The Managing Director/Chief Executive Officer of Zenith Bank Ghana Henry Oroh has said that the increase in banks’ minimum capital requirement has made them more attractive to cyber fraudsters; calling on banks to unite and fight the threat.
Mr. Oroh speaking at a forum on electronic transactions organized by Digital Jewels said there is so much interconnectedness among the banks operating here such that potential threats can quickly move from one bank to the other.
“We are operating in an ecosystem and the strength of a chain is in its weakest link. If you think as a bank you exist in an isolation and you think have secured your system and you don’t care what happens to other banks, it will be a strategic mistake.
“A vulnerability in any bank is a vulnerability in the system. So, it is for this reason that I believe that banks will have to do what we call cross-institutional discussions. We need to share information across the industry to avoid the situation where cyber incidents are contained within a particular bank; giving an opportunity for that incident to spread to other banks causing more harm,” he said.
The Bank of Ghana last year unveiled the Cyber Security Directives for Financial Institutions which among other things require financial institutions to immediately report any cyber threat they come up against.
Commenting on the directives, Mr. Oroh said it couldn’t have come at a better time when these banks have just hiked their minimum capital requirements to GHS400 million which makes them targets of cybercriminals.
He further noted that the assurance by the Bank of Ghana that information sent by banks will be treated with confidentiality should assuage the fears of banks that fear that they will be punished for being vulnerable to such attacks.
Also speaking at the for forum, Tomisin Fashina, the Chief Information Officer for the Ecobank Group said that commercial banks in the country must aspire to reach certifications such as the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle branded credit cards from the major card schemes.
There are currently less than five banks with the PCI DSS certification and Mr. Fashina stated that although the banks themselves may have robust internal standards that ensure the safety of customers’ transaction, the certification acts as evidence of such standards.
He stated that the number of PCI DSS compliant banks is too little given the sheer size of the country’s banking industry urging that more banks must take steps to demonstrate the readiness for their systems to be subjected to PCI DSS standards.
In her opening remarks, Adedoyin Odunfa, MD/CEO Digital Jewels, said increasingly technology is disrupting banking processes and systems and with that come downsides which could undo the gains made.
She urged financial institution to work hard to incorporate information security into their corporate culture; that she said will require more attention paid to information security.