{"id":48148,"date":"2025-12-13T11:25:26","date_gmt":"2025-12-13T08:25:26","guid":{"rendered":"https:\/\/www.thereporterethiopia.com\/?p=48148"},"modified":"2025-12-13T11:25:26","modified_gmt":"2025-12-13T08:25:26","slug":"fragmented-cybersecurity-approach-threatens-ethiopias-digital-payment-system","status":"publish","type":"post","link":"https:\/\/www.thereporterethiopia.com\/48148\/","title":{"rendered":"Fragmented Cybersecurity Approach Threatens Ethiopia\u2019s Digital Payment System"},"content":{"rendered":"<p><strong>NBE, INSA to establish integrated cybersecurity, financial fraud department <\/strong><\/p>\n<p>The government has instructed the central bank and the Information Network Security Administration (INSA) to establish a new joint cybersecurity and fraud department in a bid to patch vulnerabilities in Ethiopia\u2019s fast-growing digital payment system.<\/p>\n<p>A national financial cybersecurity framework is also reportedly in the works, with the National Bank of Ethiopia (NBE) and INSA expected to deliver within the coming year,<\/p>\n<p>The country\u2019s cybersecurity challenges took center stage at the launch of the second National Digital Payment Strategy this week.<\/p>\n<p>\u201cA major vulnerability in Ethiopia\u2019s digital payments ecosystem is the lack of a coordinated, sector-wide cybersecurity and threat intelligence mechanism. At present, information on cyber incidents\u2014including phishing campaigns, ransomware, malware, distributed denial-of-service (DDoS) attacks, insider threats, and sophisticated fraud typologies\u2014remains fragmented within individual institutions.This siloed approach prevents collective defence, leaving the ecosystem exposed to repeated exploitation of the same vulnerabilities across banks, MFIs, PIIs, PSOs, and telecom operators,\u201d reads the document.<\/p>\n<p>It outlines plans to establish a \u2018Shared National Cybersecurity and Threat Intelligence System within the NBE, which officials envision functioning as a secure, centralized hub for real-time intelligence exchange.<\/p>\n<p>The document notes the absence of a unified, sector-specific cybersecurity framework creates inconsistent security standards across the financial ecosystem, leaving institutions vulnerable to an increasingly sophisticated threat landscape.<\/p>\n<p>It proposes the establishment of a new National Payment System Council as the highest governing body for the strategy, providing executive-level support and mandate for its implementation. The council will be chaired by the NBE governor and include representatives from financial lobby groups such as the Ethiopian Bankers Association, according to the document.<\/p>\n<p>It describes the establishment of a dedicated cybersecurity and fraud directorate within the NBE as crucial for dealing with the increasing sophistication and volume of cyber threats and financial fraud.<\/p>\n<p>\u201cWithout a dedicated supervisory body, responsibility for managing these complex risks can become fragmented, hindering the development of a unified and proactive security posture for the nation\u2019s financial system,\u201d it reads.<\/p>\n<p>The document\u2019s authors foresee the directorate serving as the financial sector\u2019s focal point for risk monitoring and incident response in partnership with security agencies such as INSA and the Financial Intelligence Service (FIS).<\/p>\n<p>The document notes that at present, coordinating an effective response becomes complex and slow when fraudulent transactions cross between different financial service providers.<\/p>\n<p>\u201cIndividual institutions lack visibility into the full, end-to-end transaction chain, which can delay resolution for consumers. Establishing a shared cybersecurity and fraud desk at the national switch operator addresses this operational gap,\u201d it reads.<\/p>\n<p>Two months ago, EthSwitch, the national switch operator, announced that person-to-person (P2P) transactions had surpassed ATM cash withdrawals for the first time.<\/p>\n<p>The company reported processing more than 128 million interoperable P2P transactions, which include account-to-account and wallet-to-account transfers, valued at nearly 578 billion Birr over the year, highlighting Ethiopia\u2019s rapid adoption of digital payments.<\/p>\n<p>\u201cPositioned at the heart of the payment system, switches have a unique view of interoperable transactions. A dedicated desk at this level can therefore act as a neutral and central coordination point for incident management,\u201d reads the strategy document.<\/p>\n<p>It calls for a National Financial Sector Cybersecurity Framework, which officials hope will harmonize existing directives into a single, risk-based standard aligned with international best practices.