Monday, May 9, 2016 8:55AM/CBN
The Guidelines set out the procedures for the operation of switching services in Nigeria, including the rights and obligations of the parties to the switching contract. It also compels the switching companies to meet with minimum standards for switching, as approved by the CBN.
License of Switching Companies
For a switching company to operate in Nigeria, it shall obtain a Switching license from the CBN.
Parties to Transaction Switching
Parties to Transaction Switching include, but not limited to:
1. Nigeria Central Switch
2. Switching Companies
3. Card Issuers
4. Merchant Acquirers
Rights and Responsibilities of a Switching Company
A switching company shall:
· Operate its switch in accordance with these guidelines.
· Ensure compliance with minimum standards on Transaction Switching, as provided in this Guidelines
· Open its network for reciprocal exchange of transactions/messages between it and the Nigeria Central Switch
· Enter into agreement with member institutions, specifying in clear terms the responsibilities of each party, operational rules and procedures and liabilities of parties in the event of loss of funds arising from negligence of any of the parties. A copy of the agreement shall be submitted to the CBN for record purposes.
· Ensure that all notifications and information that its employees have obtained in the course of discharging their responsibilities are treated as confidential.
· Establish adequate security procedures to ensure the safety and security of its information and those of its clients, which shall include physical, transactions, logical, network and enterprise security.
· Submit to the CBN, its security plans and periodic updates. Any security breach shall have a record and such instances shall be reported to CBN for record purposes.
· Have a Business Continuity Plan, approved by the CBN.
· Ensure full compliance with relevant provisions of payments system guidelines, policies and Circulars issued by the CBN, in relation to its operations.
· Not be an issuer of payment cards.
· Supply to the CBN, information on usage, volume and value of transactions and other relevant information, as and when due, and in the format required by the CBN.
· Report all instances of fraud/attempted fraud on the switch to the CBN.
· In addition to the primary site, maintain a business continuity arrangement, to ensure failsafe operation.
Rights and Responsibilities of Member Institutions
· Acquirers whose transactions are switched shall maintain databases that can handle information relating to cardholders, merchants and their transactions for a minimum period of seven (7) years.
· Information on usage, volume and value of transactions and other relevant information shall be forwarded to the CBN as and when due and in the format required by the CBN.
· Each member institution shall settle fees charged for the services provided by the switching company in relation to the operation of the switching network, in accordance with the agreed tariff.
· The issuer shall be held liable (where proven) for frauds with the card arising from card skimming or other compromises of the issuer’s security system.
· An acquirer shall be responsible for ensuring that merchants put in place reasonable processes and systems for confirming payee identity and detecting suspicious or unauthorized usage of electronic payment instruments, both where customer/card is physically present at point of sale or in cases where customer/card is not physically present, like in Internet/web and telephone payment systems/portals
Rights and Responsibilities of the Nigeria Central Switch
The Nigeria Central Switch shall:
· Be licensed by the CBN
· Be independent of other switching companies
· Not own or promote any card business or retails products and shall be run in accordance with international best practice
· NIBSS shall make available to the Industry Stakeholders APIs and specifications that will enable licensed PSPs have access to services developed or hosted at NIBSS on behalf of the industry.
· Allow connection by all switching companies that meet its requirements for participation and have obtained the necessary license from the CBN.
· Enter into a written agreement with switching companies, specifying in clear terms the responsibilities of each party, and operational rules and procedures and copy shall be submitted to the CBN.
· Ensure that all notification and information that its employees have obtained in the course of discharging their responsibilities shall be treated confidentially
· Establish adequate security procedures to ensure the safety and security of its information and those of its clients, which shall include physical, transaction, logical, network and enterprise security
Charge fees for the services provided, in accordance with agreement reached under sub-guideline 2.6.6
· Have a Business Continuity Plan approved by the CBN
· Supply information on usage, volume and value of transactions and other relevant information to the CBN as and when due and in the format required by the CBN
· Maintain database of transactions for a minimum period of seven (7) years.
· Report all instances of fraud / attempted fraud to the CBN
· Have primary site, hot backup site and contingency site, as minimum requirement
The interface specifications will be provided to all Parties to Switching Services, as part of the NCS Interconnectivity requirements. All interface specifications will conform to the international ISO 8583 standards. All NCS Partner Institutions will have to develop both Issuer and Acquirer Interfaces that comply with the NCS Interface Specification.
