Content uploaded by Ilyas Jimoh Adeleke
Author content
All content in this area was uploaded by Ilyas Jimoh Adeleke on Feb 09, 2019
Content may be subject to copyright.
Security Risk Analysis and Management in Electronic Payment Switching
System in Nigeria, eTranzact International Plc. as a case study
!"#!$#!
ilyas.pg6757@st.futminna.edu.ng,%&&!ismi.idris@futminna.edu.ng
Abstract
$ &! ! !'
(& &! &&
& !) & *
&&&!& +&&
! ,! & & ) !
& & ! '!
) !&)) & - .
!)#!,/ &!
&) ' &)
,)& &&'
! ) ! '
(&)! & &
00 & &' &
) &! 1
! '!! & &
Keywords
&! ) !
1. Introduction
)23
#! 234 '' ' 50
'! &&!& & '
#6.$7' &'89!&5)
+:#!&!&
5;<5) );= 5<35=
, ' 50 8$& +:#> . $
?@@))) '!!@.@.$ 9
, & ! !
&' & !) &
'&,!&!!&& !
& !&!
'?6 .$ +:#!
Channels 2018 2017 2016 2015 2014 2013 2012
Cheques ;0A5534;A0<5 40A5A<;;<;
40A43A;0;A5
5 ;A43;30;055 40A55 35<055 ;;A355
NEFT 0;A034A40A 3A3;3;0<A;<35
340305;4<50;
55 50<504303<;A55 A;A5<;455 A03<55 0A344A55
ATM 4;0A3A50<0 ;3<4A35<30;3
3A00354335
5 A<;430;3555 355;A3555 A43;<355 <444355
POS 3<3<335<55 35A05A;504 <40AA;454<555 3304430<<55 50<355 A303<55 40<4A455
WEB ;5<343<;<A 034A;;AA;4< ;5;A55 A40A455 44;<3;55 A553<55 <;3;355
MMO A4<;3< 5AA0A<344455 <4;0A<30;455 334<;30A55 <<33<A<55 4A5055 A<;0055
NIP <05;0;50;5 4;;4;;;0405
05A5;504
55 4435034;<0555 350A04355 <4055 333A;4355
EBILLSPAY 4A43;445< 445<45<A434 A35<<305; <3;300<55 4A4<A55 44<55 /
REMITA 403A35A;43; 4A3A44435035
5;43AA5AA
5 ;34<003A5 45A;<55 / /
NAPS 350A55 3A;53A50A3;;4A <4;0A<5405AA A0;03433055 / / /
M-CASH <0350<A<5A ;;A;3;04< / / / / /
CENTRALPAY A0;0;< 3AA;034;5; 335;30;0< 445555 / / /
OVERALL
TRANSACTION 130,654,152,038,085.00 104,674,250,181,534.00
76,906,834,305,877.
80 56,317,364,947,432.90 555,826,554.00 384,823,915.00 428,227,808.00
Cheques
ATM
WEB
NIP
REMITA
M-CASH
OVERALL TRANSACTION
-
20,000,000,000,000.00
40,000,000,000,000.00
60,000,000,000,000.00
80,000,000,000,000.00
100,000,000,000,000.00
120,000,000,000,000.00
140,000,000,000,000.00
2018 Projection
2017
2016
2015
!&5
1.1 Background of Electronic Payment
+ ! &
& ) & & &
! !
&') !) B&
'& !&8+C9.$
"/&! '&) , )
& 6!! &! !) !'
& & )
& $& '!)!
) ' )/) &
!
' &' !
!# )D!!E ! &)/
) !& '&
)!) /
) & & ! ,! ))
! '& & &' )
!)/' !
& &&&)!!! )
&' &
&!
& &) &&)!)!
&)!! '&)
)/ &..:::+F+ & &>
!' 4555 & ) )&
)/ !& )3<=& 53
30=54 &) &4=& 8509C)
& ' & ' '
$)'!!
& ! &! (& &
' +& ) /
) ) &7 &
& ) &&
& &! &
&& &! !)
) ')'&8))
)'&!&!!!/ 9
8)) )'&)'&!
!/ 9
2. Objectives of The Study
' & &
&'&!!! &,
&!& )'!
)/ ! )&,& &
'&! ! ' &! &
&! !8G$59
2.1 Definitions
6 .$6 &$869
6 & ' &
) !'&'
&'&HH!'& H
)'& H!') '
,H! 8 9& !H
'!&' !
' ! ! ! & '!
8. A009 ! ! &
! &), '& !
'&
G & / &! "'
'& ) ) !
& & ! &)& '
' ,8!! ))'
(&9 )' & &!.1".$"' &
) ) !
