Mr Lawal Aribidesi, Risk Service Manager, West Africa, Visa Nigeria, on Tuesday warned banks to fill the gaps in their digital payment systems to avoid cash-out attacks by cyber criminals.
Aderibidesi gave the warning during the Annual Payment Systems and Fraud Conference held in Lagos.
Cash-out attacks is a means through which cyber criminals use a bank or payment card processor or cloned cards at cash machines to potentially withdraw millions of naira within few hours.
He said that cyber criminals usually installed malware on bank’s debit card payment system, access card information, removed fraud controls such as maximum withdrawal amounts and exploited unlimited network access.
Aderibidesi noted that the network-based attack was the next technique by cyber criminals to cash money from ATMs securely and efficiently.
He said that the cyber criminals also studied the banks they planned to attack for several months before perpetrating the fraud.
“The cyber criminals usually target debit, credit and prepaid cards, ’’ Aderibidesi said.
He said that successful incidents of ATM cash-out attack usually led to significant loss of millions of naira on the part of banks.
“Most of the cards used for cash-out attacks are valid cards.
“Eighty per cent of banks that are cash-out victims are certified but have not followed the 12 Payment Card Industry requirements, which could have prevented them from being attacked.
“The Payment Card Industry Data Security Standard (PCI DSS) applies to companies that accept credit card payments.
“If your company intends to accept card payment and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider.
“Banks should not allow cyber criminals to know the gaps in their payment systems. The banks need to do thorough gap analysis to avoid such attacks, ’’Aderibidesi said.
He urged banks to partner with risk management companies to jointly combat e-payment fraud.
The manager said that security controls ought to be constantly upgraded to make it difficult for mischief makers to succeed in their nefarious activities.
“In this digital age, we need to know that the security controls used two years ago cannot be used now, because cyber criminals come up with new threats on daily basis.
“It is, therefore, necessary as a country that we should upgrade our security controls on daily basis to be a step ahead of the cyber criminals, ‘’ Aderibidesi said. (NAN)