The Chief Executive of the Ghana Interbank Payment and Settlement Systems (GhIPSS) Limited, Archie Hesse has advised banks and other major players in the finance industry to ensure that the third parties [service providers] they work with are compliant with the International Organisation for Standardization (ISO).
Speaking on JoyNews’ PM Express: Business Edition, Archie Hesse said banks and other major financial institutions are usually hacked through their third parties who tend not to be ISO compliant.
He said: “If you read into it, you’d realise that there is a third party that caused the compromise. And that’s always one of the weakest links. What happens really is that we all talk about we are ISO compliant, yes we are, but the third parties that we work with are they also ISO compliant?”
His comment came in response to a recent break-in by hackers into the systems of Pegasus Technologies, a company that integrates mobile money transactions between telcos, banks, and other local, regional, and international money transfer services, making off with a yet to be known sum, but estimated to be in billions of Shillings.
Pegasus Technologies was a service provider to leading telcos, Airtel and MTN Uganda, as well as Stanbic Bank, Uganda’s largest bank that also backs up most of the mobile money transactions.
According to Archie Hesse, to prevent a similar situation from occurring in Ghana, the Central Bank has ordered all Fintechs in the country to be licensed and ISO certified, as that would provide some level of security against hackers.
“And that’s why the Central bank has rightly taken the initiative and saying that all the fintechs in the country needs to be licensed and they need to go through ISO certifications. And that’s the right direction,” he said.
He, therefore, advised financial institutions to make it an effort to ensure that the service providers they work with are licensed and have ISO certification before proceeding to do business with them.
“So there’s a need for us to ensure that all third parties that we work with are also certified or follow the same guidelines that we do as well and not just the main players in the system,” he said.