SHIELDING NIGERIA'S N23.4TN CARD PAYMENT BUSINESS FROM CYBER ATTACK
Hackers supporting WikiLeaks attacked the Visa and MasterCard websites on Wednesday, last week, after the payment card networks cut off donation transactions to the whistle-blowing organisation that recently disclosed several classified United States diplomatic information.
Experts said the cyber attacks, which slowed down the networks' websites or made them unresponsive, were unprecedented events that dragged electronic payment providers into an international political controversy.
Following the attack, which disrupted the payment card company's operations, MasterCard's Spokesperson, Mr. James Issokson, said, 'The issue appears to be the result of a concentrated effort to flood our corporate website with traffic and slow access.'
He, however, stressed the fact that the website's technical problems had no impact on the ability of consumers to use credit cards for secure transactions.
Analysts have said the cyber attack may have underscored the need for improved security in Nigeria's cards payment market, estimated to be N23.4tn, as well as the N80bn monthly ATM transactions.
The e-Payment Providers Association of Nigeria had estimated the value of the card payment market to be N23.4tn, while the Chief Executive Officer, Valucard Nigeria Limited, Mr. Kyari Bukar, had said the value of ATM transactions in Nigeria stood at N80bn monthly.
Nigeria completed the migration of all existing magnetic stripe cards to the more secure chip & PIN platform in September, 2010, following a Central Bank of Nigeria's directive.
As a result, most banks now issue MasterCard, Visa and Verve cards to replace the 30 million magnetic cards formerly in circulation.
The 16-member banks on the Interswitch network were said to have issued over 10 million Verve cards since October 1, 2010.
Experts also explained that attention must be focused on the MasterCard cyber attack because of the number of EMV (Europay, MasterCard and Visa) based cards in circulation in Nigeria.
They, therefore, argued that the attack on MasterCard website could not be neglected, especially in an emerging market like Nigeria.
According to them, industry players, such as Interswitch, eTranzact, ValuCard and Nigeria Central Switch, have a serious role to play.
Speaking on the implications of the MasterCard cyber attack on Nigeria's e-payment system and infrastructure, the General Manager, 3Line Card Management, Ms. Funke Adeojo, said, 'I think if we have been paying a lot of attention to doing frequent verification, penetration and intrusion tests on our internal and external networks, we should already have some level of protection. Surprisingly, this is a global wakeup call to let people know that there are people out there that are creatively trying to take advantage of loopholes in such businesses, like ours.
So, in Nigeria, it's a wakeup call. We all need to make sure that we are extremely secure and constantly doing tests to make sure that our systems cannot be intruded and we cannot have the type of bombardment that MasterCard had because people will try. And when they try, how robust is your system against such attacks?'
Adeojo noted that there was no cause for alarm, adding that Nigeria had a peculiar terrain, which required peculiar solutions.
'I certainly don't think there is any cause for alarm. And we have to understand that, despite what we say is happening globally, we have a peculiar terrain in Nigeria. We have to find local solutions to our local peculiar issues,' she said.
Speaking in the same vein, the Chief Executive Officer, RMS, Mr. Adeola Tejumola, said, 'Without totally creating a bias for the system, I think we still have a lot of improvements to do in terms of infrastructural stability and security. I would not confidently say that we are immune from what happened to MasterCard. As a matter of fact, I would say that we are even more vulnerable than the already established card markets.'
ValueCard's CEO, Bukar, had noted that poor information security and data protection in Nigeria's e-Payment system might hamper the multi-billion naira ATM transactions.
According to him, optimising the security components of card transactions is important to protect users' funds as well as sustain confidence in the country's card payment system.
'Losses from card fraud affect card usage rates, authorisation parameters, operational process and staffing while also decreasing profit margin. These losses can endanger the most valuable asset that acquirers and issuers have - their relationships with business partners and consumers,' he said.
Bukar, therefore, said the country must pay close attention to new technologies and processes that might prove to be effective in combating e-payment fraud.
According to the President, Information Security Society of Africa-Nigeria, Mr. David Isiavwe, the face of cybercrime is changing to a more malicious, finance-driven and harder-to-detect framework across the globe.
Isiavwe, who is also a general manager with the United Bank for Africa Plc advised organisations to secure their applications, web services and data.
The Managing Director, Interswitch, Mr. Mitchell Elegbe, in view of the above, said a lot had been done by the company to assure ATM card users of safe card transactions.
Elegbe noted that the firm's Verve card came with a number of security initiatives such as MoneyGuard, FraudWatch, FraudGuard, FraudInsure, FraudTeam, IdentityGuard, FraudAware and DataGuard.
These features, according to him, are designed to ensure that any transaction conducted with Verve card triggers an SMS alert, which enables the card owner to seek for his card protection service in case the card is used by an unauthorised person.
e-Tranzact had also introduced its own EMV card, called Genesis. The company said it had also come up with eTranzact Strong Authentication to protect cardholders in the country.
In the same vein, ValuCard, which deployed Visa/VPAY cards, has also embedded special three codes in its cards, called Card Verification Value.
The ValuCard boss explained that the CVV three digit codes are unique to a cardholder and no two CVV codes are the same.
Despite myriads of security measures put in place by operators, experts have warned that e-payment system in the country must be fully protected against cyber attacks, as no one knows when hackers will strike.