By Dipo Olowookere
With effect from June 1, 2018, bank customers would not be able to make transactions worth more than N100,000 per day using the Unstructured Supplementary Service Data (USSD) channel.
This is a new regulation put in place by the Central Bank of Nigeria (CBN), which was contained in a circular dated April 17, 2018 and signed by the CBN Director of Banking System and Payments Department, Mr Dipo Fatokun.
According to Mr Fatokun, “The vast applications of the USSD technology, in terms of available services have raised the issue of the risks inherent in the channel. In this regard, concerns have been expressed on the likely exposure of CBN approved entities to the possible breaching of the USSD accessed financial services in view of likely vulnerabilities in the technology and the ever growing threats.
‘‘Furthermore, the implementation in Nigeria has created multiple USSD channels to customers, thereby increasing their exposure to risk, without a common standard for all. ‘‘This framework therefore, seeks to establish the rules and risk mitigation considerations when implementing USSD for financial services offering in Nigeria.”
He said further that, “USSD based financial transaction requires encryption to protect the integrity of the financial information.
“To this end, Financial Institutions providing use of the USSD channel shall: Put in place, a proper message authentication mechanism to validate that requests/responses are generated through authenticated users.
“Such authentication mechanism shall include a minimum combination of any of International Mobile Subscriber Identity (IMSI), Date of SIM Swaps, Date of Mobile Station International Subscriber Directory Number (MSISDN) Recycle, International Mobile Equipment Identity (IMEI), Date of device change, etc.
“Also, Financial Institutions providing use of the USSD channel shall: Ensure that the customer receives notification on the status of every transaction conducted through the channel; Not use the USSD service to relay details of other electronic banking channels (in case of banks), to their customers, to prevent compromise of other electronic banking channels through the USSD channel; Avail the customers the option to opt in/out of the USSD channel for financial Transactions.’’