CellTrust Will Protect Mobile Payment Platforms in Nigeria – Samuel Ucheaga

Posted by admin on 12/Jan/2011 in In The News | 0 comments

Interview with Samuel Ucheaga,Managing Director – CellTrust in Africa.

MMA:Relationship between CellTrust  in the US and CellTrust in Africa.

CellTrust of Africa is in charge of the African Region as an arm of CellTrust Corporation (USA). CellTrust is a leading global provider of secure mobile messaging and applications. CellTrust’s patent pending Secure SMS Gateway™, featuring Secure SMS and a suite of mobile applications, ensures the secure and trusted exchange of information on mobile devices to the financial service industry and governments; and also to healthcare, education, energy, information technology, marketing, and travel industries. Engr. Samuel Ucheaga is the MD of CellTrust of Africa.

MMA: What is the strong compelling need for SMS security for financial  services in Nigeria.

Standard or conventional SMS, that people use for everyday messaging, is not secure. Only few people realise that it is highly vulnerable at many points. Standard SMS is vulnerable at the following points:

• On the handset where someone can easily gain access to it,
• On the air interface (between the handset and the BTS). There are now devices that cost less than 1,000 USD that could be used to sniff messages (SMS) over the air without gaining direct access to the user’s cell phone.
• At the mobile operator’s network where it is stored as a plain text file which could be read by the network operator’s staff.

Each of the problem areas listed above is already creating various problems. Since standard SMS can be compromised very easily, it is not suitable for handling sensitive or confidential messaging which the financial industry deals with.  When transmitting sensitive mobile financial information – transactions, PINs, account balances and   other sensitive information – security should be of utmost importance to prevent fraudsters from gaining access to customers’ accounts and making unauthorized transactions using the customers’ details. If mobile banking and payment security is treated with levity, the problems that the finance industry will face will make ATM related fraud seem very trivial.

MMA: How secured is the Cell trust Africa platform?

CellTrust provides a Secure Mobile Information Management (SMIM) Platform, which is a solution based on Advanced Encryption Standard (AES). The AES is military grade Encryption, with up to 256bits encryption. The CellTrust solution enables secure end-to-end encryption of messages from the handset, over the air, through the mobile networks, to the mobile payment/banking platform and vice versa. That way, no intermediate person can read the messages at any point. Only the intended recipient can access and read the message. Our platform consists of three components –

1. Secure Microclient (secure application installed on the mobile handset),
2. SecureSMS/SecureWallet Gateway and
3. Secure APIs (which enables interfacing the Secure Gateway to any Mobile Payment or Banking Application).

MMA: The central Bank of Nigeria has mandated that all mobile payment schemes in Nigeria must ensure high level of security . Do you think compliance is high in Nigeria and what roll will Celltrust play?

The Central Bank of Nigeria appears to have done a good job by placing emphasis on security of mobile payment systems via the “Regulatory Framework For Mobile Payments Services In Nigeria“ which was released in June 2009. Most banks are already engaged in mobile banking, albeit very rudimentary mobile banking. Various forms of SMS transaction alerts and balance enquiries are aspects of mobile banking. Most banks have not paid much attention to security and the problems are already beginning to crop up. Some banks (and a lot of their clients) think that mobile alerts are harmless but they are as wrong as they could be! A simple plain mobile alert from a financial institution has the potential of adversely affecting the client and/or the bank. This is where the CellTrust platform comes in. It can be integrated with any banking or payment system to secure it for mobile transactions. CellTrust is happy to note that our system is in compliance with the security requirements of CBN Regulatory Framework on Mobile Payment as well as other industry standards such as SOX, PCI, FISMA, etc. With the CellTrust SMIM Platform, banks and mobile payment providers do not need to discard their legacy systems already in place. Our system interfaces with whatever system they have to help them provide a Secure Mobile Banking and Mobile Payment solution to their customers. We also provide a White Label Solution which enables our clients brand the service as theirs so that they can maintain their brand while providing a highly secure and easy to use solution to their customers.

As good as the CBN document looks, it cannot ensure “high level of security” compliance in its present form because it has not provided for sanctions against defaulters. The CBN needs to do more work in this regard.

MMA:To the end users, how friendly and easy will it be for them to use SecureSMS across all mobile handsets and devices?

The CellTrust SecureSMS is both very user friendly and secure. It provides an easy to use user interface similar to your normal SMS, but with added user friendly FAVE icons to show the status of messages. In addition to letting the user know when a message has been sent and delivered, it goes steps further to let them know when the message has been read or deleted (all with date and time stamps). The SecureSMS  works on  low end Java phones (that cost about N5,000), other J2ME phones, BlackBerry, Android, Windows Mobile, BREW and other handsets.

MMA:Your thoughts on the level of security and fraud in the financial and payment industry in Nigeria.?

A number of players in the industry are beginning to realize the need to implement security in their payment systems. However, most of these systems provide security on the enterprise platform (e.g the Core Banking, ERM, CRM, etc. systems hosted at the data centre). But there is still a security gap in linking the customer’s device, in this case the mobile phone, securely to those platforms and that is where the CellTrust system comes in. We believe the industry is beginning to adopt security measures and will continue to do so in order to prevent present and future attacks.

MMA:What should delegates expect from CELLTRUST at the Mobile Remittance West Africa summit in Lagos.

CellTrust will be giving a keynote address on Securing Mobile Financial Transactions at the Mobile Remittance West Africa Summit. We will be discussing with various Banks and Mobile Payment Providers at the event on how to provide a secure end-to-end system to their customers using the CellTrust platform. They will also see that the CellTrust platform provides security across disparate mobile networks irrespective of the locations of the users on the globe. This is called network agnosticism.  Participants will also have the opportunity to test the platform.

NOTE:
Meet Celltrust in Africa at Mobile Remittance West Africa Summit, January 25th – 26th at FOURPOINTS Hotel BY SHERATON (www.fourpoints), Victoria Islan d,Lagos – Nigeria. Register Here: http://mobilemoneyafrica.com/?page_id=2231