Central Bank of Nigeria Issues Draft Policy on USSD Security

The Central Bank of Nigeria (CBN) has issued a draft policy on access to DFS via USSD. This is response to work inter alia by the ITU DFS Focus Group and the DFS Observatory on USSD security and vunerabilities in SS7 which powers USSD. USSD is the main method of access to DFS via feature phones worldwide.

Here are key points from the draft policy

  • Mobile money operators are eligible for short codes upon meeting the requirements by the Nigerian Communications Commission (NCC).
  • Other interested operators are to apply for a letter of Comfort from the CBN before being issued a shortcode by the NCC.
  • Put in place a strong mechanism for authentication.
  • Use USSD channels with a secure encryption platform.
  • Implement masked pin entry.
  • USSD channels shall not be used to relay other electronic banking details of a customer.
  • Transmission of messages between the customers phone and  base stations should be encrypted.
  • Customer complaints are to be resolved within 24 hours. Failure to do this, will lead to a penalty.
Country / Block: 

Legal Disclaimer: The content appearing on this site is for general information purposes only and made available on an "AS-IS" basis. The law is subject to change and no representation or warranty is made with regard to accuracy or fitness for a particular purpose.