With all the banks in the country now having Unstructured Supplementary Service Data (USSD) codes for banking transactions, the Central Bank of Nigeria (CBN) has issued an exposure draft regulatory framework for the use of USSD codes in the country.
The regulatory framework according to the apex bank is to ensure that the vulnerabilities in the technology world does not put customers’ fund at risk. CBN’s director, banking and payment systems ’Dipo Fatokun had earlier noted that the apex bank was in discussions with the banks to ensure the safety of customer funds through the USSD baking platforms.
CBN in the exposure draft stated that the vast applications of the USSD technology in terms of available services on mobile phones have raised the issue of the risks inherent in the channel. “In this regard, concerns have been expressed on the likely exposure of CBN approved entities to the possible breaching of the USSD based financial services in view of likely vulnerabilities in the technology and the ever growing threats.”
Under the new regulatory framework which is still up for more contributions and comments, the CBN directs that a USSD based financial transaction require end-to-end encryption to protect the integrity of the financial information. To this end, it said “all USSD-based financial services shall put in place a proper message authentication mechanism to validate that requests/ responses are generated through authenticated users.”
They are also to ensure that USSD communications channels use strong encryption mechanism and implement masked pin entry. Also, financial service providers are not to use USSD service to relay details of other electronic banking channels to their customers to prevent compromise of other electronic banking channels through the USSD channel. This means that customers’ information such as their BVN and other baking details would no longer be accessible via USSD codes.
Also, commercial banks have been alleged to charged customers extra on Short Message Service (SMS) for online transaction, faulting (CBN) directive on single SMS alert notification. According to findings, banks deduct from customer’s SMS alert received for a single online transactions, Charges and Value Added Time (VAT) at month end.
In a circular signed by CBN’s director, financial policy and regulation department, Mr. Kevin Amugo, stated that all associated notifications relating to a particular transaction should be consolidated into a single SMS alert.
“The guide to charges by banks and other financial institutions in Nigeria” circular released by CBN in May said, “Not more than N4/SMS. (Fees on alerts are restricted to only customer-induced transactions). All associated notifications relating to a particular transaction should be consolidated into a single SMS alert.”
In a swift reaction, president and founder, Consumer Advocacy Foundation of Nigeria (CAFON), Sola Salako explained that commercial banks will send customer SMS for amount transact, followed by amount charged and SMS for VAT.
She said, “All these received SMS is related to a single transaction which CBN has mandated it should consolidated into N4/SMS charges. When you do online transaction, check and balances are involved for authentication processes. “The truth about it is that online transaction alert can be in one SMS and a certain bank has started that single charges.”