The Central Bank of Kenya has put Payment Service Providers (PSPs) on the spotlight over their handling of customer data with new rules that aim to tighten the noose on data leaks
PSPs include commercial banks as well as technology firms such as Safaricom and Mastercard.
In a raft of new regulations, the Board of Directors of the PSPs will bear the responsibility in the event of a criminal breach of customer data. This is an attempt by CBK to rein in on cybercrime which has been on the rise.
"Payment Service Providers (PSPs) should carry out regular independent assessment and audit functions that shall be undertaken by the internal and external audit and risk functions … The board of directors is ultimately responsible for the cybersecurity of the PSP," stated CBK.
All PSPs are expected to comply with the rules which were published this month within 90 days. The regulations will also cover the firms which are working with the PSPs in order to ensure customer information is kept confidential.
The outsourced firms should have a contract which clearly details the limits of their reach. Banks have been grappling with increasing cases of cybercrime as they align themselves into offering digital products.
They are an easy target as some of the information they collect on customers is detailed with personal and financial information.
CBK has been working on tightening the banking and payment sector with tough regulations to limit cybercrime and money laundering as well.
Directorate of Criminal Investigation boss George Kinoti had on January 30 this year issued warrants of arrest for 130 suspects who engaged in electronic fraud.