Breaking News
Translate

Good percentage of ATM fraud associated with PIN leakage, says Obaro

John Tanimola Obaro, is the Managing Director, SystemSpecs – Nigeria’s leading HR, Payroll, Accounting and e-payment solutions provider. . At the just concluded e-Payment Forum for the Media organized by  SystemSpecs, Obaro  had an interactive session with IT journalists where he spoke on a number of industry issues including security issues in using ATM. Emekas Aginam, Vanguard Asst. Online Editor,  was there.
Exept:

The Yar’Adua administration in January issued a directive that all payments should be done electronically. What is your opinion of this directive.?

Obaro, SystemSpecs MD
Obaro, SystemSpecs MD

I believe this is a most noble directive. When the history of the first 50 years of this country is written, this will stand out as one of the most constructive directive ever issued by government. E_payment, if properly implemented will push this country high up on the development index. We will have a situation in our hands where one single directive will promote efficiency in the delivery of government service. It will deal a major blow to corruption, which we all know is a major reason for our underdevelopment. Nigeria in the early 70s was one of the 50 richest countries of the world, today Nigeria is one of the 25 poorest countries in the world.

This has made us to move very close to the top on the corruption index. For me e_payment will go a long way in addressing such fundamental issues. This directive also has a way of catalyzing the IT industry. Within a short span that this directive was given a number of IT companies are looking seriously at that area and their eyes have been open to the opportunities therein to enhance the quality of governance. If we get it right, these solutions that are been developed will become exportable commodities. I see a situation in which Nigeria will begin to lead other countries in the delivery of e-payment solutions. Interestingly, the way e_payment is being deployed at this level of our development presents a novel opportunity for us to explore exporting this model to other countries.

As a keen observer, do you think that  directive is being  followed by government agencies and ministries
Largely you can say there is an attempt for a change, whether in the right direction or not becomes a debatable issue, but I dare say that there are broadly two categories of MDAs_ those that have adopted what I call true end_to end solution which is the True e-payment, and those that are involved in some form of manual operations alongside what they believe is electronic transaction, I’d rather call that e_manual. For True e-payment MDAs, they are able to seat in their offices or wherever with their notebooks or PCs and issue payment instructions directly to their banks, they are able to view all account balances across banks on one screen, monitor the status of all instructions they have given and are able to see why any instruction has not been effectively carried out. They do not depend on the banks to do the running around for them, they do Take charge  directly and they get better results.

Is the  e-payment processes being followed in the country today  a mixture of the manual process and electronic process?

Like I stated earlier there are two categories of MDAs_ those who are doing True e-payment and are enjoying the experience especially when they are able to see on their screen successful payments and why the failed ones have not been paid. For example if there is an invalid account number, they can correct it there and then, and they see the transaction paid almost immediately. Or if the bank they are trying to make payment to has connection challenges, they watch as the problem is being resolved and transactions paid. The second are the e_manual MDAs who still carry their schedule to the banks through CDs, flash drives or e_mail attachments to their banks. Now that is not e-payment. From the MDA perspective, they are only trying to shift the ball outside, or in other words, MDAs should take charge of their e-ayment not abdicate it to the banks.

There appears to be some confusion as to what e_payment truly is. could you shed more light on what a true e_payment process involves?

True e-payment means the MDA issuing the instruction from their organization follow an electronic process within the organisation. The payment moves electronically from desk to desk for approvals before it gets to the bank. What this means is that all approvals are given electronically and their internal workflow is electronically driven. That is the first step. The second step is that, their instructions are sent to their banks electronically to any of their funding banks and payment instructions are effected to all the banks to which the accounts of their beneficiaries are domiciled. All from the comfort of their office. The third stage of a True e-payment is that, all associated schedules are immediately made available to 3rd parties receiving the payments. So, the originating MDA (i) has electronic workflow within their own operations. (ii) communicate with their banks electronically and (iii) delivers schedules to beneficiaries where appropriate.

What are the  challenges the adoption of e_payment currently  facing in Nigeria?

