RISK MANAGEMENT IN ELECTRONIC PAYMENTS. Olutimilehin Oyesanya (Phillips Consulting) CISSP, CISA, COBIT 5 Assessor, PMP, ISO LA, ISO LI

Transcription

1 RISK MANAGEMENT IN ELECTRONIC PAYMENTS Olutimilehin Oyesanya (Phillips Consulting) CISSP, CISA, COBIT 5 Assessor, PMP, ISO LA, ISO LI

2 Phillips Consulting Who we are Our Technology Division provides a comprehensive range of IT related services aimed at assisting organisations to effectively develop and manage their IT capabilities for competitive advantage. Specifically, we aim to achieve enhanced organisational performance through measurable improvements in key performance indicators by painstakingly guiding our clients through the judicious application of IT solutions and architecture.our specialised information security management consulting services include; Compliance PCIDSS, ISO 27001,ISO 20000, COBIT, ISO 31000, ISO 9001 etc Information Security ASV Scanning, Penetration testing, BCP and DRP, Vulnerability Management etc Revenue Assurance ACL implementation, Audit Exchange (AX3), Data Analytics etc Risk Management Enterprise Risk Management Framework, Risk based audit etc Project Management Prince II, PMP, PM Health check, PM Maturity Modelling E-Business strategy, secure webhosting, secure transaction management, Web Jurist etc Employee Security Awareness Programme

3 Risk Management in electronic payment Risk management is the process of identifying risks in electronic payment systems (used to settle financial transactions through the transfer of monetary value) and implementing an action plan to address them

4 Benefits of electronic payment Electronic payment in Nigeria has brought a lot of development of electronic commerce, and retail electronic banking services and products, including electronic money, could provide significant new opportunities for banks.

5 Benefits of electronic payments Electronic banking may allow banks to expand their markets for traditional deposit-taking and credit extension activities, and to offer new products and services or strengthen their competitive position in offering existing payment services. In addition, electronic banking could reduce operating costs for banks.

6 Payment Landscape in Nigeria Copyright of EFINA

7 Spectrum of electronic payments Credit card payments Electronic Cheques Mobile payments ATM and POS Terminals Online payments E-Cash

8 Multiple Entities Electronic payments involve multiple entities including consumers, merchants, payment processors, banks and credit card issuers It's important for those responsible for online payment security to think of the possible risks from end-to-end.

9 Risk Management Process Identification and analysis of risks Risk Assessment Managing and controlling risks Monitoring of risks

10 Key risks in Electronic payments Operational risks Security risks Reputational risks Legal risks Regulatory risks Other risks e.g. credit risks, liquidity risk, market risk

11 Operational Risks Counterfeiting of electronic money Service provider risk Employee fraud Inadequate customer practices Unauthorized system access

12 Reputational Risk Significant, widespread system deficiencies A significant breach of security Problems with, or misuses of, same or similar systems or products by another institution

13 Uncertain or ambiguous applicability of laws and rules Legal Risk Failure to protect customer privacy Exposure to foreign jurisdictions

14 Regulatory Risk Defaults resulting in regulatory body sanctions CBN PCI SSC

15 Credit Risks and Liquidity Risk Default of borrowers who applied for credit via remote banking Default of an electronic money issuer.

16 MANAGING ELECTRONIC PAYMENT RISKS

17 Managing and controlling Risks

18 More risk mitigation techniques Adherence to good standards and frameworks e.g. ISO 27001, PCIDSS Periodic Vulnerability Assessment and Penetration Testing Surveillance to detect anomalies in usage. Deployment of communication security measures such as firewalls, password management, encryption techniques, and proper authorization of end-users. Deploy up-to-date virus checking and on-going monitoring of security measures in internal systems Develop policies for adequately screening new employees. Institute internal controls, including segregation of duties. External auditing of employee performance. Proper control over storage, manufacture, etc. of smart cards

19 Standards and frameworks for risk management ISO COSO ERM Risk Management NIST SP PCIDSS

20