Over 25m payment cards in Nigeria at risk

on   /   in Technology 1:51 am   /   Comments

By Prince Osuagwu

Unless quick measures are put in place, your digital wallet, particularly the payment cards which you so much treasure, may sadly be like the proverbial basket used to store water. If recent developments are anything to go by, only God will prevent hackers from being smarter than you.

Finger-AtM

Do you know why? Microsoft server 2003 and 2003 R2, which supports the platform, will come to the end of their life circles by July 2015. This is a normal support life cycle policy for Microsoft.

The implication of this expected development is that over 25 million electronic payment cards issued by 23 Nigerian banks could be at risk of malicious and targeted attacks by cyber criminals.

With unconfirmed reports that banks in Nigeria, already lost N40 billion to online fraud cases in 2013 alone, when Microsoft’s extended support period for these products cuts off, next year, which means that there may not be updates and patches for combating security issues, loss of compliance and regulatory certifications for banks, vulnerability may widen.

Industry practitioners have also expressed fears that the end of support period will also mean that support on applications and programmes will come to an end for any organisation, datacentre or server running this Operating System (OS) after the stipulated date.

This lack of compliance, according to them, may come with a huge risk for local financial services partnership with global Payment Platforms like Visa, MasterCard among others.

Meanwhile, of the 25million e-payment cards in circulation, 18 million were issued by Verve, a local card operator, which has over the years built up strategic partnerships with MasterCard and Visa, for various co-branded cards.

However, all hope is not lost for organisations that are proactive. Chief Executive Officer, Wragby Business Solutions & Technologies Limited, Mr Gbenga Iluyemi, admitted that the end of Windows 2003 support life circle will impact on payment platforms that run on the Operating System, but added that it is only if they did not quickly migrate to the latest version.

According to him, there is need for organisation to conduct critical assessment on their networks and payment platforms “Payment cards, Automated Teller Machines (ATMs) in the country that run on Windows Server 2003 will be impacted, security wise, if they are not migrated to a latest technology platform. Between now and 2015, it is crucial for companies to make adequate plans. They will need to migrate to Windows 2008 or Windows 2012 R2. But there is also need for them to conduct critical assessment of their respective Information Technology environments before embarking on a migration process.”

He said that organisations that may be affected by this unfortunate development would need to do an assessment of how many servers are running on their platform, may need to understand how many apps are sitting on their server. And thereafter, do a risk assessment before deciding which of the latest platform to adopt.

Meanwhile Microsoft’s PR Lead, West Africa Anglophone, Oluwamuyemi Orimolade, in a recent interview, had warned that running WS03 after the product’s end of support date may expose the customer’s business to compliance and security risks.

He said “as the threat landscape evolves, unsupported and unpatched environments are vulnerable to security risks. As a frame of reference, 37 critical updates were released in 2013 for WS03. if a company is still using WS03, this may result in an officially recognised control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the company’s inability to maintain its systems and customer information. Staying put on the old platform costs more in the end. Hardware maintenance and advanced security systems will drive up costs. “Failing to take advantage of new technologies and application opportunities can hinder a company’s success”, he added. Microsoft believes that traditional methods of modernising applications – reinstalling, upgrading the machine or rebuilding are more complex, expensive and time consuming than migrating applications onto a new operating system. Besides, it introduces high risk to critical line-of-business applications, and add no value when it comes to modernising the infrastructure, increasing security and compliance risks.

    Print       Email