The first one is that many people are confused as to the true definition of e-payment. What this translates to is that if you don’t know where you are going, you will end up anywhere. So there is a need to clear the air on what True e_payment is. E-payment is fully automated not half automation plus half manual. Once you the initiator still need to engage in some manual operations that is not e–ayment. I dare say that it is actually better to remain totally manual than half manual and half electronic, all you will have is a geometric progression of your problems and confusion.

Another challenge is that people confuse individual e_payment with corporate e_payment. Many of the solutions out there were developed from the individual perspective. That is why the key security focus is on PIN to one person while the security emphasis for a corporate solution should go beyond that. It should be on the workflow, audit features and ability to handle one to many transactions.

Can Nigeria tackle these challenges especially in the light of inadequate infrastructure it’s currently grappling with?

Agreed we have infra structural challenges, but they are not insurmountable and they certainly do not prevent us from starting nor completing the journey. Challenges are meant to be addressed. It is only when you don’t want to do something that you focus so much on why you don’t need to do it. You begin to exaggerate the difficulties. For instance, roads in Nigeria are not the greatest but when you really want to go somewhere you get on the road and you go there. Same thing with e-payment, we have irregular power supply and slow Internet connectivity but if you want to do e-payment you will do it. Honestly, I appreciate the challenges of our infrastructure, however, I also know that this should not stop us. These challenges can only enhance the ruggedness that our solutions need to survive the test of time.

Security is an issue in the country, and fraudsters have taken many to the cleaners. ATM card owners for example have tales of woe to tell. How can this security issue be addressed.
Yes security in cyberspace is an issue that needs to be taken seriously. This is more so for a solution to be used in an environment where there are many negatively intelligent people around who would want to reap where they did not sow.

In the ATM example,  you gave, a good percentage of the fraud is associated with the leakage of PIN. For a purpose built corporate solution like Remita for instance, the security goes beyond the PIN to include workflows that require multiple persons to approve a transaction, clear separation of duties, delivery of dynamic Access Codes to mobile phones before authorizers can approve transactions and a whole lot more. We went to this extent because we are conscious of the fact that we know that for a solution to stand the test of time in this environment, security is a key word.

Furthermore, In the case of Remita for instance, we have created 3 distinct parties inherent in the solution. (i) Remita from SystemSpecs _ the solutions provider, (ii) the switches and settlement platform an independent entity, and (iii) the banks that have their own security. In Remita no transaction goes through until you cross these 3 independent security checks. So we have combined 3 detached independent security entities into one solution. In effect we have raised the bar. In addition we also have security agencies paying attention to cyber crimes, so whichever way you look at it the fear of the EFCC has helped to minimize crime. You may not agree with that statement, but anybody in Nigeria today who still believes in corruption knows if he gets away with it today, tomorrow he can be called to account, perhaps by a different regime. With e-payment the records will always be there. For those who believe in cutting corners, I believe they are riding on the back of a tiger. A word is enough for the wise.

The CBN recently issued  a directive that Banks in the country should domicile ATMs within their bank premises alone and not in public places like Airports or hotels. Only ATM Consortiums it declared can put ATMs in such places. What do you think of this directive.Will it set us backwards or forwards

I believe this is a worthwhile directive though some argue that it is coming a little late but I don’t think so because we learn along the way. The important thing is not avoiding mistakes, that is inevitable, but the key is been able to rise again from a mistake. The CBN needs to clear up the confusion out there because there is a lot of confusion on the matter. Incidentally, I was at the Abuja airport recently with one of my staff where about seven ATMs are located.

He decided to take a photograph of them as at that time because not a single one of the seven was being used by anybody. That is a clear waste of resources. By the time you begin to replicate that type of inefficiencies at different points in the country who is paying for it?

Multiple ATMs from multiple banks same location is inefficiency in the system which we the customers have to pay for.  Although I believe in competition, I think it will better help the provision of banking services across the nation if their ATMs are optimally re_distributed, it will help us have a better spread across the country thereby making more people to have access to banking facilities in the country, rather than having a cluster in a particular location.


Disclaimer

Comments expressed here do not reflect the opinions of vanguard newspapers or any employee thereof.