BY NKECHI NAECHE—–The Central Bank of Nigeria (CBN) has announced that from June 1, 2018, bank customers using the Unstructured Supplementary Service Data (USSD) channel to transact will be limited to not more than N100, 000 per day.
The apex bank also highlighting the ‘Regulatory Framework for the use of USSD for Financial Services in Nigeria.
The CBN disclosed this in a notice signed by Dipo Fatokun, director, Banking System and Payments Department, dated April 17, 2018, that “The vast applications of the USSD technology, in terms of available services have raised the issue of the risks inherent in the channel. In this regard, concerns have been expressed on the likely exposure of CBN approved entities to the possible breaching of the USSD accessed financial services in view of likely vulnerabilities in the technology and the ever growing threats.
The notice further reads: ‘‘Furthermore, the implementation in Nigeria has created multiple USSD channels to customers, thereby increasing their exposure to risk, without a common standard for all. ‘‘This framework therefore, seeks to establish the rules and risk mitigation considerations when implementing USSD for financial services offering in Nigeria.”
“USSD based financial transaction requires encryption to protect the integrity of the financial information. To this end, Financial Institutions providing use of the USSD channel shall:
Put in place, a proper message authentication mechanism to validate that requests/responses are generated through authenticated users. Such authentication mechanism shall include a minimum combination of any of International Mobile Subscriber Identity (IMSI), Date of SIM Swaps, Date of Mobile Station International Subscriber Directory Number (MSISDN) Recycle, International Mobile Equipment Identity (IMEI), Date of device change, etc.
Also, Financial Institutions providing use of the USSD channel shall: Ensure that the customer receives notification on the status of every transaction conducted through the channel; Not use the USSD service to relay details of other electronic banking channels (in case of banks), to their customers, to prevent compromise of other electronic banking channels through the USSD channel; Avail the customers the option to opt in/out of the USSD channel for financial Transactions.”