Details of the Central Bank of Nigeria (CBN) Regulatory Framework for Unstructured Supplementary Service Data(USSD) in Nigeria
Mobile telephone communications have undoubtedly become a dependable way of enhancing financial inclusion through the introduction of mobile payments, mobile banking, and e-commerce as well as a range of other remote digital financial transactions aided by mobile telephony.
Mobile-based financial service providers have options of adopting varying technologies for enabling access and transmitting data including Short Messaging Services (SMS), USSD, Interactive Voice Response(IVR), Wireless Application Protocol (WHP)& SIM Took Kit (STK).
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
The USSD technology which is the focus of this article is a protocol used by the GSM network to communicate with a service provider’s platform. It is a session based, real time messaging communication technology which is accessed through a string which starts normally with an asterisk (*) & ends with a hash (#). USSD technology is considered cost effective, more user-friendly, faster in concluding transactions and handset agnostic.
This article will be looking at the provisions of the regulatory framework put in place by the Central Bank of Nigeria (CBN) governing the operations of USSD-based financial service operations.
What are the objectives of the CBN USSD framework?
The main objective of this framework is to establish the rules and risk mitigation considerations when implementing USSD for financial services offerings in Nigeria.
Who are the recognized participants or eligible providers of USSD-based financial services in Nigeria?
– Banks :- Banks provide USSD strings and menu-driven apps to facilitate banking services to other customers.
– Payment Service Providers (PSPs) :- These are switch service, applications vending service, and Value Added Service (VAS) providers who provide products and services using the USSD protocol.
-Mobile Money Operators (MMOs):- Able to reach the unbanked in rural areas where there are no financial touch points through USSD services.
– Mobile Network Operators (MNOs) :- MNOs and Aggregators utilize USSD to interact with and provide services to their customers.
– Customers :- Initiate transactions through a USSD string.
What are the eligibility criteria for a unique short code?
– MMOs are eligible for the issuance of short codes from the NCC after meeting the necessary requirements of the NCC for the issuance of same.
– For those other than MMOs, a letter of comfort from the CBN would be required before being considered for the issuance of the short codes by the NCC.
What are the provisions of the guidelines on USSD vulnerabilities and their mitigation?
– USSD based financial transactions require end-to-end encryption to protect the integrity of the financial information. To this end, all providers of USSD based financial services shall :-
a) Put in place, a proper message authentication mechanism to validate that requests/responses are generated through authenticated users.
b). Use secure USSD communication channels with w strong encryption mechanism.
c). Not use the USSD service to relay details of other electronic banking channels (in the case of banks) to their customers, to prevent compromise of other electronic banking channels through the USSD channel.
d). Implement masked PIN entry.
e). Ensure encryption at USSD gateway by implementing the Hardware Security Module (HMS). Each financial institution shall be securely loaded through an auditable process.
f). Implement end-to-end encryption by ensuring that at least radio encryption between users’ phones and based stations, using service VPN layered with SSL or TSL to ensure secure transmission of USSD signals.
What are the provisions of the framework on USSD service-related dispute resolution?
-The framework provides that Financial Institutions (FIs) shall be responsible for setting up dispute resolution mechanisms to facilitate the resolution of customers’ complaints.
– FIs shall treat and resolve any customer-related issue within 48 hours. Non- compliance shall be subject to penalties as may be prescribed by the CBN, from time to time.
What are the provisions of the USSD framework on remedial measures?
The CBN shall impose appropriate sanctions for any contravention on any FI that fails to comply with their framework.