25mn Nigerian payment cards vulnerable to hackers

Over 25 million electronic payment cards issued by 23 Nigerian banks will be at risk of malicious and targeted attacks from cybercriminals, as United States (US) based Technology Company, Microsoft Corporation will end support for Windows Server 2003 (WS03) and Windows Server 2003 R2 on 14 July 2015 as a part of its normal support lifecycle policies.

 Deposit money banks in Nigeria, Africa’s largest economy by GDP (Gross Domestic Product), have already lost N40 billion to an assortment of online fraud cases in 2013 alone, according to Taiwo Longe, chief information officer of the Central Bank of Nigeria (CBN) . Next year, Microsoft’s extended support period for these products cuts off, which according to experts, means the end of updates and patches for combating security issues, loss of compliance and regulatory certifications for banks.

Support on applications and programmes come to an end for any organisation, datacentre or server running this Operating System (OS) after this date. Market observers are of the view that lack of compliance poses a huge threat to local financial services partnership with global Payment Platforms like Visa and MasterCard Incorporated.

 Of the 25million e-payment cards in circulation, 18 million were issued by Verve. Verve, a local card operator, has over the years built up strategic partnerships with MasterCard and Visa, which have consequently given birth to various co-branded cards.

 “Payment cards, Automated Teller Machines (ATMs) in the country that run on Windows Server 2003 will be impacted, from a security perspective, if they are not migrated to a latest technology platform. “Between now and 2015, it is crucial for companies to make adequate plans. They will need to migrate to Windows 2008 or Windows 2012 R2”, said Gbenga Iluyemi, chief executive officer, Wragby Business Solutions & Technologies Limited, in an interview. According to him, there is need for organisations to conduct critical assessment of their respective Information Technology (IT) environments before embarking on a migration process. “You need to do an assessment of how many servers are running on the platform. You need to understand how many apps are sitting on the server. After that, you can do a risk assessment before deciding which of the latest platform to adopt”, Iluyemi added. Speaking in the same vein, Oluwamuyemi Orimolade, PR Lead, West Africa Anglophone, Microsoft, in an interview, said running WS03 after the product’s end of support date may expose the customer business to compliance and security risks. “As the threat landscape evolves, unsupported and unpatched environments are vulnerable to security risks. As a frame of reference, 37 critical updates were released in 2013 for WS03.

 According to Orimolade, if a company is still using WS03, this may result in an officially recognised control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the company’s inability to maintain its systems and customer information. “Staying put on the old platform costs more in the end. Hardware maintenance and advanced security systems will drive up costs. “Failing to take advantage of new technologies and application opportunities can hinder a company’s success”, he further added. Market observers are of the view that the risk of businesses running applications on unsupported Windows Server 2003 platform is enormous. Traditional methods of modernising applications – reinstalling, upgrading the machine or rebuilding – are orders of magnitude more complex, expensive and time consuming than migrating applications onto a new operating system. According to them, old-fashioned methods of migrating machines introduce high risk to critical line-of-business applications, and add no value when it comes to modernising the infrastructure, increasing security and compliance risks.

Ben Uzor Jr