Ghana banks need standards to deepen fight against electronic fraudsters
Mr Archie Hesse, CEO of Ghana Interbank Payment and Settlement System (GHIPSS), said there is the need for all banks, international institutions and merchants to achieve accreditation of global best practice standards.
Some of the standards are the Payment Card Industry Data Security Standard (PCIDSS) and the global Information Security Management Systems standard (ISO27001), which ensures confidence in the use of electronic payment systems.
Mr Hesse was speaking at a breakfast forum, in Accra, organised by Digital Jewels, an ICT Governance, Risk and Compliance firm that focuses on Information Security, Risk & Compliance & Capacity Building along the Information Value Chain.
“If you are moving from the usage of cash to electronic payment in the absence of these standards and fraudsters attack the system, there will be a loss of confidence. So while we are pushing for a cash-lite society we have to be mindful and ensure that the whole ecosystem, all banks actually embrace these standards,” he added.
Mr Hesse was speaking from an informed perspective given that GHIPPS is already certified to the ISO27001 standard and is looking to achieve the PCIDSS standard.
His comments were also timely given the Bank of Ghana’s recent directive to all banks to attain compliance to PCIDSS by September 2016.
Chief Executive Officer of Digital Jewels, Adedoyin Odunfa, said there is the need for massive public education to make sure that people are aware of the exposures and the necessary precautions they can take.
“Organisations must apply an approach that includes an adoption of best practice standards. The Ghanaian community must take standards like PCI DSS and ISO27001 seriously because they cannot really afford not to,” she added.
She added that government and institutions must take a holistic view to security, which involves a focus on processes, people and technology.
She said instead of re-inventing the wheel, organisations should look to adopt global best practice standards to put in place effective counter measures to “improve their own security posture”.
“These standards have been developed overtime and are continuously advanced. So organisations must take advantage of what already exists. If you have a solution sitting on the table, why won’t you take it?”
Abiola Bawuah, Chief Executive Officer of United Bank for Africa (UBA) Ghana said banks need to constantly be a step ahead of electronic fraudsters in order to retain the trust of customers.
According to her, data is the most important commodity in today’s world of online and internet banking, and thus, banks must do everything they can to protect customers’ data.
“Protection of data should be the number one priority of banks. Whatever the cost is in protecting this data, it is worth the expenditure because it is much costlier losing it to fraudsters,” she said.
“Electronic fraudsters are always seeking cardholder data. By obtaining the Primary Account Number and other sensitive authentication data, a fraudster can impersonate the cardholder, use the card, and steal the cardholder’s identity.
“The breach or theft of cardholder data affects the entire payment card ecosystem. Customers suddenly lose trust in merchants or financial institutions with them losing credibility (and in turn, business), while also facing numerous financial liabilities,” she added.
According to the Bank of Ghana (BoG), electronic fraud constitutes more than 80 per cent of all complaints that are reported at its Consumer Reporting Unit.
With the BoG directing all commercial banks to put in place measures to curb electronic fraud, a number of banks are in the process of adopting chip and PIN systems of authentication to replace existing Magnetic Stripe cards.
The directive also expects all banks, by September, 30, to adopt and enforce PCI DSS and ISO8583 with regard to the acceptance of payment cards, and storage, processing, and/or transmission of cardholder data.
Source: GNA