Sequel to an earlier order by the Central Bank of Nigeria (CBN) directing deposit money banks, mobile money operators, payment solutions service providers, and other service provider on the implementation of the regulatory framework for the use of the Unstructured Supplementary Service Data (USSD) in the financial system from June 1 2018, the apex bank has extended the implementation date of the order till October 1, 2018.
The bank noted that the extension became necessary in order to fully realize the objective of the framework.
Recall that the apex bank had recently released new USSD guidelines.
Highlights of the guidelines released by the CBN include:
- Transactions may be limited to an N100,000 per day and customers who want a higher limit shall execute an indemnity with their banks.
- Two-factor authentication will be required for transactions above N20,000.
- Two-factor authentication (2FA) shall not be sent to the customer’s device or displayed on the USSD menu.
- Banks are to install a Behavioural Monitoring system with a capability to detect SIM-Swap/Churn status, user location, unusual transactions at weekends, etc. This shall be achieved by 31st October 2018.
- Service providers should put in place systems that enable users/subscribers to block their account from operating USSD service.
- No USSD Financial Service should be activated for a customer unless the deactivation mechanism is put in place with effect from June 2018.
- Financial Institutions shall be responsible for setting up dispute resolution mechanism to facilitate resolution of customers’ complaints.
- Resolution of any customer related issues must be resolved within 3 working days. Non-compliance shall be subject to penalty as prescribed by the CBN.
- The appropriate Regulator (CBN and/or NCC) as applicable shall impose appropriate sanctions for any contravention on any participant that fails to comply with the Framework.
What a USSD means
The USSD technology is a protocol used by GSM networks to communicate with a service provider’s platform.
It is a session-based, real-time messaging communication technology, which is accessed through a string, which starts normally with an asterisk (*) and ends with a hash (#).
It is considered cost-effective, more user-friendly, faster in conducting transactions.