LIVINGSTONE MARUFU
The Reserve Bank of Zimbabwe (RBZ) has raised the red flag over low compliance by local banks to implement effective measures to mitigate cyber risks amid rising cases of card cloning in the market.
The measures include the phasing out of the Euro VISA – Mastercard (EMV) chip technology.
In his monetary policy statement released last week, RBZ governor, John Mangudya revealed that the financial sector has only achieved 39% and 32% compliance for card and point of sale respectively.
The low compliance comes as depositors lost more than ZWL$900m last year, due to card cloning.
“The (RBZ) continues to encourage financial services providers to expedite the phasing out of non-EMV compliant access points and devices in the market as part of enhancing cyber security risk management,” Mangudya said.
He said EMV adoption would protect card users against fraud at the point of sale machines and make magnetic stripe cards’ information impossible to copy.
The technology has an inbuilt capability that has the effect of decreasing card fraud as the EMV-enabled cards contain a microprocessor chip that stores information securely.
The expertise also carries security credentials that are encoded by the card issuer at the time each card is personalised for an individual cardholder using user-specific keys.
EMV, which is a technology that uses secret cryptographic keys to protect clients against fraud at the point of sale, contains embedded microprocessors that provide strong transaction security features and other application capabilities.
The encoding of these credentials helps to prevent fraudsters from creating counterfeit cards.
EMV cards cannot be duplicated and utilised to complete fraudulent transactions, unlike mag-stripe cards, which are easy to duplicate because they lack the security features of the microprocessor chip.
It comes at a time when RBZ is battling money laundering and the financing of terrorism and proliferation risks in the payment, clearing, and settlement systems.
“This is being undertaken through the implementation of risk-based off-site analysis and onsite examinations in line with the Money Laundering and Proceeds of Crime Act as well as Financial Action Task Force recommendations.
“RBZ urges payment systems services providers to continuously monitor financial transactional activities to effectively assess and manage money laundering and terrorism financing risk as well as compliance with Anti-Money Laundering / Combating the Financing of Terrorism preventive measures,” Mangudya said.
He urged payment service providers and banks to deploy appropriate regulatory technologies to enhance compliance given the heightened volumes and cyber risks.