! // &
! ' & &'
&!&! !I
&!&&
2.2 Nigeria Electronic Payment Industry Structure
6 && && )+:#!8+:#9
!&#!'$$8#:$$9&'+:#
. $) ! + & - .
) : ) !&
) 8"&9
!&?#!6 .&$& &8$& ?.$B55+:#59
2.3 The Case Study
- . & .$"'
& , && )J
$& F K'') L + > L! $
- ' )'& '/'
& ) - . #!M ) )! &/
&/ ) ! !
- #!FLK'')$& +ML
&,! & )6- )
Users
Regulator
Payment Infrastructure
Payment Service Solution
Providers (Switching Companies )
& $'55')!' ,!
&& ) & & / J
" ! '+:#!"'"
&) &&' - )
. #:$$. $$
3. Literature Review and Related Work
) &! &&(&
&' &
/ 8 509 & ! & !
)! & )& $$ &G
"!8$$G"9$G161G61! (& &!
& ! ) &! & &
! 87539
ISSRM model &!&!
!(& ' ' & )
!& &!& & ! &
&'&/ & ) (& !
& & $$G" !- 8")' 59
) & & & ) &&
!J/ /
&/ ' '
!- ' ! & )! )!
! &!- &!&
STRIDE &" !-
$!!G&1 &1$ 6
.!'" 7DREAD&-!&&
'') ''1!.G& '6,'
1 ' ! ' )!
!(&8?@@))))!@,@NGN"!9
3.1 The Electronic Fund Transfer Vs Mobile Payment
!)&& &
& &'!)
8: 9 &
) &#!/:$$8#:$$9' '
#6".$76:""#.6:**$.OG6"#.$"/+$C 7
"'. & ')))
' & '-
') & & !
'' &/'//81'!59
3.2 Security and Risk Management In Electronic Payment System
!! ) !&
&', &
& '& ! , & )
&' )' )'&
& !&& /' & 8:& " )
G'P$& 5509 $ )
& telemarketing fraud55+8+9&
)!#)+!
! / '/
&) !& !!'
& &' &
& ' &> !
&D'E8:&5509Transaction Fraud and Data
Security Breach &' ), '$
1& 555)G&BF,&
&&- $
' & 45555&
! &)& &
&!..& :8:&5509)
) ) & ! / & &!!
/ &!'!/
7' & && &
! &',!
/ '&)& &) &!8509
8C& 5<9 ! ) &
& $ $ &
& (& ) & ) $ & '!&!
$$G"), &&'
'! ! &&
& &&)) )!&!
6 .$&!' 81'!59
& & &',
) ! & & '& 86&+
:539 && '&'
!! & !, &
& !, & &&'
!&'& & & )
3.2.1 Risk management approach
G! ' !
) & &
!& & J !& @ !!
&!!!)&
7 ! ) & &
&)&'& & & 8G$59
3.2.2 Risk Management Process
&! !
'!!&! & !->
& ! !!
'&(&! "!)!
! ! & !
8G$59
3.3 Components of An Electronic Payment System
/ &! !!
&! & )& &
(& )Q6/. &'
& &'
' &)&
'&! &!
6/'&8C:559
3.4 The Electronic Payment Ecosystem
)!)) ')?
!&')6 .6 /
oF
oG!&
o+&@" @
o6 .
o 8$.9
o. 8.$.9
o#) 8#$.9
o1 & &
oG!&
o$-&'
o& !8$"9
o
!&?6 .6 $81.9
4. Research Methodology
7(& )&) &&'
!)&) &&!
& "'7'$$1 ')& )'&
&'!'- . & 7
&&!!& &(&&!
!& '!! #!
) ))' &'
00) &!
4.1 Results and Data Analysis
G) (&,!) &&!
)!!
'')!'&<A4=8<5954=80
9! )I5!;;=84;9/35
!A4=8;9)'35!;0=8;97;0=8;9
4;0=8459 4A=839&'
3= 85 9 &!& A= 80 9 &
+!, &!J)<=859
'&!.')5I=8A9')3I;4=8
9')<IA)A=8<9'5&!,
) ;<= 84A 9 & (& ' A= 8 9
&A=809&
'?1! G
Alternative Number Percentage (%)
Gender
" <5 <A4
0 54
Total 88 100
Age
/5 4; ;;
/35 ; A4
35' ; ;0
Total 88 100
Sector Status Belong
$ ; ;0
.$ 45 4;0
.&' $ 3 4A
$&$ 5 3
0 A
Total 88 100
Experience with electronic payments
5/ 5 <
3/; A
</A 4
'5 < A
Total 88 100
Frequency of usage in a month
& 0 A
& A
&(& 4A ;<
Total 88 100
4.2 Identification and ranking of customer information
& )
& ' & &
&' &'&))
& - . &-
/)/ ) ! #! &>
))) !
