The Central Bank of Nigeria (CBN) has cautioned banks and financial technology companies (fintechs) to prioritize cybersecurity as Nigeria deepens its transition into open banking.
Speaking at the Q2 Regulators Forum of the Fintech Association of Nigeria (FintechNGR), the CBN’s Director of Payments System Policy warned that while open banking offers significant innovation opportunities, it also exposes customer data to serious risks if cybersecurity is not taken seriously.
Open banking allows third-party firms to access customer financial data, such as account balances and transaction history, with customer consent. This is made possible through application programming interfaces (APIs), which serve as bridges between bank systems and third-party platforms. However, the CBN emphasized that without strong security measures, these APIs could be exploited by cybercriminals.
“There have been so many data breaches globally. Open banking must not become an easy entry point for cybercriminals,” the CBN official said, urging financial service providers to ensure “airtight” protection of their systems and infrastructure.
He stressed the need for banks and fintechs to heavily invest in cybersecurity, not only to secure their systems but also to protect customers who may be unaware of the risks involved in granting data access.
According to the CBN, financial institutions must also educate customers about what they are consenting to and ensure they fully understand how their data will be used. Without adequate awareness, cybercriminals could exploit users by impersonating banks or sending fraudulent messages under the guise of open banking processes.
“We don’t want criminals sending fake messages asking people to share their PINs or login credentials,” he said. “Sensitization is crucial. Security, privacy, and consumer protection are key to successful implementation.”
On the regulatory side, the CBN is working to standardize APIs for open banking to ensure consistency and easier integration across the banking ecosystem. Once finalized, this will allow fintechs to connect with any participating bank using a unified method, rather than customizing their systems to match different bank protocols.
Nigeria became the first African country to formalize open banking after the CBN released operational guidelines on March 7, 2023. The framework outlines how financial institutions can access and handle customer data with user permission.
The initiative is expected to foster innovation, competition, and personalized financial services across the industry. However, the CBN’s message is clear: without robust cybersecurity and customer awareness, the risks could outweigh the benefits.
