News Column

Hackers May Target Nigeria's Payment Cards Over Security Loopholes

July 31, 2014

Adeyemi Adepetun

WITH United States (US) based Technology Company, Microsoft Corporation planned end of support for Windows Server 2003 (WS03) and Windows Server 2003 R2 on July 2015 as a part of its normal support lifecycle policies, on which payment cards run, millions of electronic payment cards issued by 23 Nigerian banks will be at risk and subsequently become vulnerable to hacking.

According to analysts, over 25 million electronic payment cards may eventually be at risk, this is even as deposit money banks in Nigeria have already lost N40 billion to an assortment of online fraud cases in 2013 alone.

By next year, Microsoft's extended support period for these products cuts off, which, according to experts, means the end of updates and patches for combating security issues, loss of compliance and regulatory certifications for banks.

This is even as support on applications and programmes come to an end for any organisation, datacentre or server running this Operating System (OS) after this date.

According to analysts, lack of compliance, poses a huge threat to local financial services partnership with global Payment Platforms like Visa, MasterCard Incorporated.

Of the 25million e-payment cards in circulation, 18 million were issued by Verve. Verve, a local card operator, has over the years built up strategic partnerships with MasterCard and Visa, which have consequently given birth to various co-branded cards.

Speaking to journalists, Chief Executive Officer, Wragby Business Solutions& Technologies Limited, Gbenga Iluyemi said "payment cards, Automated Teller Machines (ATMs) in the country that run on Windows Server 2003 will be impacted, from a security perspective, if they are not migrated to a latest technology platform. "Between now and 2015, it is crucial for companies to make adequate plans. They will need to migrate to Windows 2008 or Windows 2012 R2."

Iluyemi urged organisation to conduct critical assessment of their respective Information Technology (IT) environments before embarking on a migration process.

"You need to do an assessment of how many servers are running on the platform. You need to understand how many apps are sitting on the server. After that, you can do a risk assessment before deciding which of the latest platform to adopt", he added.

Speaking in the same vein, PR Lead, West Africa Anglophone, Microsoft, Oluwamuyemi Orimolade, said running WS03 after the product's end of support date may expose the customer business to compliance and security risks.

"As the threat landscape evolves, unsupported and unpatched environments are vulnerable to security risks. As a frame of reference, 37 critical updates were released in 2013 for WS03. If a company is still using WS03, this may result in an officially recognised control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the company's inability to maintain its systems and customer information.

"Staying put on the old platform costs more in the end. Hardware maintenance and advanced security systems will drive up costs.

"Failing to take advantage of new technologies and application opportunities can hinder a company's success", he further added.

Analysts are of the view that the risk of businesses running applications on unsupported Windows Server 2003 platform is enormous.

Traditional methods of modernising applications - reinstalling, upgrading the machine or rebuilding - are orders of magnitude more complex, expensive and time consuming than migrating applications onto a new operating system.

For more stories on investments and markets, please see HispanicBusiness' Finance Channel

Source: AllAfrica

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters