The security initiative in CBK’s National Payments Strategy 2022-2025
In this second part of our series on the Central Bank of Kenya National Payments Strategy for 2022 – 2025 (NPS Strategy), we examine CBK’s strategic initiatives under the principle of security. A core focus of the strategic initiatives under security is ensuring adequate protection of existing and new users in light of the evolving nature of threats.
To promote a resilient system that safeguards all payments and channels in an increasingly digital world, CBK will explore the following strategic initiatives:
Adoption of common security standards
CBK will facilitate the adoption of the latest and relevant security standards and principles. These include the Principles for Financial Market Infrastructure, Market Infrastructures, COBIT-5 governance and management of IT frameworks and other standards, especially on information security, cybersecurity and AML/CFT.
These standards are crucial for PSPs to safeguard against risks and other threats. In addition to adopting these standards, CBK will leverage participation in various global fora to influence the development of standards and principles.
This initiative is geared towards addressing the challenge of cyber-attacks on payments systems. Such attacks represent a significant threat to large, retail and cross-border systems.
In addition, the adoption of common standards will cure the existing lack of a harmonised and coordinated cyber reporting approach.
Create robust security data reporting and analytics
CBK will enhance reporting of fraud incidents through robust data reporting. This will enable an understanding of the incidents and nature of payments fraud to support effective mitigation and enforcement activities.
To facilitate enhanced reporting and safety of payment systems, CBK will also facilitate the adoption of enhanced big data analytics to support appropriate oversight over current and emerging security threats.
This initiative is expected to address fraud, particularly to users vulnerable to fraudsters who conduct their criminal activities through socially engineered fraud, SIM card swaps and identity theft.
Facilitate capacity enhancement on complaints resolution
CBK will facilitate capacity building for enhanced resolution of complaints related to security. This is to facilitate timely resolution of payments related to crime and fraud incidents, thereby providing customers relief and certainty of the industry’s business environment.
This will also seek to ensure effective adjudication and deterrence. The key to this will be continuous alignment to the latest mitigation measures to ensure Kenya stays ahead of modern trends.
What industry participants can expect moving forward
It is anticipated that CBK will review the NPS legal and regulatory framework to implement and monitor its strategic initiatives. PSPs (including mobile money), banks, SACCOs, fintech, and business organisations need to anticipate and align their systems and processes to global best practices to ensure compliance.
The NPS presents an opportunity for industry participants to leverage the strategic initiatives and position themselves as the leading businesses in the digital payments landscape.