NETteller MFS system implements strong security measures that adequately address and control different types of risks and security threats.
The system incorporates a strong security strategy that enables the following objectives to be met:
- Data Confidentiality
- System Integrity
- System Availability
- Customer and transaction authenticity
- Customer protection
These objectives are the key components necessary to create a secure and efficient system for fraud prevention.
Data confidentiality refers to the protection of sensitive information from prying eyes and allows authorized access only.
System integrity refers to the accuracy, reliability and completeness of information processed, stored or transmitted between the MFS System and its customers.
Important factors supported by the NETteller MFS System associated with maintaining high system availability are adequate capacity, reliable performance, fast response time, scalability and swift recovery capability.
Customer and transaction authenticity
In NETteller MFS, cryptographic technologies play an important role in ensuring confidentiality, authenticity and integrity.
Customer protection is of paramount importance in NETteller MFS. The system ensures that a customer is properly identified and authenticated before access to sensitive customer information or MFS functions are permitted.
Using controls to mitigate risk
Controls in NETteller MFS are either preventive which reduce the likelihood of fraudulent activity or are detective which monitor and report trends or activities that have already happened.
Delivering NETteller MFS safely end-to-end means addressing concerns throughout the process and technology chain. These include:
- Authentication of the consumer, bank and mobile device. In NETinfo MFS the authentication requirements change in accordance with the access modes (SMS, Mobile Browser, USSD and Downloaded Application) being deployed and the payment type.
- Transport Security through all technical links in the value chain – from mobile device through payment processing infrastructure to the core systems of billers, retailers and other third parties.
- Risk Management Tools and capabilities to protect from topical infrastructure risks, such as security threats/attacks, staff/insider fraud, vast peak volumes and other similar risks.
- Consumer Behaviour to minimise the security risks brought about by social engineering threats and create consistent ‘good habits’ when it comes to mobile payments.
- Regulatory and Compliance to ensure all parties in the mobile payment transactions meet their legislative, industry and internal compliance obligations. This includes: Know Your Customer (KYC), Anti-Money Laundering (AML), Sarbanes Oxley (SOX), Basel II and a broad range of similar regulatory obligations.