<\/p>\n<p>The document notes that although Ethiopia\u2019s established National Public Key Infrastructure (PKI) \u2014a cryptographic that ensures secure communication over a network\u2014provides a foundational security layer for the entire country, financial institutions are largely yet to integrate.<\/p>\n<p>The strategy mandates INSA to onboard all licensed banks, MFIs, PIIs and PSOs to embed Ethiopia\u2019s National PKI into their core-banking systems, payment gateways and customer channels, using its digital certificates to sign and verify all interbank messages, authenticate payment instructions, provide non-repudiation, and enable fully remote, e-signature onboarding.<\/p>\n<p>The strategy also includes plans for a national digital infrastructure working group made up of various agencies, including the National ID Program, to \u201ccoordinate and fast-track interoperability between payments and other digital public infrastructure, as well as coordinate data protection reforms.\u201d<\/p>\n<p>The document details that a lack of clarity on where responsibility and fault lies between financial institutions and consumers during instances of fraud often leaves the burden of loss from digital payment fraud almost entirely on the consumer.<\/p>\n<p>This lack of a clear compensation mechanism weakens the incentive for financial institutions to invest in the advanced security systems needed to prevent such fraud and is a major barrier to building trust in the digital ecosystem, according to the strategy.<\/p>\n<p>Officials plan to implement a directive for authorized push payment fraud they hope can help clarify the responsibilities and liability of consumers and financial institutions in preventing fraud.<\/p>\n<p>\u201cSuch a policy would mandate that consumers are reimbursed in instances where financial institutions\u2019 staff, agents, or systems are at fault for causing fraud or failing to adequately prevent fraud. Importantly, this would shift the responsibility for reimbursing victims, requiring both the sending and receiving financial institutions to share the cost of the loss, provided the consumer has acted with reasonable care and the financial institution can be deemed at fault,\u201d reads the document.<\/p>\n<p>While Ethiopia has a foundational financial consumer protection directive, its broad nature does not fully address the specific risks inherent in digital financial services, such as agent-related fraud or the complexities of instant payment disputes.<\/p>\n<p>The strategy outlines plans to amend the directive to include a dedicated section for digital financial services.<\/p>\n<p>\u00a0Much of the plans hinge on designating the Fayda ID as the primary, mandatory identifier for all new and existing financial accounts, which officials foresee creating a foundational \u201ctrust anchor\u201d for the entire ecosystem and reducing the scope for fraud.<\/p>\n<p>The strategy also sets a two-year deadline for the ratification and full implementation of the African Continental Free Trade Agreement (AfCFTA) Digital Trade Protocol in a bid to unlock cross-border e-commerce and digital payment flows.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>NBE, INSA to establish integrated cybersecurity, financial fraud department The government has instructed the central bank and the Information Network Security Administration (INSA) to establish a new joint cybersecurity and fraud department in a bid to patch vulnerabilities in Ethiopia\u2019s fast-growing digital payment system. A national financial cybersecurity framework is also reportedly in the works, [&hellip;]<\/p>\n","protected":false},"author":42,"featured_media":48149,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"editor_plus_copied_stylings":"{}","ngg_post_thumbnail":0,"footnotes":""},"categories":[1960,13],"tags":[1959],"class_list":{"0":"post-48148","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-latest-news-in-ethiopia","8":"category-latest-ethiopian-political-news","9":"tag-front"},"acf":[],"_links":{"self":[{"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/posts\/48148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/comments?post=48148"}],"version-history":[{"count":0,"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/posts\/48148\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/media\/48149"}],"wp:attachment":[{"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/media?parent=48148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/categories?post=48148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thereporterethiopia.com\/wp-json\/wp\/v2\/tags?post=48148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}