E-payment providers urged to be security conscious
The Founder and Principal Consultant of e-Crime Bureau, Mr Albert Antwi-Boasiako, has advised businesses who offer electronic payment services to be security conscious.
Advertisement
He said as businesses took advantage of the e-payment technology, system and infrastructure, they also needed to put in place the necessary security measures because the technology could not protect itself.
Mr Antwi-Boasiako said this in an interview with the Graphic Business in Accra last week. He urged businesses to conduct regular security audit, because according to him, security was progressive.
“You don’t test it today and go and sleep with the assumption that your system has already been tested. It is a continuous thing and you have to engage someone whose major work is to police the cyber space for the necessary advice,” he said.
He also called for the need to adopt the right technology, which is technology that had been tested security-wise and was fit to run on e-payment infrastructure.
He said there were certain best practices that one could do to ascertain the right technology.
Challenges
Ghana is moving gradually towards a cashless society, a move intended to reduce the amount of cash people carry around to do business.
Banks and the telecommunication companies have recently been coming out with various e-banking products and e-payment services and this development is expected to grow in the coming years.
Mr Antwi-Boasiako said as volumes of transaction of these developments were expected to increase, the issue of threats and fraud would also increase.
He pointed out that the major challenge of the e-payment services was its extension to remote users through technology. He said another challenge was also the integration of e-payment systems applications into core banking.
“This is where the risks are. The question is: Have these tools and applications been audited to ascertain whether they are indeed secured and robust enough?” he asked.
He therefore cautioned e-payment service providers to take the necessary measures in order to ensure that the system they were implementing was secured and robust enough.
“Even after it has been implemented, there should be regular audit and updates,” he added.
Necessary regulations
He also called on the Bank of Ghana (BoG) to come up with the necessary regulations and guidelines to help e-payment service providers operate in a safe environment.
He again asked the BoG to audit the various e-payment service providers to find out if the technology they were using were adequately secured.
“The BoG must put out guidelines, clearly stipulating the parameters, security wise, within which e-payment providers should operate,” he stated.
Mr Antwi-Boasiako said the e-money area was new and it expected the BoG to understand the dynamics of e-money in order to properly regulate the sector.
“We should have a comprehensive and responsive guideline that will be able to address some of the threats related to the e-money market,” he added.
About e-Crime Bureau
e-Crime Bureau is a cyber security and investigation agency which started about five years ago. It offers services such as cyber security, data protection and most importantly electronic related investigation and audit.
It has been supporting the financial institutions, the telecom communications, the multinational companies and has a strong collaboration with public sector institutions as well as state law enforcement agencies on cyber-related issues.
Mr Antwi-Boasiako said it had been increasingly supporting institutions who offered e-payment services because of the kind of threats attached to the system.
He said his company was more interested in preventive measures, as its strategic objective was to be able to support businesses to adopt the best practices to ensure they prevented the frauds targeted at their e-payment platforms. He said it also offered security assessment and audit, which was key especially on e-payment platforms.
“E-payment platforms are composed of technology so what we do for the institutions is, before the system is even deployed, we conduct a security audit to ensure that the technology which is about to be deployed to facilitate electronic payments is guaranteed and secured enough,” he stated.
He said even after the infrastructure has been set up, it still conducted a security audit review assessment to ensure that there had not been any development on it that could be exploited by external attackers.