The Central Bank of Nigeria (CBN) has ramped up its anti-electronic-fraud campaign with the implementation of a two-factor authentication requirement for deposit money banks. The initiative has been implemented in an effort to reduce the level of electronic fraud, a major component of which has been traced to increased insider abuse.
The apex bank, in a circular titled “Implementation of Two-Factor Authentication for Internal Banking,” pointed out that the abuse revolves around identity theft and abuse of authorization.
The bank stated “It has therefore become necessary for the Central Bank to issue the following directives to all DMBs:
- Implement a Maker/Checker control structure for all payment platforms, including account and Database system maintenances on core banking systems. The risk appetite/capacity of individual banks will be a key factor in considering transaction limits for maker/checker roles. DMBs are expected to comply by December 31, 2015.
- Implement Two Factor Authentication at login points for applications driving Transfers, Withdrawal, Deposit, Standing Order, Account Maintenance and System Maintenance processes. An implementation plan should be submitted to the Central Bank by January 30, 2015 and all banks are expected to fully comply by December 31, 2015, failing which defaulting banks would incur a penalty of N50,000.00 daily.
- All payment processing Gateways and Third Party Processors should implement Fraud-Monitoring Tool to check transfers from an account to multiple bank accounts by December 31, 2015.
