, cyber-security experts at the recently held Hackcess conference frowned at the intrusion disclosure regulations of CBN/NDIC that allow local financial institutions to conceal losses as a result of cyber-attack as a challenge to cybercrime fight.
Discussants ranging from risk management experts from telecom infrastructure providers, finance sector consultants, security software solution vendors as well as University of Lagos students all agreed that the greatest threat is the “denial syndrome” prevalent among large corporate and government agencies.
Mr. Rex Mafiana, CEO, FPG Tech Ltd, noted that a survey conducted by his Company revealed threat of intrusion on over 80 percent of the online presence of corporate institutions in Nigeria.
Leave A Response