The Central Bank of Nigeria (CBN) has issued a draft policy on access to DFS via USSD. This is response to work inter alia by the ITU DFS Focus Group and the DFS Observatory on USSD security and vunerabilities in SS7 which powers USSD. USSD is the main method of access to DFS via feature phones worldwide.
Here are key points from the draft policy
- Mobile money operators are eligible for short codes upon meeting the requirements by the Nigerian Communications Commission (NCC).
- Other interested operators are to apply for a letter of Comfort from the CBN before being issued a shortcode by the NCC.
- Put in place a strong mechanism for authentication.
- Use USSD channels with a secure encryption platform.
- Implement masked pin entry.
- USSD channels shall not be used to relay other electronic banking details of a customer.
- Transmission of messages between the customers phone and base stations should be encrypted.
- Customer complaints are to be resolved within 24 hours. Failure to do this, will lead to a penalty.