& )
*! ) #
89 * 89#&89 839 B 849
!& '& )
'') & &
'& !
!&!'' &
! & ! '& &'
8(& 9 ! !!!
) & !- * ) D# D D*)
ED*ED&ED"& EDEDB
EDC! E
'?G!6 .>
Customer
Information
Component
Scaling Rate Responses Percentage Impact Overall
scores
# ; ;0 *)8;9
C!
* 0 A "&809
#& 5 3
3 3;; High (64)
B
;
*!
.)
# 3 *)89
C!
* 3 34 "&849
#&
30 High (80)
B
;< <;
.#
# *)89
C!
* "&89
#&
30 High (84)
B
< 05<
# ; ;0 *)8;9
C!
* ; ;0 "&8A9
#& 30
; High (63)
B
35 344
:
B
#&'
8:B#9
# ; *)89
C!
* ; 0 "&859
#& 3 4A
; 0 High (46)
B
5 3
&
#&'
# A 5 *)8A9
C!
* < 0 "&849
#& 0 A
0 0 High (64)
B
; 35A
"+
#&'
# 4 4< *)849
C!
* 3 34 "&8;9
#& ;
A High (67)
B
0 3
"+BB
# *)89
C!
* 0 A
#& < 0 "&849
< 5< High(71)
B
33 45
G!
.
#&'
# ; ;0 *)8;9
C!
* ; ;0 "&859
#& 3 34
<4 High (72)
B
A 33
G!6/
"
# *)89
C!
* A 5 "&8A9
#& 5 3
3 3<< High(67)
B
4 03
&
#
# A 5 *)8A9
C!
* ; "&89
#& 4
4 High(56)
B
4 03
"+
.#
# ; ;0 *)8;9
C!
* 4 4< "&8A9
#& 3 34
A High (73)
B
4 4A
6
G
# 4 4< *)849 C!
* 4 "&8;9
#& 3 4A
4 High (58)
B
< 5<
6/"
.)
# 0 54 *)809
C!
* 5 3 "&809
#& 0 A
4 High (52)
B
5 3
& ') > &!)
.#' &'8:B#9 &&'!
&"+&'8.#9"+BBG!&'"+.#
".) &>)
DC!E& '& 6 ..
&>&-'')
'? 6 .
S/N Customer Information Impact
C!
*!.) C!
.# C!
3 C!
4:B #&'8:B#9 C!
; &#&' C!
<"+#&' C!
0"+BB C!
AG!.#&' C!
5 G!6/" C!
&# C!
"+.# C!
6 G C!
3 6/".) C!
4.3 Inventory of Technology Adopted
!&
& ! &!!' &
, ! )&
' &! $&)
&) !8)@)9"''
8)'9'!$$1'!''!
8/' 9)' '! & 89
'/'&'3!&'&
& ) &
' 800;=9)'&'
'! ) ;4A= ) & & $$1 8& &
$&$ 19 ' !45=$"$8"!$ 9'
'!5<=);0=& B G
&!'3<<= &&!@)
'!30A=
'3? !
S/N Technology Response Percentage (%)
"''! <0 00;
"'8'!9 40 ;4A
! 33 45
3 $"$''! < 5<
4 ; ;0
; 3 3<<
< *8&!9 3 30A
!&? ! &
4.4 Vulnerability and threat from Electronic Payment Platform Users
!&! &
&!,'& '
&'& )
& '& &> ) &
&(&&&'
&! '4!&
)'&&&'&
& ) '' &> &
@' !) <;=)
3= & & )
$& '!<4=
F >!!44<=6 '
!4= &'
4=#) & <03=+& '!
' 45= C) '& &> )
&', & '
&
Table 5:B&'6 . &
S/N Identification of threat Response Percentage (%)
*@@!*
; <;
& 5 3
" '! <4
3 F >!! 3A 44<
4 6 ' ) 3; 4
; $ &
34 4
< #) ;A <03
0 +& ' 33 45
!&?B&'6 . &
4.5 Vulnerability and Threat from Electronic Payment Service Providers
& ! &
&! &' ' &
8.$.9 !'
&>
& '&)!
& '' & )
&(&&& &
& (& ) ' ! ' &&-
&8+9&&- 8!9'&
'&
&> &
!! &' ) &
&'& )';
&' )
& *!! D$! 1!1!#& !
$!!E!'&/
!- * )D*)E D$! 1!
1!ED"&E#&DC!ED!$!!E
';?B&'6 .$ .
Customer
Information
Component
Security
Properties
Question
Options
Response Percentage Likelihood Overall
Likelihood
+
8.'
&&-
&9
$!
1!
4 4< *)89
High
1! < A
#& ; "&
89
! < 5< High839
$!
!
; 0
!
8'
&&-
9
$!