Communication and Message Protocol
The NCS ISO 8583; Host External Message is based on the standard external message developed by the International Standards Organization (ISO). It is a variable-length and variable-content message that can be configured differently, based on the type of message being sent.
The NCS ISO Host Interface component creates and interprets external messages according to the specifications in the NCS Interface specification document.
The NCS ISO 8583; host external message allows incoming and outgoing messages to be configured individually by a host, depending on the information the host chooses to send and receive.
1. The message format shall be ISO 8583. Details are provided in the NCS Interface Specification document.
2. All Partner Institutions shall maintain secure dedicated Virtual Private Network TCP/IP data communication to the NCS.
3. The communication protocol shall be TCP/IP.
4. The Hardware Security Module (HSM) Connectivity - TCP/IP
Connection to NCS by Institutions
The Nigeria Central Switch project requires a secure connectivity to all existing Switches in Nigeria and new entrants. A secure interconnectivity has to be established with the NCS.
Parties to Switching Services involved in card-operated devices, must be capable of providing secure hardware encryption/decryption of customer PINs and messages for onward transmission to the NCS network.
The Central Switch and Switching Companies shall:
· Conduct half-yearly planned system tests to ensure ability to seamlessly switch from primary to back-up systems. Such tests shall be communicated in advance to all member institutions and the CBN. These tests shall take place at times during the week and day when the least amount of network traffic occurs, in order to minimize impact on customer service.
· The results of the tests shall be shared with all member institutions and Director, Banking and Payments System Department of CBN within 3 business days.
· Publish a monthly report of all downtimes experienced to all member institutions and the CBN. Such reports shall include the duration of the downtime, the cause(s) of the downtime, and the remedial actions taken to prevent recurrence.
· Ensure that all devices/software used for transmitting financial data within their switching networks are EMV Levels 1 & 2 compliant (or any newer EMV version)
· Be in regular compliance with PCI Data Security Standards (PCI DSS)
· The Nigeria Central Switch shall, subject to CBN approval and in consultation with member institutions, maintain minimum technical standards on interoperability, messaging, network connectivity, network monitoring, security, disaster recovery, fraud management, and programming interfaces
· An acquirer/member institution shall be responsible for deploying terminals/payment devices that are EMV Levels 1 & 2 compliant (or any newer EMV version).
· An acquirer/ member institution shall be responsible for deploying terminals/payment devices with PIN Entry Devices (PED) that are PCI PED complaint.
· The Central Switch shall maintain a list of approved network/link service providers. All connecting switches for their connection to NCS, are required to maintain a minimum of two (2) network/ link service providers as the primary and secondary link.
· The central switch shall stipulate the minimum network/link bandwidth that must be provided by each network/link provider
· The Nigeria Central Switch shall stipulate the network/link standards and specifications for all equipment provided by each network/link provider at all terminating points
· All switches have the duty to transmit all messages or financial transactions emanating from the Nigeria Central Switch to their expected destinations, without regard to the originating switch of such message or financial transaction.
· No switch shall reject, degrade, give lower priority or service, or in any way negatively affect any message or financial transaction originating from the Nigeria Central Switch
· All switches shall connect to the Nigeria Central Switch
Operational Rules and Procedures
Types of Transactions
The central switch/switching companies shall only handle switching services in accordance with the provisions of these guidelines.
The central switch/switching companies shall operate 24 hours a day and 7 days a week.
In case of system failure, the central switch / switching companies shall automatically switch to its / their back-up site (s).
The Nigeria Central Switch shall work out the daily net settlement positions of member institutions and forward same through the ACH to the CBN for settlement.
Member Institutions shall provide adequate collaterals, as deemed sufficient by the CBN, in form of Federal Government Securities in line with their contract agreements with Switching Companies.
Alternatively, member institutions may utilize existing cheque clearing collaterals held with the CBN, to meet the collateral requirement for transaction switching mentioned above.
The CBN shall effect the posting of the net settlement positions of member institutions into their accounts.
Fees and Charges
Fees and charges for transactions switching, processing, etc. are to be agreed between service providers and banks / entities to which the services are being provided.
The central switch/switching companies and their members shall be required to undertake measures to prevent the use of their networks for purposes associated with money laundering and other financial crimes.
Sanctions, in the form of monetary penalties and / or suspension of the specific switching service (s), would be imposed on erring switching companies and / or their member institutions, for failure to comply with any of the provisions of these Guidelines and other relevant Guidelines, issued by the CBN, from time to time.