Nigeria’s apex bank has pegged maximum daily limits of N100,000 when Unstructured Supplementary Service Data (USSD) option are used for mobile phone transactions.
The Central Bank of Nigeria (CBN) says the new maximum daily transactions takes effect from June 1, this year under its plan to secure electronic payment services in the country.
According to the CBN document obtained by Technology Times the implementation of the policy is one of the apex bank’s mandate to develop and enhance security of electronic payment system in Nigeria.
The document titled, The Regulatory Framework for The Use of Unstructured Supplementary Service Data (USSD) in the Nigeria Financial System seeks to establish the rules and risk mitigation considerations when implementing USSD for financial services offering in Nigeria, according to the apex bank.
The framework signed by ‘Dipo Fatokun CBN Director, Banking & Payments System Department, says vast applications of the USSD technology, in terms of available services have raised the issue of the risks inherent in the channel.
The USSD technology is a protocol used by the GSM network to communicate with a service provider’s platform. The session-based, real time messaging communication technology, which is accessed through a string that normally starts with asterisk (*) and ends with a hash (#). It is implemented as an interactive menu driven service or command service.
Fatokun says although the N100,000 limit per customer, per day for transactions applies, customers desirous of higher limits shall execute documented indemnities with their banks or Mobile Money Operators (MMOs).
The apex bank has also mandated the use of an effective second factor authentication by customers for all transactions above N20,000. This shall apply in addition to the Personal Identification Number (PIN) being used as first level authenticator, which applies to all transaction amounts.
According to the framework, banks shall not send the second factor authentication to the customer’s registered GSM number or device; and it shall not be generated or displayed on the USSD menu.
Banks are also required to install a behavioral monitoring system with capability to detect SIM-Swap/Churn status, user location, unusual transactions at weekends, among others. This shall be achieved by 31st October 2018, according to the banking sector regulator.
The framework said financial Institutions shall be responsible for setting up dispute resolution mechanism to facilitate resolution of customers’ complaints and shall treat and resolve any customer related issues within three working days. Also, non-compliance shall be subject to penalty, as may be prescribed by the CBN, from time to time.
“There shall be Service Level Agreement between the Financial Institutions and MNOs/VAS & aggregators, benchmarked against the Nigeria Communication Commission Quality of Service (QoS) regulation and service availability requirements of electronic payment services of the CBN,” it said.
Service providers are also to put in place systems that enable users/subscribers to block their account from operating USSD service and that no USSD financial service should be activated for customer unless the deactivation mechanism is put in place with effect from June, 2018.
On penalties for infractions, it said the appropriate Regulator (CBN and/or NCC) as applicable shall impose appropriate sanctions for any contravention on any participant that fails to comply with this framework.
The new framework is in exercise of the powers conferred on the CBN by Section 47 (2) of the CBN Act, 2007, to promote and facilitate the development of efficient and effective system for the settlement of transactions, according to the apex bank.