Banks Spend N950m to Secure Networks against Cyber-Attacks
Majority of the money were spent on the certification of Payment Card Industry Data Security Standards (PCI DSS) version 3.1, the latest security measure aimed at waging off hackers from networks.
PCIDSS is a framework for ensuring that critical information assets are protected from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Nigeria CommunicationsWeek investigations revealed that each of the 19 banks spends some N50 million in implementing all controls needed for certification of PCIDSS inclusive of consulting fee.
It would be recalled that CBN had directed all deposit money banks, Switches and Processors to be PCIDSS certified, on or before November 30, 2014. While the version 3.1 is an upgrade to the existing implemented standard and was released in January this year.
Oluseyi Akindeinde, chief technical officer, Digital Encode, a company that assist banks and other organisations to achieve PCI DSS certification, said though there is no deadline by CBN to Banks on this version, but it is mandatory for banks to upgrade to this version as a security measure to protect their customers against external fraud. He added that, PCI DSS Version 3.1 is just an update to the already existing PCI DSS version 3.0. He added that as at today all banks are now PCIDSS certified.
“It was brought about by the ever evolving and changing sphere of information security. It has updated a few of the objectives and added new controls in line with the current landscape of payment systems threats and risks. There are quite a number of advantages. One is that it makes application security testing a very key component of the overall process.