1!
0 A
*)839
1! ; A4
#& 30 "&
89
! 4 03 High839
$!
!
; 0
'
8'
&9
$!
1!
4 4<
*)809
1! 30
#& 30 "&
89
! ; 35A High84<9
$!
!
A
*!
.)
+
8'
&&-
&9
$!
1!
5 3 *)8;9
High
1! ; 0
#& 4 03 "&
849
! ; A4 High8<9
$!
!
4
!
8'
&&-
9
$!
1!
< 0
*)809
1! A
#& 5 5 "&859
! ; 35A
High8;59
$!
!
3 <
'
8'
&9
$!
1!
; ;0
*)859
1! 3 4A
#& 0 54 "&
809
! 3 0; High8459
$!
!
; 0
.#
+
8'
&&-
&9
$!
1!
0 A
*)849
High
1! < A
#& <4 Medium89
! 0 54 C!859
$!
!
;
!
8'
&&-
$!
1!
5 3
Low89
1! ;
';')'&>
DC!E& '<')&
&>
Table 7:$& 6 ..
S/N Electronic Payment Platform (Users Information) Attack Likelihood
C!
*!.) C!
.# C!
3 : &# C!
4 6 .:B# C!
; G!.# C!
< G!6" C!
0 G!6".) C!
A &# C!
5 "+# C!
"++BB C!
"+.# C!
8.9 C!
3 / C!
Prioritizing the Information Security System Resolution Action
&! &!
'#&$ !8#$9 ''8.&P
5;9 ' ) &
!- '& , &
& &&$ &!
'&) &''!'
,'&-! &!
'0')) &&
& 6 .&' '
6 & '&
' ' &)
Table 8:.-&
Impact High .4 . .
Medium .< .3 .
Low .5?# .0 .;
Low Medium High
Likelihood
Source:8.&P5;9'&
4.6 Interpretation of Impact and Likelihood Priority Level
Priority 1: (& 6 . &
“immediate” && “detect”“protect” &>
&
Priority 2: (& 6 . &
“immediate” && “detect” “protect” &>
&
Priority 3:(&6 . &“schedule”
&& “detect” “protect” &>
&
Priority 4:(&6 . &“schedule”
&& “detect” “protect” &>
&
Priority 5:(&6 . &“schedule”
& & “Respond” “Recover” &>
&
Priority 6:(&6 . &“schedule”
& & “Respond” “Recover” &>
&
Priority 7:(&6 . &“schedule”
& & “Respond” “Recover” &>
&
Priority 8:(&6 . &“schedule”
& & “Respond” “Recover” &>
&
Priority 0: (& & ' &
&
-& '0')
- & '
& & &> '&
&&'A
S/N Customer Information Impact Likelihood of Attack Priority Level
C! C! .
*!.) C! C! .
.# C! C! .
3 C! C! .
4:B #&'8:B#9 C! C! .
; &#&' C! C! .
<"+#&' C! C! .
0"+BB C! C! .
AG!.#&' C! C! .
5 G!6/" C! C! .
&# C! C! .
"+.# C! C! .
6 G C! C! .
3 6/".) C! C! .
4Conclusion
) ! ! ! !
) !& '& &
)(&! &&
& ) &! &
' & '!&
)
) &&
!&)) && &)&
& & ' & )/ &!
' '&&!- . )&
& &' )
& & && )
&&! ! &
!!&' '!
& '&
' ) ' ! &
&'!', & @
;Recommendation
6 ))
&!
& ) &
& &
& & &
&
<Acknowledgement
" !1 1 1+'
$ &$ $ +& !
!"& & )"
!)CG&$: ))-L)
&! & '& )
"'& &&
- . ) ) & !
, & !
& "1!"&'&)
(&
References
8509$ &G"!6/ $
:+89#F6G#.O"6#$$O$6"G$L#1#G"#$6+GO
"#F6"6#G"67GL
:&"" )G'7P$&G85509!
!!!Economic Policy Review1489<I4A
1'!"#RS+& #. !6T"
+859 && Computers and Security
2489<4I0?@@!@55;@ 55355
6&+:8539Assessment guide for the security of internet paymentsG
?@@'&&@&U!V6:?#+6?W:53354?6#?C"*
=4+?@@))) '&&@&'@@@
!& &535U '3''<3 4<4 ;<4A5'
C&:85<9Main58&9;I4A?@@!@55A@!@!!A@4535
"&.89 $$!$"6I&I4
")'859$ $ 6," & 1!
$&$$G"67839IA
. 8A009$G*#+".6G:'7 )>
.&+P.85;9Small Business Information Security: The Fundamentals
?@@!@5;50@#$G<;
G$6G$///+859$ &G"!/ "!
Informatica Economica Journal15890I35