Two days after the Central Bank of Iran published a directive that makes end-to-end encryption mandatory for card not present transactions, banking industry players have apparently welcomed it as a positive move.
On Friday, the regulator notified the banking system that starting from Feb. 4, transactions lacking E2EE for CNP transactions will only be permitted for paying public bills and transactions aimed at purchasing recharges for phone SIM cards will not be accepted and processed in the Shetab interbank and Shaparak payment settlement networks.
It also decreed that as of April 21, transactions made to pay bills will also become strictly possible through a specialized system called Peyvand and by using mobile phone numbers instead of bank card numbers.
Financial transactions were previously mostly conducted on the platform of Unstructured Supplementary Service Data (USSD) communications protocols provided by mobile network operators that offer less security for customer data.
Masoud Khatouni, deputy for information technology and communications network at the country’s biggest bank, has said the CBI should have executed the directive years ago as the penetration ratio of internet and mobile has increased notably.
He said that fact that purchasing phone SIM recharge for pay-as-you-go users by employing USSD is indeed a constructive measure.
“It will lead to opening of new spaces in this area,” the Bank Melli Iran official told IBENA.
Khatouni acknowledges that payment service providers will suffer losses as a result of the directive, but says only a few of them currently holding major shares of the market will get this as most of them have already moved their payment apps online.
Furthermore, the Bank Melli board member points out that as PSPs have already linked up with payment fintechs, the limitations imposed on USSD will not affect them severely.
Sadeqh Faramarzi, chief executive of Iran Kish Credit Card Company who received a Nourbakhsh banking innovation award last week, also supports the CBI move as it boosts security and echoed Khatouni’s vies in that only a handful of PSPs currently holding a major market share will suffer short-term losses.
As for payment companies and how they will cope with the repercussions of the directive, he said the decision was predicted long before and companies have therefore developed their mobile apps to retain and expand their customer base.
“We will be facing lesser number of transactions in the short-term and in a span of one to two months, but things will get back to normal soon,” Faramarzi opined.
Rasoul Lotfi Azar, an electronic banking expert who has a seat on the board of Behsazan Farda affiliated with Bank Mellat, is also of the opinion that the directive will be beneficial in terms of better security.
“Fortunately the central bank has finally decided to limit the unsecure channel of USSD in a formal way,” the pundit said, adding that the regulator had been planning to do this for more than a year.
Add new comment
Read our comment policy before posting your viewpoints